Hi all,

I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad.

I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers.

Here is my global stanza:
[global]
workgroup = DOMAIN
realm = DOMAIN.CA
server string = Samba Server
security = ADS
password server = passwordserver.DOMAIN.CA *
username map = None
log file = /var/log/samba/%m.log
domain logons = no
domain master = no
max log size = 1000
smb ports = 139
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = 10.1.2.3
idmap uid = 1000-20000
idmap gid = 1000-20000
winbind use default domain = yes
short preserve case = No
preferred master = no
local master = no
log level = 4

Here's are the steps I am taking to join the domain:
# cat ktest
#!/bin/sh
# Destroy Kerberos Token
/usr/kerberos/bin/kdestroy
# Stop services
/etc/init.d/winbind stop
/etc/init.d/smb stop
# Log in to domain
/usr/kerberos/bin/kinit myusername@DOMAIN.CA
/usr/bin/net ads join -U myusername
# Start services
/etc/init.d/winbind start
/etc/init.d/smb start
# Check processes
/bin/ps -aef | grep -i winbind
/bin/ps -aef | grep -i smb

Verify Winbind
# wbinfo -t
Checking the trust secret via RPC calls succeeded
# wbinfo -m
EGI
DOMAIN.CA
# wbinfo -u
.. long list of AD users pulled down
# wbinfo -g
.. long list of AD groups

After the Linux server joins the domain, I check with the AD admins and the object for my Linux server always shows up as a "Domain Controller."

I've worked through this with the Oracle support, and with the relevant lines in [global], all that should have specified to the server not to let the Linux server join as a domain controller.

Is there something I'm missing?

Thanks,