make sure your ldap.conf is set like this, or it wont go searching the tree:
nss_base_passwd dc=domin,dc=com?sub > -----Original Message----- > From: PHELPS, SCOTT [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 13, 2003 2:19 AM > To: '[EMAIL PROTECTED]' > Subject: Re: [Samba] Samba-2.2.8a /LDAP can't join domain > > > On Sat, 2003-07-12 at 01:43, Chee Wai Yeung wrote: > Hi, > > > > have you checked your smb logs? Is the smbd talking to > > your ldap server as a start? Also try to check your > > ldap logs to see if any searches were made to your > > ldap server when the join took place. smbd should be > > searching for something in the line of > > > > (&(uid=MYMACHINE$)(objectclass=sambaAccount)) > > > > Hope this can help your troubleshooting. > > > > (PS: your LDIF entries looked ok) > > > > Chee Wai > > > Hooooorahhhh! I got it working! Although with one bug which > I will list at the bottom of this email. > > I am posting how I fixed this for everyone in the future who > runs into this problem. > > First I recompiled OpenLDAP with the --include-debug option > (It won't log jack unless you do!) And set up slapd.conf to > loglevel = -1. > It's also a good idea to configure syslog to dump this to > it's own file because it uses /var/log/messages by default. > > Second I started Samba and Slapd up and tried to join my new > domain from a Windows XP laptop. > > Here's the (pertinent) output from my slapd.log.... sorry > it's so long. > I'll continue at the bottom...... > > > > Jul 12 16:43:29 localhost slapd[11546]: ====> > cache_find_entry_id( 8 ) > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" (found) (1 tries) > Jul 12 16:43:29 localhost slapd[11546]: <= id2entry_r( 8 ) > 0x80e96f8 (cache) > Jul 12 16:43:29 localhost slapd[11546]: => test_filter > Jul 12 16:43:29 localhost slapd[11546]: AND > Jul 12 16:43:29 localhost slapd[11546]: => test_filter_and > Jul 12 16:43:29 localhost slapd[11546]: => test_filter > Jul 12 16:43:29 localhost slapd[11546]: EQUALITY > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > search access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6 > Jul 12 16:43:29 localhost slapd[11546]: => test_filter > Jul 12 16:43:29 localhost slapd[11546]: EQUALITY > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > search access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "objectClass" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6 > Jul 12 16:43:29 localhost slapd[11546]: <= test_filter_and 6 > Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6 > Jul 12 16:43:29 localhost slapd[11546]: => send_search_entry: > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "entry" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "pwdLastSet" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "pwdLastSet" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" > requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" > requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "logoffTime" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "logoffTime" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > "kickoffTime" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: > read access to > "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "cn" requested > Jul 12 16:43:29 localhost slapd[11546]: <= root access granted > Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 ENTRY > dn="uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" > Jul 12 16:43:29 localhost slapd[11546]: <= send_search_entry > Jul 12 16:43:29 localhost slapd[11546]: ====> > cache_return_entry_r( 8 ): returned (0) > Jul 12 16:43:29 localhost slapd[11500]: daemon: select: > listen=6 active_threads=1 tvp=NULL > Jul 12 16:43:29 localhost slapd[11546]: send_ldap_search_result 0:: > Jul 12 16:43:29 localhost slapd[11546]: send_ldap_response: > msgid=2 tag=101 err=0 > Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 SEARCH > RESULT tag=101 err=0 text= > Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 > descriptors > Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on: > Jul 12 16:43:29 localhost slapd[11500]: 15r > Jul 12 16:43:29 localhost slapd[11500]: > Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 15 > Jul 12 16:43:29 localhost slapd[11500]: connection_get(15) > Jul 12 16:43:29 localhost slapd[11500]: connection_get(15): > got connid=8 > Jul 12 16:43:29 localhost slapd[11500]: connection_read(15): > checking for input on id=8 > Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 15 > failed errno=11 (Resource temporarily unavailable) > Jul 12 16:43:29 localhost slapd[11543]: do_search > Jul 12 16:43:29 localhost slapd[11543]: SRCH > "ou=People,dc=MY_DOMAIN,dc=NET" 2 0 > Jul 12 16:43:29 localhost slapd[11543]: 1 0 0 > Jul 12 16:43:29 localhost slapd[11543]: begin get_filter > Jul 12 16:43:29 localhost slapd[11543]: AND > Jul 12 16:43:29 localhost slapd[11543]: begin get_filter_list > Jul 12 16:43:29 localhost slapd[11543]: begin get_filter > Jul 12 16:43:29 localhost slapd[11543]: EQUALITY > Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0 > Jul 12 16:43:29 localhost slapd[11543]: begin get_filter > Jul 12 16:43:29 localhost slapd[11543]: EQUALITY > Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0 > Jul 12 16:43:29 localhost slapd[11543]: end get_filter_list > Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0 > Jul 12 16:43:29 localhost slapd[11543]: filter: > (&(objectClass=posixAccount)(uid=MY_COMPUTER$)) > Jul 12 16:43:29 localhost slapd[11543]: attrs: > Jul 12 16:43:29 localhost slapd[11543]: uid > Jul 12 16:43:29 localhost slapd[11543]: userPassword > Jul 12 16:43:29 localhost slapd[11543]: uidNumber > Jul 12 16:43:29 localhost slapd[11543]: gidNumber > Jul 12 16:43:29 localhost slapd[11543]: cn > Jul 12 16:43:29 localhost slapd[11543]: homeDirectory > Jul 12 16:43:29 localhost slapd[11543]: loginShell > Jul 12 16:43:29 localhost slapd[11543]: gecos > Jul 12 16:43:29 localhost slapd[11543]: description > Jul 12 16:43:29 localhost slapd[11543]: objectClass > Jul 12 16:43:29 localhost slapd[11543]: > Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SRCH > base="ou=People,dc=MY_DOMAIN,dc=NET" scope=2 > filter="(&(objectClass=posixAccount)(uid=MY_COMPUTER$))" > Jul 12 16:43:29 localhost slapd[11543]: => ldbm_back_search > Jul 12 16:43:29 localhost slapd[11543]: dn2entry_r: dn: > "OU=PEOPLE,DC=MY_DOMAIN,DC=NET" > Jul 12 16:43:29 localhost slapd[11543]: => dn2id( > "OU=PEOPLE,DC=MY_DOMAIN,DC=NET" ) > Jul 12 16:43:29 localhost slapd[11543]: ====> > cache_find_entry_dn2id("OU=PEOPLE,DC=MY_DOMAIN,DC=NET"): 3 (1 tries) > Jul 12 16:43:29 localhost slapd[11543]: <= dn2id 3 (in cache) > Jul 12 16:43:29 localhost slapd[11543]: => id2entry_r( 3 ) > Jul 12 16:43:29 localhost slapd[11543]: ====> > cache_find_entry_id( 3 ) "ou=People,dc=MY_DOMAIN,dc=net" > (found) (1 tries) > Jul 12 16:43:29 localhost slapd[11543]: <= id2entry_r( 3 ) > 0x80ea280 (cache) > Jul 12 16:43:29 localhost slapd[11543]: search_candidates: > base="OU=PEOPLE,DC=MY_DOMAIN,DC=NET" s=2 d=0 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: AND > Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: DN SUBTREE > Jul 12 16:43:29 localhost slapd[11543]: => dn2idl( > "@OU=PEOPLE,DC=MY_DOMAIN,DC=NET" ) > Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( > "dn2id.dbb", 73, 600 )Jul 12 16:43:29 localhost slapd[11543]: > <= ldbm_cache_open (cache 0) > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: OR > Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa1 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: EQUALITY > Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates > Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( > "objectClass.dbb", 73, 600 ) > Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3) > Jul 12 16:43:29 localhost slapd[11543]: => key_read > Jul 12 16:43:29 localhost slapd[11543]: <= index_read 0 candidates > Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates NULL > Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 0 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: AND > Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: EQUALITY > Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates > Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( > "objectClass.dbb", 73, 600 ) > Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3) > Jul 12 16:43:29 localhost slapd[11543]: => key_read > Jul 12 16:43:29 localhost slapd[11543]: <= index_read 4 candidates > Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 4 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4 > Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates > Jul 12 16:43:29 localhost slapd[11543]: EQUALITY > Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates > Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( > "uid.dbb", 73, 600 ) > Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 4) > Jul 12 16:43:29 localhost slapd[11543]: => key_read > Jul 12 16:43:29 localhost slapd[11543]: <= index_read 1 candidates > Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1 > Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 0 > Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0 > Jul 12 16:43:29 localhost slapd[11500]: daemon: select: > listen=6 active_threads=1 tvp=NULL > Jul 12 16:43:29 localhost slapd[11543]: ====> > cache_return_entry_r( 3 ): returned (0) > Jul 12 16:43:29 localhost slapd[11543]: ldbm_search: no candidates > Jul 12 16:43:29 localhost slapd[11543]: send_ldap_search_result 0:: > Jul 12 16:43:29 localhost slapd[11543]: send_ldap_response: > msgid=7 tag=101 err=0 > Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SEARCH > RESULT tag=101 err=0 text= > Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 > descriptors > Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on: > Jul 12 16:43:29 localhost slapd[11500]: 17r > Jul 12 16:43:29 localhost slapd[11500]: > Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 17 > Jul 12 16:43:29 localhost slapd[11500]: connection_get(17) > Jul 12 16:43:29 localhost slapd[11500]: connection_get(17): > got connid=10 > Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): > checking for input on id=10 > Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 17 > failed errno=0 (Success) > Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): > input error=-2 id=10, closing. > Jul 12 16:43:29 localhost slapd[11500]: connection_closing: > readying conn=10 sd=17 for close > Jul 12 16:43:29 localhost slapd[11500]: connection_close: > deferring conn=10 sd=17 > Jul 12 16:43:29 localhost slapd[11542]: do_unbind > Jul 12 16:43:29 localhost slapd[11542]: conn=10 op=2 UNBIND > Jul 12 16:43:29 localhost slapd[11542]: connection_resched: > attempting closing conn=10 sd=17 > Jul 12 16:43:29 localhost slapd[11542]: connection_close: > conn=10 sd=17 > Jul 12 16:43:29 localhost slapd[11542]: daemon: removing 17 > Jul 12 16:43:29 localhost slapd[11542]: conn=-1 fd=17 closed > Well, as you can see, the problem was that Samba was looking > for MY_COMPUTER$ in ou=People. So I took MY_COMPUTER$ out of > ou=Machines and put it in ou=People. Then when I attempeted > to join MY_DOMAIN i got the friendly "Welcome to the > MY_DOMAIN Domain!" Yay! > > No the issue is this. I want my Machines in there own OU. > What piece am I missing here to make Samba work with an > Account in Machines only? > > My Machine account is in my previous email so here is my > /etc/ldap.conf: > # ldap.conf > host 127.0.0.1 > base dc=MY_DOMAIN,dc=NET > > rootbinddn cn=manager,dc=MY_DOMAIN,dc=NET > > pam_filter objectclass=posixaccount > pam_login_attribute uid > pam_member_attribute gid > pam_password md5 > > nss_base_passwd ou=People,dc=MY_DOMAIN,dc=NET?sub > nss_base_shadow ou=People,dc=MY_DOMAIN,dc=NET?sub > nss_base_group ou=Group,dc=MY_DOMAIN,dc=NET?one > > P.S. I suspect I need to change shadow, but how? Can > somebody explain what one and sub mean and how this ties to nss? > > Thanks! > > -- Scott Phelps > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba