LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-11-2012, 04:35 AM   #1
ducthuan90
LQ Newbie
 
Registered: Sep 2012
Posts: 2

Rep: Reputation: Disabled
can not join domain from SAMBA+LDAP


Hi everybody,
I am newbie of Linux. I come from VietNam.
Now i have a problem when Window XP join doamin in SAMBA+LDAP. ERROR:
Code:
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain success.ss:
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.success.ss
Thanks for helping.
 
Old 09-11-2012, 04:54 AM   #2
NooVin
LQ Newbie
 
Registered: Sep 2012
Posts: 1

Rep: Reputation: Disabled
ME TOO, pls help me fix this issue

in windows XP
http://farm9.staticflickr.com/8450/7...167783bca9.jpg
http://farm9.staticflickr.com/8169/7...5a12cdacae.jpg
http://farm9.staticflickr.com/8170/7...3cf768ac2b.jpg

DNS server
vim etc/named.conf
Code:
acl mynet {
        192.168.2.0/24;
        127.0.0.1;
};

options{
        allow-transfer          {none;};
        query-source            port 53;
        query-source-v6         port 53;
        directory               "/var/named";
        dump-file               "/var/named/data/cache_dumb.db";
        statistics-file         "/var/named/data/name_stats.txt";
        memstatistics-file      "/var/named/data/name_mem_stats.txt";
        notify                  yes;
};

zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.db";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "0.0.127.in-addr.arpa.db";
};

zone "success.ss" IN {
        type master;
        file "success.ss.db";
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "2.168.192.in-addr.arpa.db";
};
vim var/named/success.ss.db
Code:
$TTL 86400
@       IN      SOA     domain.success.ss. root (
                                        42
                                        3H
                                        15M
                                        1W
                                        1D )

                        IN      NS              domain.success.ss.
                        IN      MX      10      domain
                1D      IN      A               192.168.2.15
domain          1D      IN      A               192.168.2.15
www             1D      IN      CNAME           domain
mail            1D      IN      CNAME           domain
ftp             1D      IN      CNAME           domain

_ldap._tcp.success.ss. SRV 0 0 389 domain.success.ss.
_ldap._tcp.dc._msdcs.success.ss SRV 0 0 389 domain.success.ss.
vim var/named/2.168.192.in-addr.arpa.db

Code:
$TTL 86400
@       IN      SOA             domain.success.ss. root. (
                                                3
                                                28800
                                                7200
                                                604800
                                                86400 )

@       IN      NS      domain.success.ss.
15      IN      PTR     domain.success.ss.
vim /etc/samba/smb.conf
Code:
[global]
        workgroup = success.ss
        netbios name = domain
        security = user
        enable privileges = yes
        username map = /etc/samba/smbusers
        server string = samba-ldap-pdc
        encrypt passwords = Yes
        #min passwd length = 3
        admin users = admin
        #pam password change = no
        obey pam restrictions = No

        # method 1:
        #unix password sync = no
        ldap passwd sync = Yes

        # method 2:
        #unix password sync = yes
        #ldap passwd sync = no
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

        log level = 0
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 100000
        #time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        mangling method = hash2
        Dos charset = CP932
        Unix charset = UTF-8

        logon script = logon.bat
        logon drive =
        logon home =
        logon path =

        domain logons = Yes
        domain master = Yes
        os level = 65
        preferred master = Yes
        wins support = yes

        passdb backend = ldapsam:ldap://domain.success.ss

        ldap admin dn = cn=Manager,dc=success,dc=ss
        ldap suffix = dc=success,dc=ss
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        idmap backend = ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        ldap ssl = no
        winbind nested groups = no

[netlogon]
        path = /home/samba/netlogon/
        browseable = No
        read only = Yes

[profiles]
        path = /home/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        guest ok = Yes
        profile acls = yes
        csc policy = disable
        # next line is a great way to secure the profiles
vim /etc/openldap/slapd.conf
Code:
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=success,dc=ss"
rootdn          "cn=Manager,dc=success,dc=ss"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
#rootpw         {SSHA}Dn7wa4jcHke8qGXMSBPKXvo7qyTBEYXX
rootpw          {MD5}ICy5YqxZB1uWSwcVLSNLcA==

# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM

 access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self write
        by dn="cn=Manager,dc=success,dc=ss" write
        by anonymous auth
        by * none

 access to *
        by dn="cn=Manager,dc=success,dc=ss" write
        by self write
        by * read
vim /ect/openldap/ldap.conf
Code:
BASE dc=success,dc=ss
URI ldap://domain.success.ss:389
TLS_CACERTDIR /etc/openldap/cacerts
vim /etc/smbldap-tools/smbldap.conf
Code:
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\domain.success.ss\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\domain.success.ss\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive=""

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain=""

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"
"/etc/smbldap-tools/smbldap.conf" 223L, 7541C
vim /etc/smbldap-tools/smbldap_bind.conf
Code:
slaveDN="cn=Manager,dc=success,dc=ss"
slavePw="123"
masterDN="cn=Manager,dc=success,dc=ss"
masterPw="123"

Last edited by NooVin; 09-11-2012 at 05:14 AM. Reason: update
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba : New windows xp clients cant join samba domain lyschange Linux - Newbie 4 08-31-2010 02:38 AM
Failing to join domain/Samba/LDAP/XP brandon@rhiamet.com Linux - Server 0 02-03-2009 08:01 AM
Whay I can't join WinXP to Samba PDC LDAP domain? meksyk13 Linux - Server 0 11-06-2008 03:11 AM
samba 3 problem - samba PDC can not join to the domain ananthak Linux - Networking 1 05-21-2006 10:39 AM
Can't join my Samba Domain subaruwrx Linux - Networking 53 09-30-2004 10:29 AM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration