On June 15, 2005 05:49 pm, Ryan Braun wrote: > I have samba with ldap setup and seems to be running, just I am having > trouble having pc's join the domain. > > The samba/ldap server is running debian sarge (when it was testing, > haven't updated since) so samba 3.0.14a-13 and slapd 2.2.23-5. Client pc > is windows 2000, and various linux's. smbldap-tools 0.9.1 >
Replying to myself here, but after I sent the message off I noticed I had an older debian package for smbldap-tools installed and the latest tarball installed. I removed the debian package and made sure the configs were setup for the proper paths to the .9.1 scripts. Now when I try to join a machine to the domain samba logs look like it works but windows still says bad username. note. changed hostname to win2k first try, creates ldap entry w/o sambaSAMAccount and windows complains about bad username when adding to domain [2005/06/15 18:17:19, 2] smbd/server.c:exit_server(609) Closing connections [2005/06/15 18:17:19, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/06/15 18:17:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/06/15 18:17:20, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 512 [2005/06/15 18:17:20, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/06/15 18:17:20, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain LDAPDOMAIN -> S-1-5-21-3007768992-1764342258-1846594437 [2005/06/15 18:17:20, 2] smbd/server.c:exit_server(609) Closing connections If I try to join the domain again I get (and leave the ldap entry that was created from above) [2005/06/15 18:18:30, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 512 [2005/06/15 18:18:30, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/06/15 18:18:30, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain LDAPDOMAIN -> S-1-5-21-3007768992-1764342258-1846594437 [2005/06/15 18:18:31, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w "win2k$"' gave 9 [2005/06/15 18:18:31, 2] smbd/server.c:exit_server(609) Closing connections So I guess that gave 9 message is reported because the entry already exists, but why is the sambaSAMAccount object class not being added? > If I run "smbldap-adduser -w ldap-test$" (after removing the existing > ldap-test$ entry) it will create the entry but it doesn't have a > sambaSAMAcount objectclass. And it won't join the domain. > > If I create a local user in /etc/passwd and then user smbpasswd -m -a it > will create the ldap entry in Computers but it has no posix objectclass. > BUT it will allow me to join the pc to the domain. > > The only problem then (not sure if it's related or not), is that the only > user that can login is the root user used to join the pc to the domain, > any other users created with smbldap-adduser -a won't authenticate. Any > users created with the smbldap scripts can authenticate against any of the > linux boxes setup to authenticate against ldap. > > [2005/06/14 21:36:27, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/06/14 21:36:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: ldap-test$ > [2005/06/14 21:37:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: windowsguy > [2005/06/14 21:37:08, 1] auth/auth_util.c:make_server_info_sam(840) > User windowsguy in passdb, but getpwnam() fails! > [2005/06/14 21:37:08, 0] auth/auth_sam.c:check_sam_security(324) > check_sam_security: make_server_info_sam() failed with > 'NT_STATUS_NO_SUCH_USER' > [2005/06/14 21:37:08, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [windowsguy] -> > [windowsguy] FAILED with error NT_STATUS_NO_SUCH_USER > > then as root > > [2005/06/14 21:38:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root > [2005/06/14 21:38:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) > init_group_from_ldap: Entry found for group: 512 > [2005/06/14 21:38:22, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [root] -> [root] -> [root] > succeeded > [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root > [2005/06/14 21:38:25, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [root] -> [root] -> [root] > succeeded > [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: root > [2005/06/14 21:38:25, 1] smbd/service.c:make_connection_snum(642) > ldap-test (192.16.240.141) connect to service profiles initially as user > root (uid=0, gid=0) (pid 14108) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba