LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   can not join domain from SAMBA+LDAP (http://www.linuxquestions.org/questions/linux-newbie-8/can-not-join-domain-from-samba-ldap-4175426667/)

ducthuan90 09-11-2012 04:35 AM

can not join domain from SAMBA+LDAP
 
Hi everybody,
I am newbie of Linux. I come from VietNam.
Now i have a problem when Window XP join doamin in SAMBA+LDAP. ERROR:
Code:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain success.ss:
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.success.ss

Thanks for helping.

NooVin 09-11-2012 04:54 AM

ME TOO, pls help me fix this issue

in windows XP
http://farm9.staticflickr.com/8450/7...167783bca9.jpg
http://farm9.staticflickr.com/8169/7...5a12cdacae.jpg
http://farm9.staticflickr.com/8170/7...3cf768ac2b.jpg

DNS server
vim etc/named.conf
Code:

acl mynet {
        192.168.2.0/24;
        127.0.0.1;
};

options{
        allow-transfer          {none;};
        query-source            port 53;
        query-source-v6        port 53;
        directory              "/var/named";
        dump-file              "/var/named/data/cache_dumb.db";
        statistics-file        "/var/named/data/name_stats.txt";
        memstatistics-file      "/var/named/data/name_mem_stats.txt";
        notify                  yes;
};

zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.db";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "0.0.127.in-addr.arpa.db";
};

zone "success.ss" IN {
        type master;
        file "success.ss.db";
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "2.168.192.in-addr.arpa.db";
};

vim var/named/success.ss.db
Code:

$TTL 86400
@      IN      SOA    domain.success.ss. root (
                                        42
                                        3H
                                        15M
                                        1W
                                        1D )

                        IN      NS              domain.success.ss.
                        IN      MX      10      domain
                1D      IN      A              192.168.2.15
domain          1D      IN      A              192.168.2.15
www            1D      IN      CNAME          domain
mail            1D      IN      CNAME          domain
ftp            1D      IN      CNAME          domain

_ldap._tcp.success.ss. SRV 0 0 389 domain.success.ss.
_ldap._tcp.dc._msdcs.success.ss SRV 0 0 389 domain.success.ss.

vim var/named/2.168.192.in-addr.arpa.db

Code:

$TTL 86400
@      IN      SOA            domain.success.ss. root. (
                                                3
                                                28800
                                                7200
                                                604800
                                                86400 )

@      IN      NS      domain.success.ss.
15      IN      PTR    domain.success.ss.

vim /etc/samba/smb.conf
Code:

[global]
        workgroup = success.ss
        netbios name = domain
        security = user
        enable privileges = yes
        username map = /etc/samba/smbusers
        server string = samba-ldap-pdc
        encrypt passwords = Yes
        #min passwd length = 3
        admin users = admin
        #pam password change = no
        obey pam restrictions = No

        # method 1:
        #unix password sync = no
        ldap passwd sync = Yes

        # method 2:
        #unix password sync = yes
        #ldap passwd sync = no
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

        log level = 0
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 100000
        #time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        mangling method = hash2
        Dos charset = CP932
        Unix charset = UTF-8

        logon script = logon.bat
        logon drive =
        logon home =
        logon path =

        domain logons = Yes
        domain master = Yes
        os level = 65
        preferred master = Yes
        wins support = yes

        passdb backend = ldapsam:ldap://domain.success.ss

        ldap admin dn = cn=Manager,dc=success,dc=ss
        ldap suffix = dc=success,dc=ss
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        idmap backend = ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        ldap ssl = no
        winbind nested groups = no

[netlogon]
        path = /home/samba/netlogon/
        browseable = No
        read only = Yes

[profiles]
        path = /home/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        guest ok = Yes
        profile acls = yes
        csc policy = disable
        # next line is a great way to secure the profiles

vim /etc/openldap/slapd.conf
Code:

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=success,dc=ss"
rootdn          "cn=Manager,dc=success,dc=ss"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
#rootpw        {SSHA}Dn7wa4jcHke8qGXMSBPKXvo7qyTBEYXX
rootpw          {MD5}ICy5YqxZB1uWSwcVLSNLcA==

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory      /var/lib/ldap

# Indices to maintain for this database
index objectClass                      eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                    eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#    bindmethod=sasl saslmech=GSSAPI
#    authcId=host/ldap-master.example.com@EXAMPLE.COM

 access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self write
        by dn="cn=Manager,dc=success,dc=ss" write
        by anonymous auth
        by * none

 access to *
        by dn="cn=Manager,dc=success,dc=ss" write
        by self write
        by * read

vim /ect/openldap/ldap.conf
Code:

BASE dc=success,dc=ss
URI ldap://domain.success.ss:389
TLS_CACERTDIR /etc/openldap/cacerts

vim /etc/smbldap-tools/smbldap.conf
Code:

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\domain.success.ss\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\domain.success.ss\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive=""

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain=""

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"
"/etc/smbldap-tools/smbldap.conf" 223L, 7541C

vim /etc/smbldap-tools/smbldap_bind.conf
Code:

slaveDN="cn=Manager,dc=success,dc=ss"
slavePw="123"
masterDN="cn=Manager,dc=success,dc=ss"
masterPw="123"



All times are GMT -5. The time now is 09:42 AM.