Beware of having machine account$ in /etc/passwd and ldap database. ( the problem seems to be in /etc/passwd ) Other difference I can see is I do not use 227a syntax for ldap setting but 302alpha. Hope this help
---- Messages dŽorigine ---- De: "John Peak" <[EMAIL PROTECTED]> Date: Mardi, Février 11, 2003 4:32 am Objet: [Samba] Samba + LDAP = Misery > I have been working on this for weeks now and feel like I am at a > dead-end. > I am using Samba 3.0 (Head) and OpenLDAP (2.0) and smbldap-tools > 0.7 and > cannot join either a Linux machine or Windows 2000 machine to the > domain.If any of you have some ideas they would be much appreciated. > > Highlights: > - I have a root defined (UID and GID of 0). > - Trying to join the domain will successfully add my machine to > the LDAP > database. > - I have my users defined and can successfully login to view > shares from > either a windows or Linux machine. > - When trying to join domain I use root as the account with > permission to > join domain. The log appears to indicate that root is succesfully > validated. > > Bottomw Line: > - Whenver I try to join I always get NT_STATUS_ACCESS_DENIED. > More details > and log messages below. > > smb.conf > ====== > [global] > workgroup = ELUCIDATION > netbios name = Boo > server string = %h server (Samba %v) > security = user > obey pam restrictions = Yes > guest account = guest > #passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u > passwd program = /usr/local/sbin/smbldap-passwd.pl %u > passwd chat = *new*password* %n\n *new*password* %n\n > *successfully* unix password sync = No > encrypt passwords = Yes > log level = 5 > log file = /var/log/samba/%m.log > max log size = 1000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > domain logons = Yes > logon script = startup.bat > os level = 80 > preferred master = Yes > domain master = Yes > local master = Yes > dns proxy = No > wins support = Yes > ldap suffix = dc=ELUCIDATION > ldap machine suffix = dc=ELUCIDATION > ldap user suffix = dc=ELUCIDATION > ldap admin dn = cn=Manager,dc=ELUCIDATION > ldap ssl = No > printing = lprng > add user script = /usr/local/sbin/smbldap-useradd.pl -m -a %u > add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u > panic action = /usr/share/samba/panic-action %d > #invalid users = root > admin users = root administrator > hosts allow = 192.168.1.0/255.255.255.0 > logon drive = H: > logon home = \\boo\profiles\%u > > > Attempt to join domain from anther Linux box > =============================== > asa:~# smbpasswd -j elucidation -r boo > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to > machine BOO. > Error was : NT_STATUS_ACCESS_DENIED. > 2003/02/10 21:57:01 : change_trust_account_password: Failed to change > password for domain ELUCIDATION. > Unable to join domain ELUCIDATION. > > Log results try to join from another Linux box > =============================== > [2003/02/10 22:02:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(953) > Entry found for user: asa$ > [2003/02/10 22:02:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(990) > init_sam_from_ldap: User [asa$] does not exist via system getpwnam! > [2003/02/10 22:02:10, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1581) > ldapsam_getsampwnam: init_sam_from_ldap failed for user 'ASA$'! > [2003/02/10 22:02:10, 5] lib/username.c:Get_Pwnam(288) > Finding user ASA$ > [2003/02/10 22:02:10, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is asa$ > [2003/02/10 22:02:10, 5] lib/username.c:Get_Pwnam_internals(230) > Trying _Get_Pwnam(), username as given is ASA$ > [2003/02/10 22:02:10, 5] lib/username.c:Get_Pwnam_internals(247) > Checking combinations of 0 uppercase letters in asa$ > [2003/02/10 22:02:10, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals didn't find user [ASA$]! > [2003/02/10 22:02:10, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 1001) - sec_ctx_stack_ndx = 0 > [2003/02/10 22:02:10, 0] rpc_server/srv_netlog_nt.c:get_md4pw(201) > get_md4pw: Workstation ASA$: no account in domain > [2003/02/10 22:02:10, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 net_io_r_auth_2 > [2003/02/10 22:02:10, 5] rpc_parse/parse_prs.c:prs_uint8s(679) > 0000 data: cc f3 ff bf 84 83 2c 08 > [2003/02/10 22:02:10, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0008 neg_flags: 000001ff > [2003/02/10 22:02:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(622) > 000c status: NT_STATUS_ACCESS_DENIED > > Log Results Attempting to Join Domain from Windows 2000 > ======================================== > [2003/02/10 22:06:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(1340) > api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 net_io_q_auth > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0000 undoc_buffer: 00119f60 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0004 uni_max_len: 00000006 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0008 undoc : 00000000 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 000c uni_str_len: 00000006 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(764) > 0010 buffer : \.\.B.O.O... > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 001c uni_max_len: 00000006 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0020 undoc : 00000000 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0024 uni_str_len: 00000006 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(764) > 0028 buffer : J.O.H.N.$... > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint16(563) > 0034 sec_chan: 0002 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0038 uni_max_len: 00000005 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 003c undoc : 00000000 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint32(592) > 0040 uni_str_len: 00000005 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(764) > 0044 buffer : J.O.H.N... > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint8s(679) > 004e data: 19 60 39 05 08 91 3a 58 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 net_io_r_auth > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_uint8s(679) > 0000 data: d0 f3 ff bf bc 2f 2d 08 > [2003/02/10 22:06:33, 5] rpc_parse/parse_prs.c:prs_ntstatus(622) > 0008 status: NT_STATUS_ACCESS_DENIED > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba