[Samba] trouble joining win xp machines to samba with ldap backend DC
Greetings, I would like some help figuring this out. I really don't know what to do anymore. whenever I try to join an XP machine to the domain it comes up that username or password is not correct. However I know that the credentials are correct, but when I check the logs of that specific machine, this comes up: [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [oc.quimefa.cu]\[root] from workstation [CLIENTEWINDOW] [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 5] auth/auth_util.c:is_trusted_domain(2261) is_trusted_domain: Checking for domain trust with [oc.quimefa.cu] [2010/09/24 11:42:38, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(491) secrets_fetch failed! [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain oc.quimefa.cu found. [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for root (root) [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(85) making strings for root's user_info struct [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(117) making blobs for root's user_info struct [2010/09/24 11:42:38, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [oc.quimefa.cu]\[ro...@[clientewindow] with the new password interface [2010/09/24 11:42:38, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [oc.quimefa.cu]\[ro...@[clientewindow] [2010/09/24 11:42:38, 5] lib/util.c:dump_data(2286) [000] 9C CA 80 B4 84 2B C6 8A .+.. [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 5] lib/smbldap.c:smbldap_search_ext(1182) smbldap_search_ext: base => [dc=oc,dc=quimefa,dc=cu], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2010/09/24 11:42:38, 5] lib/smbldap.c:smbldap_close(1085) The connection to the LDAP server was closed [2010/09/24 11:42:38, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2010/09/24 11:42:38, 3] lib/smbldap.c:smbldap_connect_system(997) ldap_connect_system: successful connection to the LDAP server [2010/09/24 11:42:38, 4] lib/smbldap.c:smbldap_open(1065) The LDAP server is successfully connected [2010/09/24 11:42:38, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: root [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user root [2010/09/24 11:42:38, 5] lib/username.c:Get_Pwnam_
[Samba] some clients cannot login
I have a problem that's happening randomly in my network. Starting a couple of weeks ago, some clients (All of my clients are running Windows XP)on my network cannot login to their sessions and windows brings out an error saying that the domain controller is not available or is blocked. I don't understand why this is happening, seeing that other clients can perfectly log in their computers in domain sessions. In the same server I have a dns(bind9) with a dynamic zone that is automatically updated by the dhcp. Does anyone have any experience on this? Can anyone help me solve this? this is the output of testparm: Processing section "[homes]" Processing section "[netlogon]" Processing section "[Profiles]" Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = OC.QUIMEFA.CU netbios name = PDC interfaces = 127.0.0.0/8, eth2 bind interfaces only = Yes passdb backend = ldapsam:ldap://localhost passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = logon home = domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=oc,dc=quimefa,dc=cu ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=oc,dc=quimefa,dc=cu ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = root write list = "@Domain Admins" create mask = 0755 guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /home/samba/profiles read only = No profile acls = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba admin users = root write list = root read only = No create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers Share path = /var/lib/samba/printers admin users = root write list = root create mask = 0664 directory mask = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrate Windows Active Directory Users to Samba+LDAP
mor...@tuxedo.darktech.org wrote: On Tue 20/10/09 3:06 AM , Osmany Goderich Navarro wrote: 100 users added. I just want to transfer all the AD users to de PDC in Debian. I tried using pwdump to extract AD users but with no positive results. Please help That wouldn't work, as I understand it. Unless something has changed significantly in the past few years, pwdump programs are for dumping SAM (local) accounts and not for dumping ActiveDirectory accounts. I'm guessing you'd need to use some LDAP tools to dump out an LDIF of the user OU trees. Message sent via Atmail Open - http://atmail.org/ I've also tried to use de ldifde utility that's built in AD and it works fine. I can specifically extract de OU of my interest but the problem is that the users in the output file come out with lots of attributes that are not compatible with the samba schema. I'm wondering if there is some script that can restructure and modify the users so that I can import these users to OpenLDAP with a simple ldapadd command. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrate Windows Active Directory Users to Samba+LDAP
reetings, Greetings, Can anyone help me find out how to migrate Active Directory users to Samba+LDAP? I have everything working: Samba+LDAP+Kerberos PDC in Debian and I also have a Windows Active Directory in production with more than 100 users added. I just want to transfer all the AD users to de PDC in Debian. I tried using pwdump to extract AD users but with no positive results. Please help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
