ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0013531ClearOSapp-samba - Windows Networkingpublic2017-03-08 08:012017-08-18 10:03
Reporterdloper 
Assigned To 
PrioritylowSeverityminorReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version7.3.0 
Target Version7.4.0 UpdatesFixed in Version 
Summary0013531: BDC does not join PDC
DescriptionWhen configured to Master/Slave, BDC won't finish initialization. The following things are items I had to do to get it to work as a BDC:

================================================
modified nslcd.conf: The default regex in nslcd does not pick up the plus in proper usernames (ie. user+DOMAIN). The default regex is see (man nslcd.conf):

     /^[a-z0-9._@$][a-z0-9._@$\\~-]*[a-z0-9._@$~-]$/i

I had to add the following:

     validnames /^[a-z0-9._@$][a-z0-9._@+$\\~-]*[a-z0-9._@$~-]$/i

I then had to chattr +i /etc/nslcd.conf since the file is automatically generated.
================================================
Had to set the localsid to match the domain sid.

DOMAINSID=`net getdomainsid |grep -oh "S-1-5.*$"`;if [ -v DOMAINSID ]; then net setlocalsid $DOMAINSID; fi

This should ALWAYS be the case with a Backup Domain Controller. The big separator between a PDC and a BDC is the 'domain master = No' parameter in /etc/smb.conf. All other parameters like 'preferred master = Yes' should be the same as the PDC.
================================================
The directories in /var for samba and her children were not created. I had to do the following:

mkdir -p /var/samba/drivers
mkdir -p /var/samba/netlogon
mkdir -p /var/samba/profiles
chown winadmin:domain_users /var/samba/*
chmod g+w /var/samba/profiles
chmod g+s /var/samba/profiles
================================================
I had to set the interfaces to bind to the interface of the LAN network interface object. Only the loopback was set and bind interfaces only had been 'No'. New settings were:

# Network
bind interfaces only = Yes
interfaces = lo enp0s8
================================================
Since this BDC is to be located on a site and subnet different than the PDC, I had to make this server the WINS Server. This was a configuration choice and not an error
================================================
After confirming that I had the domainsid, ldap was replicating, and that the smb, winbind, and nmb services were running, I set the initialized flag:

touch /var/clearos/samba_common/initialized




TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2017-03-08 08:01 dloper New Issue
2017-04-10 09:08 pbaldwin Status new => acknowledged
2017-08-11 12:38 dloper Target Version 7.3.1 Updates => 7.4.0
2017-08-18 10:03 pbaldwin Target Version 7.4.0 => 7.4.0 Updates