I had a problem similar to my current one a week or so ago, and I was encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now that I've completed that nightmare, the problem I initially set out to fix is still there, just different. Namely:
I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC whose only job will be authentication. Our LDAP server is on a separate box. I can join the domain just fine, but when I try to login via Windows, I get the following error: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools. I verified that the account is there with ldapsearch. Last time I had this problem, Samba wasn't even communicating with LDAP, but this time it is. When I try to login, here's what the LDAP logs show: [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH base="o=nebrwesleyan.edu,o=isp" scope=2 filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp" [05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH base="o=nebrwesleyan.edu,o=isp" scope=2 filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp" It searches twice for the machine trust account, which I've verified exists. The only thing I can think of is that not all of the attributes it's asking for exist. (In fact, a lot of them don't.) As you can see in the attached nmbd log, though, Samba doesn't show any obvious errors. I've also included my smb.conf (with some changes to protect my server's innocence). Any ideas are greatly appreciated. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549
[global] server string = test workgroup = NWU_TEST netbios name = TESTERATOR log level = 1 encrypt passwords = yes max smbd processes = 0 socket options = TCP_NODELAY add machine script = /usr/local/sbin/smbldap-useradd -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U domain logons = yes local master = yes preferred master = yes wins server = 10.9.1.12 security = user passdb backend = ldapsam:ldap://server.nebrwesleyan.edu ldap suffix = o=nebrwesleyan,o=edu ldap machine suffix = ou=Machines ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = (uid=%u) ldap admin dn = cn=foo ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No [tmp] comment = temporary files path = /tmp read only = yes
[2004/10/05 11:14:43, 5] nmbd/nmbd_packets.c:process_dgram(1194) process_dgram: ignoring dgram packet sent to name COMPUTER LABS<1d> from 10.9.1.10 [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found. [2004/10/05 11:14:43, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1096992883) - last(1096992397) < 900 [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:48, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 10.9.1.97 lastport 138 read: 290 [2004/10/05 11:14:48, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 290 from (10.9.1.97) port 138 [2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1d>", 84 ) [2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1c>", 84 ) [2004/10/05 11:14:48, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(124) find_name_on_subnet: on subnet 10.9.1.111 - found name NWU_TEST<1c> source=2 [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:process_dgram(1259) process_dgram: datagram from GUINEA-PIG<00> to NWU_TEST<1c> IP 10.9.1.97 for \MAILSLOT\NET\NETLOGON of type 18 len=116 [2004/10/05 11:14:48, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 10.9.1.97: code = 0x12 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 24, len = 116 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 116 PTR_DIFF(q, buf) = 108 [2004/10/05 11:14:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 24 ntv 11 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user GUINEA-PIG$ [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from GUINEA-PIG(10.9.1.97) for GUINEA-PIG$, returning logon svr \\TESTERATOR domain NWU_TEST code 13 token=ffff [2004/10/05 11:14:48, 4] lib/util.c:dump_data(1835) [000] 13 00 5C 00 5C 00 54 00 45 00 53 00 54 00 45 00 ..\.\.T. E.S.T.E. [010] 52 00 41 00 54 00 4F 00 52 00 00 00 47 00 55 00 R.A.T.O. R...G.U. [020] 49 00 4E 00 45 00 41 00 2D 00 50 00 49 00 47 00 I.N.E.A. -.P.I.G. [030] 24 00 00 00 4E 00 57 00 55 00 5F 00 54 00 45 00 $...N.W. U._.T.E. [040] 53 00 54 00 00 00 01 00 00 00 FF FF FF FF S.T..... ...... [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:send_mailslot(1902) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from TESTERATOR<00> IP 10.9.1.111 to GUINEA-PIG<00> IP 10.9.1.97 [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.T.E.S.T.E. hex 13 00 5c 00 5c 00 54 00 45 00 53 00 54 00 45 00 10 char R.A.T.O.R...G.U. hex 52 00 41 00 54 00 4f 00 52 00 00 00 47 00 55 00 20 char I.N.E.A.-.P.I.G. hex 49 00 4e 00 45 00 41 00 2d 00 50 00 49 00 47 00 30 char $...N.W.U._.T.E. hex 24 00 00 00 4e 00 57 00 55 00 5f 00 54 00 45 00 40 char S.T........... hex 53 00 54 00 00 00 01 00 00 00 ff ff ff ff [2004/10/05 11:14:48, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 252 to (10.9.1.97) on port 138 [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found. [2004/10/05 11:14:48, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1096992883) - last(1096992397) < 900 [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:48, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 10.9.1.97 lastport 138 read: 290 [2004/10/05 11:14:48, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 290 from (10.9.1.97) port 138 [2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1c>", 84 ) [2004/10/05 11:14:48, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(124) find_name_on_subnet: on subnet 10.9.1.111 - found name NWU_TEST<1c> source=2 [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:process_dgram(1259) process_dgram: datagram from GUINEA-PIG<00> to NWU_TEST<1c> IP 10.9.1.97 for \MAILSLOT\NET\NETLOGON of type 18 len=116 [2004/10/05 11:14:48, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 10.9.1.97: code = 0x12 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 24, len = 116 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 116 PTR_DIFF(q, buf) = 108 [2004/10/05 11:14:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 24 ntv 11 [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user GUINEA-PIG$ [2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from GUINEA-PIG(10.9.1.97) for GUINEA-PIG$, returning logon svr \\TESTERATOR domain NWU_TEST code 13 token=ffff [2004/10/05 11:14:48, 4] lib/util.c:dump_data(1835) [000] 13 00 5C 00 5C 00 54 00 45 00 53 00 54 00 45 00 ..\.\.T. E.S.T.E. [010] 52 00 41 00 54 00 4F 00 52 00 00 00 47 00 55 00 R.A.T.O. R...G.U. [020] 49 00 4E 00 45 00 41 00 2D 00 50 00 49 00 47 00 I.N.E.A. -.P.I.G. [030] 24 00 00 00 4E 00 57 00 55 00 5F 00 54 00 45 00 $...N.W. U._.T.E. [040] 53 00 54 00 00 00 01 00 00 00 FF FF FF FF S.T..... ...... [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:send_mailslot(1902) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from TESTERATOR<00> IP 10.9.1.111 to GUINEA-PIG<00> IP 10.9.1.97 [2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.T.E.S.T.E. hex 13 00 5c 00 5c 00 54 00 45 00 53 00 54 00 45 00 10 char R.A.T.O.R...G.U. hex 52 00 41 00 54 00 4f 00 52 00 00 00 47 00 55 00 20 char I.N.E.A.-.P.I.G. hex 49 00 4e 00 45 00 41 00 2d 00 50 00 49 00 47 00 30 char $...N.W.U._.T.E. hex 24 00 00 00 4e 00 57 00 55 00 5f 00 54 00 45 00 40 char S.T........... hex 53 00 54 00 00 00 01 00 00 00 ff ff ff ff [2004/10/05 11:14:48, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 252 to (10.9.1.97) on port 138 [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found. [2004/10/05 11:14:48, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1096992888) - last(1096992397) < 900 [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271) dump_workgroups() dump workgroup on subnet 10.9.1.111: netmask= 255.255.0.0: COMPSERV(4) current master browser = SPOOLWATCH WORKGROUP(3) current master browser = EDUCATION NWU_EXODUS(2) current master browser = BELL NWU_TEST(1) current master browser = TESTERATOR TESTERATOR 400c9b0b (test) GUINEA-PIG 40011003 () [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 0.0.0.0: NWU_TEST(1) current master browser = UNKNOWN TESTERATOR 40099b0b (test) [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba