Re: [Samba] Followed John's book, frustrating smbldap-problem
Rolf A. Vaglid wrote: These are actualle the same computer, only with different names. tkelev:/var/log/samba # id tk-02870$ uid=1001(tk-02870$) gid=553(Domain Computers) groups=553(Domain Computers) tkelev:/var/log/samba # id tk-test002870$ uid=1008(tk-test002870$) gid=553(Domain Computers) groups=553(Domain Computers) 1. Make sure that the workstation account is valid and not disabled. ldapsearch -x -LLL uid=raptor$ -h ldap.server.com sambaacctflags or using pdbedit command. 2. turn on debuging on smbd 3. Make sure no firewall blocking samba packet (both client and server) -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Followed John's book, frustrating smbldap-problem
Beast wrote: Rolf A. Vaglid wrote: Hi all, Im having a hard time figuring whats wrong with my Samba-ldap setup. I hope somebody may point out the error. Hi, Did you join the Win2k machine? from samba server did you able to get correct id for win2k machine (using "id w2kclint$")? whats the error message in W2k? Hi. Yes, I've already joined the domain. I just added the machine again, but this time under a different name, but to no avail. The Windows 2000 event logs have no report of the login attempt. Just out of curiosity I tried logging on from a Windows 98-computer, and the user now slips right in, no problem. This makes me wonder if there might be something wrong on the Win2000-client I've been testing. I checked the local security policy, but I didn't spot anything suspicious. Any tips? Could it be user-/group mapping or Idmap? I'll install a new Windows 2000 client from scratch to eliminate the possibility that it's just the test client thats messing up. When trying to log on with the user 'mhervik', I get the usual "The system could not log you on. Make sure your user name and Domain are correct, then type your password again." These are actualle the same computer, only with different names. tkelev:/var/log/samba # id tk-02870$ uid=1001(tk-02870$) gid=553(Domain Computers) groups=553(Domain Computers) tkelev:/var/log/samba # id tk-test002870$ uid=1008(tk-test002870$) gid=553(Domain Computers) groups=553(Domain Computers) I've uploaded two tcpdump-files for those up for a challenge: http://www.tysvernett.no/smbldap/login_attempt_w2000.tcpdump http://www.tysvernett.no/smbldap/login_win98.tcpdump Cheers Rolf (Would sacrifice a finger to solve this one) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Followed John's book, frustrating smbldap-problem
Rolf A. Vaglid wrote: Hi all, Im having a hard time figuring whats wrong with my Samba-ldap setup. I hope somebody may point out the error. Hi, Did you join the Win2k machine? from samba server did you able to get correct id for win2k machine (using "id w2kclint$")? whats the error message in W2k? -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Followed John's book, frustrating smbldap-problem
Hi all, Im having a hard time figuring whats wrong with my Samba-ldap setup. I hope somebody may point out the error. I've set it up according to John H. Terpstra's excellent "Samba 3 by example". This book is also availible from samba.org, and chapter I'm referencing is this: http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html I followed the book character by character, and it seemed to work. I added two test-users, elev1 and elev2 by doing 'smbldap-useradd -m -a elev1; smbldap-passwd elev1; smbpasswd -a elev1'. Everything worked fine. I put elev1 in the 'Domain Admins' group to allow him to add computers to the domain. Worked fine. I tried adding more users, but now something is very wrong. I may have tampered a little, but I have no clue to what's wrong. If I try logging on an Windows 2000 machinge with one of the new users, the logs says nothings wrong, but i still cant log on. Strange "check_ntlm_password: authentication for user [mhervik] -> [mhervik] -> [mhervik] succeeded" If i do a "smbclient //FILSERVER/netlogon -Umhervik", still no error, everything seems to be just fine: tkelev:/tmp/smbldap # smbclient //FILSERVER/netlogon -Umhervik Password: Domain=[ELEV] OS=[Unix] Server=[Samba 3.0.7-5.2-SUSE] smb: \> As you see, authentication works fine, just not on the Win2000-clients. May this have something to do with machine trust accounts? To keep this email as short as possible, I've uploaded the needed log- and conf-files (log-level 4) to http://www.tysvernett.no/smbldap/, please give it a look and I'll buy you a beer if we meet :) Distribution: SuSE 9.2 Clients: Windows 2000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
