Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (No Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (No Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #31  
Old 18th June 2008, 04:37 PM
sangamc Offline
Registered User
 
Join Date: Jun 2008
Posts: 18
i figured out that the DNS server is not really necessary. if you enable wins support in your smb.conf, and on the xp workstations add the fds ip address as a wins server, you can then join the domain without having to resolve the PDC ip address through DNS!!

i know have follwed this howto through completion and must sy i am very satisfied
Reply With Quote
  #32  
Old 7th July 2008, 05:04 PM
phrawzty Offline
Registered User
 
Join Date: Jul 2008
Posts: 4
Question cannot join a Windows XP machine to domain...

First off, thanks for the great howto - i followed your steps and got my FDS / Samba PDC up and running on a fresh FC9 server in no time !

I have successfully joined an FC8 and a Ubuntu machine to the domain, and the winbind authentication works perfectly. Unfortunately, i can't seem to get my Windows XP box to join the domain at all. The error i'm getting when i run the network wizard is as follows :

Code:
A domain controller for the domain WITBE-TEST could not be contacted.

Ensure that the domain name is typed correctly.

If the name is not correct, click details for troubleshooting information.

<<< Details

The domain name WITBE-TEST might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain WITBE-TEST:

The query was for the SRV record for _ldap._tcp.dc._msdcs.WITBE-TEST

The following domain controllers were identified by the query:

srv-fc9.witbe-test

Common causes of this error include:

- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

For information about correcting this problem, click Help.
I mirrored your DNS configuration, substituting "srv-fc9" for "seagoon", and "witbe-test" for "home". The server identified in the error message is, in fact, the domain controller, which would seem to indicate that it isn't a DNS problem (though i'm not ruling that out ).

Any ideas ?

Thanks again for the awesome howto - keep up the great work !
Reply With Quote
  #33  
Old 7th July 2008, 05:30 PM
sangamc Offline
Registered User
 
Join Date: Jun 2008
Posts: 18
did you try setting up your tcp/ip settings on the workstation to have the server IP address as the wins server?
Reply With Quote
  #34  
Old 8th July 2008, 09:14 AM
phrawzty Offline
Registered User
 
Join Date: Jul 2008
Posts: 4
Quote:
Originally Posted by sangamc
did you try setting up your tcp/ip settings on the workstation to have the server IP address as the wins server?
Indeed i did, however, it did not help the situation at all. Thanks for the the suggestion, though.

Any other ideas ?
Reply With Quote
  #35  
Old 8th July 2008, 11:22 AM
phrawzty Offline
Registered User
 
Join Date: Jul 2008
Posts: 4
Thumbs up solved !

My problem, after much pulling out of hair, was simple - NetBIOS was deactivated on the XP machine for some reason. After enabling NetBIOS in the properties of the network interface everything worked properly.
Reply With Quote
  #36  
Old 8th July 2008, 03:10 PM
sangamc Offline
Registered User
 
Join Date: Jun 2008
Posts: 18
oh man1 u gotta love the simple solutions, but hate the time it takes to find them. glad it worked out for you. ive noticed that there are a lot of 'deal breakers' in FDS that are usually so minute that i want to kick myself after the two week i spend trying to figure it out
Reply With Quote
  #37  
Old 4th December 2008, 11:29 AM
V!ctor Offline
Registered User
 
Join Date: Sep 2007
Posts: 15
Hi

When I create the user in graphic interface Fedora-ds there is no creation of the user in samba. In what there can be a problem?
How to set the rights for users - such as input in the domain, the print, or a print interdiction, installation of appendices...?

10x
Reply With Quote
  #38  
Old 7th December 2008, 04:11 AM
barry905 Offline
Registered User
 
Join Date: Jul 2007
Posts: 115
I'm not sure I entirely understand your question, but as far as I know you have to have a user account on the domain controller to enable the user to access domain resources. Printer availability/accessibility is a function of the workstation, not the domain.

Hopr that answers you,

barry

Last edited by barry905; 7th December 2008 at 06:12 PM.
Reply With Quote
  #39  
Old 12th December 2008, 11:24 PM
bbobbo Offline
Registered User
 
Join Date: Dec 2004
Location: Cambridge, MA
Posts: 89
i successfully completed part 1 and am now i'm stuck on the following step in part 2 (my changes highlighted in red):

Quote:
Now create a domain name ldif file (sambaDomainName.ldif) that is similar to the one below, but substitute your own domain name and SID:

dn: sambaDomainName=WORKGROUP,dc=WORKGROUP
objectclass: sambaDomain
objectclass: sambaUnixIdPool
objectclass: top
sambaDomainName: WORKGROUP
sambaSID: S-1-5-21-666156701-3245700456-680142671
uidNumber: 550
gidNumber: 550

And now add it to FDS

$ /usr/lib64/dirsrv/slapd-[servername]/ldif2ldap "cn=Directory Manager" [directory_manager_password] ./sambaDomainName.ldif
i get the following:

Quote:
adding new entry sambaDomainName=WORKGROUP,dc=WORKGROUP
ldap_add: No such object
any ideas?
Reply With Quote
  #40  
Old 13th December 2008, 02:58 PM
barry905 Offline
Registered User
 
Join Date: Jul 2007
Posts: 115
I believe the best comment on this is "O ****". I haven't seen this error before, so I don't have an immediate solution. Can you check the logs and see if there is anything there to help you, and also open up FDS, look in the Directory Server and see if it has created a "WORKSTATION" object.
Reply With Quote
  #41  
Old 14th December 2008, 08:21 AM
bbobbo Offline
Registered User
 
Join Date: Dec 2004
Location: Cambridge, MA
Posts: 89
okay, i did get it working. my mistake was setting the samba domain to be the same as my default suffix, which it isn't. this ended up working for me:

Quote:
dn: sambaDomainName=WORKGROUP,dc=mydomain,dc=net
objectclass: sambaDomain
objectclass: sambaUnixIdPool
objectclass: top
sambaDomainName: WORKGROUP
sambaSID: S-1-5-21-666156701-3245700456-680142671
uidNumber: 550
gidNumber: 550
a couple of other notes:

for this step:

Quote:
Now create an ldif file to add the samba schema to FDS and load it into the server:

$ ./ol-schema-migrate.pl -b /usr/share/doc/samba-*/LDAP/samba.schema
> /etc/dirsrv/slapd-seagoon/schema/61samba.ldif
$ service dirsrv restart
the ol-schema-migrate.pl script isn't necessary for the samba package i'm using (samba 3.2.5 under fedora 9). in the /usr/share/doc/samba-3.2.5/LDAP/ directory, they've already included an fds version called samba-schema-FDS.ldif.

also, for some reason in the fedora 9 openldap-servers rpm, they don't include the migration scripts. luckily, i was able to find an old archived version in one of my backup directories from an old install which ended up working.

for this step:

Quote:
Now for the groups. First create a file sambaGroups which contains:

Domain Admins:x:2512:
Domain Users:x:2513:
Domain Guests:x:2514:
Domain Computers:x:2515:

Then convert it to an ldif file and add it to FDS
when i created the sambaGroup.ldif file, i got:

Quote:
dn: cn=Domain Admins,ou=Group,dc=padl,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Admins
userPassword: {crypt}x
gidNumber: 2512

dn: cn=Domain Users,ou=Group,dc=padl,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Users
userPassword: {crypt}x
gidNumber: 2513

dn: cn=Domain Guests,ou=Group,dc=padl,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Guests
userPassword: {crypt}x
gidNumber: 2514

dn: cn=Domain Computers,ou=Group,dc=padl,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Computers
userPassword: {crypt}x
gidNumber: 2515
i had to change "dc=padl,dc=com" to "dc=mydomain,dc=net", and i also had to change "ou=Group" to "ou=Groups". maybe that was just due to the migration scripts i had being too old.
Reply With Quote
  #42  
Old 14th December 2008, 08:28 AM
bbobbo Offline
Registered User
 
Join Date: Dec 2004
Location: Cambridge, MA
Posts: 89
now i am stuck on this step:

Quote:
Then import it into FDS and edit it:

$ /usr/share/openldap/migrate/migrate_passwd.pl ./sambaAdmin > sambaAdmin.ldif
$ /usr/lib/dirsrv/slapd-seagoon/ldif2ldap "cn=Directory Manager" directory_manager_password ./sambaAdmin.ldif
smbpasswd -a Administrator
$ pdbedit -U $(net getlocalsid | sed 's/SID for domain SEAGOON is: //' ) -500 -u Administrator -r
importing into fds and creating it worked fine, but when i try to edit it, i get:

Quote:
$ pdbedit -U $(net getlocalsid |sed 's/SID for domain MYHOST is: //' ) -500 -u Administrator -r
tdb_update_sam: struct samu (Administrator) with no RID!
Unable to modify entry!
also, what is it i'm trying to edit for the administrator user entry?
Reply With Quote
  #43  
Old 15th December 2008, 02:48 AM
barry905 Offline
Registered User
 
Join Date: Jul 2007
Posts: 115
Firstly, good to hear that you solved your initial problem. Secondly, you are trying to edit the Security Identifier for the Administrator account. What you are trying to do is to extract the SID from the ouput from the command "net getlocalsid", then use that to edit the Administrator account. You can check to make sure that the sed script is accurate by running "net getlocalsid " and ensuring that the result starts with "SID for domain MYHOST is: ". You can also check the Administrator account using "pbedit -L -v -u Administrator"

Let me know how it goes.
Reply With Quote
  #44  
Old 15th December 2008, 05:42 PM
bbobbo Offline
Registered User
 
Join Date: Dec 2004
Location: Cambridge, MA
Posts: 89
i figured out one of my problems. in your original command:

Quote:
$ pdbedit -U $(net getlocalsid | sed 's/SID for domain SEAGOON is: //' ) -500 -u Administrator -r
there shouldn't be a space before '-500'.

the other main problem was that i didn't realize that these commands are dependent on the smb.conf file. i'm configuring this on an already working samba server which isn't using ldap as a backend. after making all the modifications, i had restarted the samba server to test it, but it broke my existing samba connections from xp (obviously, since i hadn't set up the user accounts yet), so i copied the new smb.conf to a backup file, restored my original smb.conf, and restarted samba.

i then proceeded with adding the groups and the administrator, not realizing that it was adding everything to the .tdb files and not in ldap. when i tried to edit the administrator sid, i got:

Quote:
$ pdbedit -U $(net getlocalsid |sed 's/SID for domain MYHOST is: //' )-500 -u Administrator -r
Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL!
Unable to modify entry!
once i restored the modified smb.conf file (using passdb backend = ldapsam) and re-added the groups and the administrator, everything finally worked:

Quote:
$ pdbedit -U $(net getlocalsid |sed 's/SID for domain MYHOST is: //' )-500 -u Administrator
Unix username: Administrator
NT username: Administrator
Account Flags: [U ]
User SID: S-1-5-21-666156701-3245700456-680142671-500
Primary Group SID: S-1-5-21-666156701-3245700456-680142671-513
Full Name: Samba Admin
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Mon, 15 Dec 2008 12:16:06 EST
Password can change: Mon, 15 Dec 2008 12:16:06 EST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
thanks for all your help. now to actually add the users and see if it all works like it should.
Reply With Quote
  #45  
Old 16th December 2008, 12:20 AM
barry905 Offline
Registered User
 
Join Date: Jul 2007
Posts: 115
glad to have helped - good luck with your users
Reply With Quote
Reply

Tags
2003, controller, domain, fds, howto, replace, windows

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Joining linux pc with FC9 to Windows Server 2003 domain & Need to Install Squid Proxy lcsfsr1 Servers & Networking 3 6th June 2008 04:28 PM
How-to Authenticate to Windows Server 2003 Domain using LDAP cbtg2006 Guides & Solutions (No Questions) 3 31st October 2006 07:22 AM
Joining Windows 2003 Domain Greta Servers & Networking 2 21st April 2006 07:15 PM
Connecting linux system to a windows 2003 domain jinugc Servers & Networking 3 21st December 2005 08:21 AM


Current GMT-time: 11:21 (Monday, 01-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat