Ubuntu 10.04 Samba Primary Domain Controller Tutorial

[kellyfischer]

Thanks so much for the instructions, a very big help to a novice like myself. I now need to setup a Backup Domain Controller.

I am assuming that for redundancy sake, I will need to bring up an additional Ubuntu box with DNS (slave zone?), Openldap (how to setup replication?) and Samba (how to configure?).

Is there an order that I should tackle these or any good documentation that I can dig into that will help me with this? Any advice will be much appreciated.

[apamix]

After I follow the instructions strict I get this error when I try to join Windows 7 or
Windows XP on the domain

Code:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource
record used to locate an Active Directory Domain Controller (AD DC) for domain
"apamix.local":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.apamix.local

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.99

- One or more of the following zones do not include delegation to its child zone:

apamix.local
local
. (the root zone)

Is this a problem in the BIND or win the LDAP

[maverickaddicted]

I am trying to setup Samba LDAP Server, but I am stuck. Please help me
http://ubuntuforums.org/showthread.php?t=1813689

[rayne127]

After I follow the instructions strict I get this error when I try to join Windows 7 or
Windows XP on the domain

Code:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource
record used to locate an Active Directory Domain Controller (AD DC) for domain
"apamix.local":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.apamix.local

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.99

- One or more of the following zones do not include delegation to its child zone:

apamix.local
local
. (the root zone)

Is this a problem in the BIND or win the LDAP

I had the same problem. I'm pretty sure it is an issue with samba not adding computer accounts to LDAP when trying to join the domain. If you download the LDAP Admin program and manually add the computer, you will be able to join the domain.

Here's the LDAP Admin program from the OP:

27. To browse your LDAP tree you can use LDAP Admin. Make a new connection using the settings:[/COLOR][/COLOR]

Host: myserver
Base: dc=mydomain,dc=local
Username: cn=admin,dc=mydomain,dc=local
Password:PassWD55
You can also use PHPLDAPAdmin or the LDAP Server module in Webmin.

In XP, use your domain name when joining (ex. server.domain.local, use domain). I had to use username: "root" and the password I used when setting up LDAP to be able to join, but at least it works!

--Adam

[rayne127]

I just want to say this tutorial is amazing. Very easy to use and follow. I've tried other Samba PDC/LDAP tutorials in test environments and most have failed or were extremely difficult to follow. This one works amazingly and I would definitely recommend following this tutorial in a production environment.

I just have a quick question, I have set up a login script to map H: drive to the user's home directory. Is there a way to mount, say H:\Documents, to the user's My Documents folder in XP/Vista/7? I found a way to do it using a registry file that gets called from the login script. This works perfectly, just curious is there was a way to keep everything in one login script rather than having to call another file to do the rest.

Also, I am having problems getting Samba to automatically add computer accounts when joining the domain. I have to manually add them to LDAP in order to join. I haven't found a fix that has worked for this yet. Just wondering if anyone knew of one.

Thanks!
Adam

[pcmanrules]

Hi there, I have followed this guide to a T on 11.04 and I am getting stuck at:

Code:

ldapmodify -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -W -f samba_indexes.ldif

and get the error:

Code:

root@Deep-Space-9:~# ldapadd -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: No such object (32)
        matched DN: cn=config

I have also tried this guide http://www.server-world.info/en/note...04&p=samba&f=4 and get stuck at the same command.

Any advice?

[elwarreno]

just fyi that Resara Server has just released 1.1, which now features multi-server replication and load balancing. The open source community edition is located at www.resara.org

[taihard]

This tutorial was great and easy to follow. I was able to set up the server (couldn't use 11.10 or 12.04, had to make sure I got 10.04) and I was able to use a win XP box to join. Now i'm trying to figure out how to get an ubuntu desktop box to join, I've tried various different tutorials but none seem to work (maybe server was set up differently!?). Does anyone know how to join a linux box to the server set up using this tutorial so I can use the same username/passwords as I do with windows box?? Thanks so much in advance!!!!

[nickaceph]

Hi, Resara support is closing but the package is still available and it will be opensource sometime later.

I have tried Resara myself, I have fully configure it. with manual install to a new box. ubuntu 10.04 and the newly released resara server package.

in our office we have a few winxp/win7 box and other's are linux mint and ubuntu desktop.

situation:
1. winxp/7 and linux box is able to ping each other by ip and hostname.
2. winxp/7 and linux box can ping the server by hostname and by the domain name.

problem
1. windows box can join the domain without a problem. but the linux box when joining the domain is issuing an error below

DNS_ERROR_BAD_PACKET [code 0x0000251e]


Please help thanks