RHEL4 Samba server incorrectly appears as domain controller in Windows XP Find Computers tool
(Doc ID 786486.1)
Last updated on MARCH 04, 2019
Applies to:Linux OS - Version Enterprise Linux 4.0 to Oracle Linux 4.7 [Release RHEL4 to OL4U7]
Oracle Cloud Infrastructure - Version N/A and later
Information in this document applies to any platform.
Linux Kernel - Version: 4.0 to 4.7
This issue involved using Samba for AD authentication in order to access a local directory on an RHEL 2.6.9-67 server. The Linux machine (a vm on VMWare) joined the AD domain and was displayed as a "Domain Controller" in the Windows XP Find Computers tool rather than as a workstation/ server even though domain controller functionality has been explicitly disabled in smb.conf.
Initial system issues were resolved that included selinux AVC's that prevented access to the share and the following was added to smb.conf:
domain master = no
local master = no
Restarting the smb/winbind services following this change and rejoining the AD domain still showed the Linux machine in the role of a domain controller in the Windows XP Find Computers tool.
The concern was that a role tagged but non-functional domain controller in the overall AD environment posed a potential reliability risk where applications within this infrastructure might attempt to associate with the Linux machine.
Samba and Kerberos Packages:
# rpm -qa | grep -i samba
SELinux was disabled after initially being found in enforcing mode. Although it is possible to run selinux with Samba in this role, other functions on the machine were potentially affected by the presence of SELinux and its presence wasn't needed.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document