[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixing the Jessie Main Server?

On Thu, Aug 21, 2014 at 09:13:19PM +0200, Petter Reinholdtsen wrote:
> in-target: cfengine:tjener:du-install: info: Fetching SMB domain SID.
> in-target: cfengine:tjener:du-install: fetch_ldap_pw: neither ldap secret retrieved!
> in-target: cfengine:tjener:du-install: pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb
> in-target: cfengine:tjener:du-install: pdb backend ldapsam:"ldap://ldap.intern"; did not correctly init (error was NT_STATUS_NO_MEMORY)
> in-target: cfengine:tjener:du-install: WARNING: Could not open passdb
> in-target: cfengine:tjener:du-install: Setting stored password for "cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no" in secrets.tdb
> in-target: cfengine:tjener:du-install: error: unable to fetch Samba SID
> I have no idea why it fail.  Please help out if you know how Samba work
> in Jessie.

Not quite sure, but I guess that the failure is due to Samba (v. 4.1.11) 
now running as Active Directory Domain Controller by default. Seems to 
be that additional statements must be contained in smb-debian-edu.conf 
to tell Samba to work as NT4-style PDC like before in wheezy:

# configure as NT4-style PDC
   server role = classic primary domain controller
   acl allow execute always = true

I'm wondering, if it wouldn't be good to set up Samba as AD DC, but for 
the moment I've tested the forced NT4-style role and was able to add a 
Samba account for the first user using smbpasswd -a <first user>. The 
modified account showed up in the ldap tree and smbclient -L tjener now 
lists the homedir share. Fix committed to git.


Attachment: signature.asc
Description: Digital signature

Reply to: