Your domain member is not configured correctly, you need it to be able to
authenticate with ldap.
Should look something like this as per Chapter 7 Samba 3 by Example..
http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#sdcsdmldap
Example 7.1. Samba Domain Member in Samba Domain Using LDAP smb.conf File
# Global parameters
[global]
unix charset = LOCALE
workgroup = MEGANET2
security = DOMAIN
username map = /etc/samba/smbusers
log level = 10
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
printcap name = CUPS
wins server = 192.168.2.1
ldap suffix = dc=abmas,dc=biz
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=abmas,dc=biz
idmap backend = ldap:ldap://lapdc.abmas.biz
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
printer admin = root
printing = cups
Stick to the official docs, will save you days/years of time.
Adrian Sender.
From: Felipe Alfaro Solana [EMAIL PROTECTED]
To: Samba Mailing List samba@lists.samba.org
Subject: [Samba] net rpc join fails the first time but succeeds the second
Sent: Friday, 19 May 2006 9:13:21 PM
Hi.
I'm having some trouble when trying to join a SAMBA machine, acting as
a member server, to a NT-style domain server managed by a SAMBA PDC
using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6
on Red Hat Enterprise Linux 4.1 Update 3 for AMD64.
When trying to add the member server to the domain, it fails with an
error message. However, if I try to add it again, the operation
succeeds.
The first try to add the member server fails with this error message:
[EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password
[2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED
Unable to join domain CENTRAL.
I can see the SAMBA machine account has been created:
[EMAIL PROTECTED] ~]# pdbedit -L
Administrator:0:Domain Administrator
member$:10001:Machine
Then, immediately, I try to add the member server, once again:
[EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password
Joined domain CENTRAL.
Both, the member server and PDC are using nss_ldap.
Thus:
[EMAIL PROTECTED] ~]# id Administrator
uid=0(root) gid=0(root) groups=0(root)
The smb.conf for the PDC is:
[global]
# Store SAMBA data into an LDAP backend
passdb backend = ldapsam:ldap://ldap/
ldap admin dn = cn=Directory Manager
ldap suffix = dc=central
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
# Scripts for managing users and computers
add user script = /usr/sbin/luseradd -g Domain Users %u
delete user script = /usr/sbin/luserdel -r %u
add group script = /usr/sbin/lgroupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/lgroupmod -A %u %g
delete user from group script = /usr/sbin/lgroupmod -R %u %g
add machine script = /usr/sbin/luseradd -g Domain Computers -c
Machine -s /bin/false -d /dev/null -n -M %u
workgroup = CENTRAL
netbios name = NDS1
server string = CENTRAL Samba Domain Controller
load printers = no
log file = /var/log/samba/%m.log
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 35
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon path =
wins support = yes
The smb.conf for the member server is:
[global]
workgroup = CENTRAL
server string = CENTRAL File Server
netbios name = FS1
log file = /var/log/samba/%m.log
max log size = 50
security = domain
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Any ideas?
Thank you very much.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
