Topic: How to add a SME server to another SME server domain

[Beast]

Hi

Have in the past been having a lot of trouble with my samba setup because it was running as a workgroup only and not as a  domain and the DHCP server was running from the router. I was unable to see shares and get access randomly etc.

Now I have set one SME server as a domain controller and also to assign IP addresses etc. This seam to work very good when the client is assigned to the domain - I am able to see shares and access shares.

My problem is that I have one extra SME server (do not act as a domain controller). I am able to see this server in the list but I am unable to access it. How do I do that. E.g authorize and join this server to the domain so I can acces it from a client?

[Beast]

nobody?

[Tib]

Beast

As long as it's on the same IP range and the same network mask and you have the users setup on that machine as well you should ba able to see all the shares etc on it as well.

Make sure the users are setup exactly the same though ... same user name and pass.

My test unit is setup as a server only with the same IP range and the same workgroup.

I have all the users setup on that unit as well so this way ppl can access the network drives on the test unit also.

Regards,

Tib

[Beast]

The servers are on the same IP subnet/mask but they do not have the same user database. I am unable to do this because the servers have different purposes and users.

I have logged on to the domain with the admin account and the admin account is the same on both servers. Also same password - know this is not good security!

I think I have to add the second server to the domain somehow

Regards

[Alex Schaft]

Hi,

First you'd have to  set the domain name as the workgroup name in the admin panel

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/smb.conf/


then

Code: [Select]

cp /etc/e-smith/templates/etc/smb.conf/11security /etc/e-smith/templates-custom/etc/smb.conf/11security


and change it to read

Code: [Select]

security = domain

then

Code: [Select]

cp /etc/e-smith/templates/etc/smb.conf/11passwordServer /etc/e-smith/templates-custom/etc/smb.conf/11passwordServer


and add the line

Code: [Select]

password Server = *


to it

then you'd do

Code: [Select]

signal-event workgroup-update
service smb restart
net rpc join <domain name> -U admin


The net command might need the -I parameter to help find the DC

you can do a net rpc testjoin to find out if it worked.

after this, create user accounts for the people on the domain on the member server. No paswords required

HTH,
Alex

[Beast]

Get this error when I try to join the domain

[root@atkiserver smb.conf]# net rpc join WORKGROUP -U admin
Password:
[2007/03/18 12:02:24, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED

Unable to join domain WORKGROUP.
[root@atkiserver smb.conf]#

Have also tried with the -I parameter:

[root@atkiserver smb.conf]# net rpc join WORKGROUP -U -I admin
Password:
Could not connect to server BEASTSERVER
The username or password was not correct.
[root@atkiserver smb.conf]#

What may be wrong? (the password was correct btw)

[cactus]

[root@atkiserver smb.conf]# net rpc join WORKGROUP -U admin
Password:
[2007/03/18 12:02:24, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED

Unable to join domain WORKGROUP.
[root@atkiserver smb.conf]#

Is your domain really called WORKGROUP? What does the server-manager panel of the main server say in the Windows Workgroup box in the Workgroup panel?

[Beast]

It is really called "WORKGROUP" just a left over from old days - used to call a workgroup this

The domain server is called BeastServer and the server that need to join the domain is called AtkiServer.

[Beast]

Small observation:

Had some shares to the server and they where broke (not working) after the change?

Removed the custom templates and now it works again after restart of smb!

May be I did something wrong?

I can use IP adr. shares to ATKI server to access it.

[andy_wismer]

Hi

Try just setting the WINS Server Attribute on the second server (Not the Domain Controller) like this

# db configuration setprop smb WINSServer 192.168.123.45
# expand-template /etc/samba/smb.conf

--> Use your IP address!!!

SME will only accept another server as WINS when not set to Domain Controller in the Workgroup settings.

Also add the second server under Hosts and Adresses (I'm using german, so it may be called differently under english...) on the Primary Server. Add the second server as "local", that way also the reverse DNS is done correctly.

Both servers must have the same workgroup name set in server-manager.

This way, your second server is a member of a workgroup (Not domain member) and needs user accounts created locally for access. This way also only certan users from your domain can access server2, the others may see it in the network, but can't access it.

The second server should also use the first server as DNS, this can be set under "domains" in server manager.

Both servers will show up under network neighborhood.

YMMV, but it works!

Andy Wismer

[Beast]

I am unable to get it working!

This is the setting of the first domain server (192.168.1.12):

atki.beast.dk    Local    192.168.1.11         AtkiServer    Modify    Remove

This is the settings of the second server under domain (192.168.1.11):

Corporate DNS Settings
Primary corporate DNS server    192.168.1.12
Secondary corporate DNS server    192.168.1.12

I used this on the second server first (192.168.1.11)

[root@atkiserver ~]# db configuration setprop smb WINSServer 192.168.1.12
[root@atkiserver ~]# expand-template /etc/samba/smb.conf
[root@atkiserver ~]#

Both server show up in the network list (have done that allways) but I can not access AtkiServer (if I use the IP address I can)

[andy_wismer]

Hi

The second "corporate DNS Server" is not needed, especially if both point to the same server.

You also need to add the 2'nd server to the first servers DNS. Make an Entry under "Hosts & Adresses" in the server manager.

As far as I read your post, your DNS domain is called "atki.beast.dk".
The first server is called "atkiserver". This name usually becomes the NetBIOS name of the server under Samba (What shows up under Windows Network Neighborhood). You will need to add the second servers name to the "Hosts & Adresses" under Server-Manager of the first server.

Otherwise you'll just have to wait until your servers and clients have "shouted" at each other long enough (It's called Broadcasting...) so the Network IDs are clear to all members. But It's really faster with the DNS entry...

YMMV

Andy Wismer

[Beast]

Hi

You also need to add the 2'nd server to the first servers DNS. Make an Entry under "Hosts & Adresses" in the server manager.

As far as I read your post, your DNS domain is called "atki.beast.dk".
The first server is called "atkiserver". This name usually becomes the NetBIOS name of the server under Samba (What shows up under Windows Network Neighborhood). You will need to add the second servers name to the "Hosts & Adresses" under Server-Manager of the first server.

No it is the other way around:

the domain server (the first server) is called beastserver and have IP 192.168.1.12.

The second server is called atkiserver and have IP 192.168.1.11

As far as I understand I have made an entry in the domain server Hosts & Adresses called atki.beast.dk!

Shall I also make one the other way around?

[Beast]

Now it work !!!!!!

Changed atki.beast.dk to atkiserver.beast.dk - do not know if this made it, but now it works.

Thank you for the help all