Red Hat Bugzilla – Bug 253659
Additional commands required when adding machines to domain.
Last modified: 2016-06-17 17:05:10 EDT
Description of problem:
in section "18.104.22.168. Primary Domain Controller (PDC) using tdbsam" some
steps are missing to complete this progress.
Add the root user to smb database
# smbpasswd -a root
Provide the password here.
Start smb service.
Make sure that you have proper netlogon and profiles directory created.
Add groups that users can be members of.
# groupadd -f users
# groupadd -f nobody
# groupadd -f ntadmins
Associate the unix groups with their respective Windows group
# net groupmap add ntgroup="Domain Users" unixgroup=users
# net groupmap add ntgroup="Domain Guests" unixgroup=nobody
# net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins
After this you need to grant the access.
# net rpc rights grant 'DOCS\Domain Admins' SetMachineAccountPrivilege -S PDC -U
also it would be adsvisable to tell users that windows prefers to have a primary
group that maps to a domain group like Domain Users and that group and user name
spaces are not sperated on windows (ie you can't normally have a group and user
with the same name like in unix).
Also you should put any substitution variable between quotes like "%u" not just
%u because spaces or other shell characters would make the scripts fail. (See
F-7 smb.conf file for some examples)
adding to majorqueue
I updated the "22.214.171.124. Primary Domain Controller (PDC) using tdbsam" section. Please have a look at it and let me know if my changes are correct, sufficient, and fix this bug. Thank you!
Addendum to comment 6: latest Samba chapter comment for this bug is staged at:
Please check that location for the docs fix for this bug.
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
@Guenther: Can you please verify that my changes are correct so we can resolve this bug, view here:
Thank you, Martin
Looks good to me Martin.