Bug 253659 - Additional commands required when adding machines to domain.
Additional commands required when adding machines to domain.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: Deployment_Guide (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Martin Prpič
ecs-bugs
: Documentation
Depends On:
Blocks: 237606
  Show dependency treegraph
 
Reported: 2007-08-20 20:58 EDT by Norm Murray
Modified: 2016-06-17 17:05 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-16 18:47:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wade Mealing 2007-08-20 20:58:02 EDT
Description of problem:

On
https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-samba-servers.html,
  in section  "19.6.3.1. Primary Domain Controller (PDC) using tdbsam" some
steps are missing to complete this progress. 

Add the root user to smb database

# smbpasswd -a root
Provide the password here.

Start smb service.

Make sure that you have proper netlogon and profiles directory created.

Add groups that users can be members of.

# groupadd -f users
# groupadd -f nobody
# groupadd -f ntadmins

Associate the unix groups with their respective Windows group

==
# net groupmap add ntgroup="Domain Users" unixgroup=users
# net groupmap add ntgroup="Domain Guests" unixgroup=nobody
# net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins

After this you need to grant the access.

# net rpc rights grant 'DOCS\Domain Admins' SetMachineAccountPrivilege -S PDC -U
root
Comment 2 Simo Sorce 2007-08-21 08:46:52 EDT
Looks good,
also it would be adsvisable to tell users that windows prefers to have a primary
group that maps to a domain group like Domain Users and that group and user name
spaces are not sperated on windows (ie you can't normally have a group and user
with the same name like in unix).

Also you should put any substitution variable between quotes like "%u" not just
%u because spaces or other shell characters would make the scripts fail. (See
F-7 smb.conf file for some examples)
Comment 3 Don Domingo 2008-01-31 22:32:45 EST
adding to majorqueue
Comment 6 Martin Prpič 2010-06-04 05:15:04 EDT
Simo,

I updated the "20.6.3.1. Primary Domain Controller (PDC) using tdbsam" section. Please have a look at it and let me know if my changes are correct, sufficient, and fix this bug. Thank you!

http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Deployment_Guide/#s2-samba-domain-controller
Comment 8 Douglas Silas 2010-06-30 14:26:33 EDT
Addendum to comment 6: latest Samba chapter comment for this bug is staged at:

http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/#s2-samba-domain-controller

Please check that location for the docs fix for this bug.

Thanks,

Silas
Comment 9 RHEL Product and Program Management 2010-08-09 14:19:01 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 10 Martin Prpič 2010-09-08 05:53:40 EDT
@Guenther: Can you please verify that my changes are correct so we can resolve this bug, view here:

http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s2-samba-domain-controller.html

Thank you, Martin
Comment 11 Simo Sorce 2010-09-08 15:30:41 EDT
Looks good to me Martin.
Good job.

Simo.

Note You need to log in before you can comment on or make changes to this bug.