On Sun, 9 Nov 2003 10:26 , Tarjei Bitustøyl <[EMAIL PROTECTED]> sent:
>Ok, additional information: >I am using LDAP as a unix password backend, so I shouldn't be needing the >/etc/passwd for a machine account. >The smbldap-useradd.pl -w script adds an account correctly, and both >posixAccount and sambaSAMAccount is set. When this is done, I get again, >"access is denied" when I try to join the domain, with the valid SID user. >It doesn't seem to join correctly on the operation when it actually creates >the account, however I can see nothing wrong with the account itself. Here >is an auto-created account: (smbldap-useradd.pl -w %u) > >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO >objectClass: top >objectClass: inetOrgPerson >objectClass: posixAccount >cn: main$ >sn: main$ >uid: main$ >uidNumber: 1003 >gidNumber: 553 >homeDirectory: /dev/null >loginShell: /bin/false >description: Computer > >I have all the scripts in place, but manually only the add machine script >works. I don't think I need the others for the operation I am trying, >though. > >The thing is, if I do have an account in /etc/passwd called "main$" when I >try to join, the auto-created ldap entry looks very very different: > >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO >uid: main$ >sambaSID: S-1-5-21-2523409155-1094959098-2360343008-3006 >sambaPrimaryGroupSID: S-1-5-21-2523409155-1094959098-2360343008-1201 >sambaAcctFlags: [W ] >objectClass: sambaSamAccount >objectClass: account > >The error upon joining is still the same, username could not be found; >however, subsequent attempts to join give the error "access is denied." I'm >going nuts. > if this is an XP PRO machine, have you done the signorseal registry hack? >Regards >Tarjei > >----- Original Message ----- >From: "Andrew Bartlett" [EMAIL PROTECTED]> >To: "Tarjei Bitustøyl" [EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED]> >Sent: Sunday, November 09, 2003 10:08 AM >Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account > >On Sun, 2003-11-09 at 19:40, Tarjei Bitustøyl wrote: >> Hi, >> >> I've finally gotten my LDAP password backend up and running, and finally >figured out the SID 1000/1001 thing for Samba admin. >> However I'm unable to join the workstation to my domain. > >I'm not sure what you mean about the '1000/1001' thing. Root should be >given the special sid '-500' if at all possible, as that is >'administrator'. > >> Using any random user in the WXP dialogue, I get the "Access is Denied" >error. Fair enough. >> Using the user with sambasid and sambagroupsid s-*-1000/s-*-1001, I get >the error "The Username could not be found". This error is probably not >referring to the login user, as that one is validated (I get another error >if I type in a wrong password), so I assume it's the machine account user >that it is looking for. >> >> I have however tried adding the machine account using both LAM and >smbpasswd -a -m, but no difference. >> >> The debug log says everything is successful? >> I'm at a loss. Does anyone have a hint as to what is wrong here? > >Do you have the add user scripts in place? > >Andrew Bartlett > >-- >Andrew Bartlett [EMAIL PROTECTED] >Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] >Student Network Administrator, Hawker College [EMAIL PROTECTED] >http://samba.org http://build.samba.org http://hawkerc.net > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > ---- Prudential Preferred Properties www.prupref.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
