I'm using Samba 3.0.3 on Fedora Core 2 with OpenLDAP 2.1.29 for a backend. I'm getting to typical "The user name could not be found." error upon trying to join a Windows box. I've gone through every digest on lists.samba.org and other sites and nothing has worked yet. Any suggestions:
Here's what I've done so far:
1. Installed everything via RPMS: [EMAIL PROTECTED] root]# rpm -qa | grep openldap openldap-2.1.29-1 openldap-clients-2.1.29-1 openldap-servers-2.1.29-1 openldap-devel-2.1.29-1 [EMAIL PROTECTED] root]# rpm -qa | grep samba samba-3.0.3-5 samba-client-3.0.3-5 samba-common-3.0.3-5 samba-swat-3.0.3-5 [EMAIL PROTECTED] root]# rpm -qa | grep smbldap smbldap-tools-0.8.4-1.1.fc2.dag [EMAIL PROTECTED] root]#
2. Made my SSL certificates and put them in /var/ssl.
3. Made my slapd.conf: --- Start slapd.conf --- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
allow bind_v2
passwd-hash {SSHA]
pidfile /var/run/slapd.pid
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0
security ssf=1 update_ssf=112 simple_bind=64
access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=mail by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,ou=People,dc=soil,dc=ncsu,dc=edu" by * read access to dn=".*,dc=soil,dc=ncsu,dc=edu" by self write by * read
database ldbm suffix "dc=soil,dc=ncsu,dc=edu" rootdn "cn=Manager,dc=soil,dc=ncsu,dc=edu" rootpw _thepassword_
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial --- End slapd.conf ---
4. Made the smb.conf: --- Start smb.conf --- [global]
; Basic server settings workgroup = testdomain netbios name = smbtest server string = Samba Server %v security = user allow trusted domains = yes
log level = 0 log file = /var/log/samba/log.%m max log size = 50
domain logons = Yes os level = 65 local master = yes domain master = yes preferred master = yes encrypt passwords = yes
passwd program = /usr/local/sbin/smbldap-passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* unix password sync = yes
; User and Machine Account Backends ldap ssl = start_tls passdb backend = ldapsam:ldap://smbtest.soil.ncsu.edu:389 ldap suffix = dc=soil,dc=ncsu,dc=edu ldap admin dn = cn=Manager,dc=soil,dc=ncsu,dc=edu ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers admin users = administrator
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; where to store user profiles logon home = logon path =
ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
[netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon read only = yes write list = dom_admins
[Homes] username = tfugere writeable = Yes force create mode = 0770 force directory mode = 02770 browseable = No --- End smb.conf ---
5. Made my smbldap*.conf: --- Start smbldap.conf --- UID_START="1000" GID_START="1000" SID="S-1-5-21-2625200706-2048882972-3065312840" slaveLDAP="smbtest.soil.ncsu.edu" slavePort="389" masterLDAP="smbtest.soil.ncsu.edu" masterPort="389" ldapTLS="1" verify="require" cafile="/var/ssl/cacert.pem" clientcert="/var/ssl/ldapcrt.pem" clientkey="/var/ssl/ldapkey.pem" suffix="dc=soil,dc=ncsu,dc=edu" usersdn="ou=People,dc=soil,dc=ncsu,dc=edu" computersdn="ou=Computers,dc=soil,dc=ncsu,dc=edu" groupsdn="ou=Groups,dc=soil,dc=ncsu,dc=edu" scope="sub" hash_encrypt="SSHA" userLoginShell="/bin/bash" userHomePrefix="/home/" userGecos="System User" defaultUserGid="513" defaultComputerGid="553" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userHomeDrive="logondrive" userScript="" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" mk_ntpasswd="/usr/sbin/mkntpwd" --- End smbldap.conf --- --- Begin smbldap_bind.conf --- slaveDN="cn=Manager,dc=soil,dc=ncsu,dc=edu" slavePw="_hidden_" masterDN="cn=Manager,dc=soil,dc=ncsu,dc=edu" masterPw="_hidden_" --- End smbldap_bind.conf ---
6. Started up the services: /etc/init.d/ldap start /etc/init.d/smb start
7. Set the root password: smbpasswd -w _thepassword_
8. Put in some test data: http://www.soil.ncsu.edu/tony_temp/smbtest.ldif
9. Did a search on the LDAP DB:
ldapsearch -x -Z -D 'cn=Manager,dc=soil,dc=ncsu,dc=edu' -b 'dc=soil,dc=ncsu,dc=edu' -W '(objectclass=*)'
Results: http://www.soil.ncsu.edu/tony_temp/ldapsearch.out
10. Set the root user password: smbldap-passwd root
11. Changed the local security policy on the Windows XP machine:
Domain member: Digitally encrypt or sign secure data channel (always) Disabled
Domain member: Digitally encrypt secure data channel (when possible) Disabled
Domain member: Digitally sign secure data channel (when possible) Disabled
12. Tried to join the domain through a Windows XP machine and got this error when using root user:
The following error occurred when attempting to join the domain "testdomain":
The user name could not be found.
13. Tried to navigate to the domain via my network places and was successful.
Tony,
Please be sure that the account you are using to add the machines to the domain has a uidNumber of '0'. That is the only factor that was holding me back.
thanks, Joshua -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
