I appreciate your help on this. I still am having problems. Attached a some of the pertinent configuration files.
I can login in with any account so connection and password to access ldap server works, just can't join domain. I get an error message bad passwd or unknown user. I added the username map but root = administrator still doesn't work. # Administrator, Users, tow.net dn: uid=Administrator,ou=Users,dc=tow,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 0 uid: Administrator uidNumber: 0 homeDirectory: /accounts/Administrator sambaPwdLastSet: 1068814077 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1068814077 sambaPwdMustChange: 2147483647 sambaHomePath: \\whs1\Administrator sambaHomeDrive: H: sambaProfilePath: \\whs1\profiles\ sambaLMPassword: E3B4E05BE6A182C9E13B8E8F6853DCAC sambaNTPassword: F4858C7E53BB628AE91E00E9DB6CD467 sambaAcctFlags: [U ] sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000 loginShell: /bin/bash gecos: Netbios Domain Administrator sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-1001 userPassword:: e1NNRDV9ZGpiNFo3ODQ3VFlKYWJYZEM5ZGRtSkFpMklzPQ== smb.conf: [global] workgroup = WarehamPS encrypt passwords = Yes time server = Yes socket options = TCP_NODELAY security = user logon script = netlogon.bat writable = Yes dns proxy = no directory mask = 02770 preferred master = yes netbios name = WHS1 server string = RedHat 8.0 LDAP Server passdb backend = ldapsam ldap passwd sync = Yes passwd program = /usr/local/samba/bin/smbpasswd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n log file = /var/log/samba.%m debug level = 2 max log size = 50 add user script = /usr/local/sbin/smbldap-useradd.pl %u # delete user script = /usr/local/sbin/smbldap-useradd.pl # add group script = /usr/local/sbin/smbldap-groupadd.pl delete group script = /usr/local/sbin/smbldap-groupdel.pl add machine script = /usr/local/samba/bin/smbpasswd -a -m %u # add machine script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %u logon script = netlogon.bat logon path = \\%N\profiles\%g logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 64 domain master = Yes dns proxy = No admin users = @domain_admins # wins support = Yes ldap suffix = dc=tow,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=admin,dc=tow,dc=net ldap ssl = no username map = /usr/local/samba/private/smbusers [homes] comment = Home Directories read only = no browseable = no writable = yes path = %H # valid users = %S hide files = /.*/ [profiles] path = /accounts/profiles read only = no create mask = 0600 directory mask = 0700 [netlogon] comment = Netlogon share path = /usr/local/samba/netlogon locking = no browseable = no read only = yes write list = @domain_admins [staff] comment = Staff common path = /accounts/staff read list = @staff @techstaff write list = @staff @techstaff [programs] comment = Programs path = /accounts/programs [adm-pgms$] comment = Admin Programs path = /accounts/adm_pgms read list = @techstaff write list = @techstaff [images$] comment = Ghost image files path = /accounts/images write list = kent read list = @techstaff [printers] comment = All Printers path = /var/spool/samba read only = Yes printable = Yes browseable = No slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $ include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema database ldbm suffix "dc=tow,dc=net" rootdn "cn=admin,dc=tow,dc=net" #rootpw {SSHA}WhTBLrgNGnKeZYgS0bT6TfIL2jKBbOnr #password-hash {crypt} directory /usr/local/var/openldap-data/wareham schemacheck on lastmod on # Indices to maintain #index objectClass eq index objectClass,uid,uidNumber,gidNumber eq #index cn,mail,surname,givenname eq,subinitial index cn,sn,st pres,eq,sub #access to dn=".*dc=tow,dc=net # by self write # by * read #access to attrs=userPassword,sambaNTPassword,sambaLMPassword # by self write # by anonymous auth # by * none #access to * # by * read output of net groupmap list: [EMAIL PROTECTED] root]# net groupmap list domain_users (S-1-5-21-1129281578-1295143107-3311307472-513) -> dusers domain_guests (S-1-5-21-1129281578-1295143107-3311307472-514) -> nobody domain_admins (S-1-5-21-1129281578-1295143107-3311307472-512) -> root administrators (S-1-5-32-544) -> 544 users (S-1-5-21-1129281578-1295143107-3311307472-545) -> users guests (S-1-5-21-1129281578-1295143107-3311307472-546) -> 546 power_users (S-1-5-21-1129281578-1295143107-3311307472-547) -> 547 account_operators (S-1-5-32-548) -> 548 server_operators (S-1-5-32-549) -> sys print_operators (S-1-5-32-550) -> lp backup_operators (S-1-5-32-551) -> bin replicator (S-1-5-21-1129281578-1295143107-3311307472-552) -> daemon computers (S-1-5-21-1129281578-1295143107-3311307472-515) -> dcomputers Enterprise Admins (S-1-5-21-1129281578-1295143107-3311307472-519) -> 519 students (S-1-5-21-1129281578-1295143107-3311307472-2011) -> students staff (S-1-5-21-1129281578-1295143107-3311307472-2007) -> staff techstaff (S-1-5-21-1129281578-1295143107-3311307472-2009) -> techstaff [EMAIL PROTECTED] root]# On Fri, 2003-11-14 at 11:18, [EMAIL PROTECTED] wrote: > > > Hello, > > first the ldap admin dn should be the same like the rootdn for the OpenLdap > Server but must not be root. > > Important for joining machines into a domain is that you have already > created a user in ldap for root (uid=0), that meens posix and samba. > After that you have to join in the machine with user root and the samba > passowrod (not the posix password). > > This works when your samba server runs over the root account (root starts > my samba daemon). If your samba server runs over a different user I think > you have to choose this other samba admin account. > > Regards > > Manuel > > > > > > "Kent L. > Nasveschuk" > <[EMAIL PROTECTED] To > .ma.us> [EMAIL PROTECTED] > cc > 13.11.2003 19:07 > Subject > Re: [Samba] Join Machine to Domain > > > > > > > > > > > I read your post today and was wondering if you were able to get your > W2K machines to join your domain? > > I'm having the same problem. I can't get the machines to join domain. I > keep getting login failure: unknown username or bad password.My > administrator account in LDAP is uidNumber=0 but it still fails. I know > that the passwords work cause I can log in as administrator and see the > home directory and other shared directories. Makes me think the > administrative (root) account is not setup correctly between samba and > ldap. > > Well, if you did get your to work let me know how. > > > -- > Kent L. Nasveschuk <[EMAIL PROTECTED]> > -- Kent L. Nasveschuk <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba