Re: [Samba] Problem joining a domain.
On Tue, 2006-03-21 at 10:41 +0100, David Moron wrote: > Hi, > > I've just tried to fix the SID for my domain and actually both have the > same value, but still doesn't work: > > SID for domain PDC-SRV is: S-1-5-21-27105391-1648776033-2601101416 > SID for domain OPENWIRED is: S-1-5-21-27105391-1648776033-2601101416 > > I also want to know the correct syntax for the file smb.conf, i mean, in > the smb logs apears these lines when i try to log from my windows machine: > > [...] > [2005/03/21 10:21:29, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) >Returning domain sid for domain OPENWIRED -> > S-1-5-21-27105391-1648776033-2601101416 > sh: -c: line 0: unexpected EOF while looking for matching `'' > sh: -c: line 1: syntax error: unexpected end of file > [2005/03/21 10:21:29, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) >_samr_create_user: Running the command > `/usr/local/sbin/smbldap-useradd -w 'pc4$' gave 2 > [2005/03/21 10:21:29, 2] smbd/server.c:exit_server(609) >Closing connections > > Those errors are from this line in smb.conf: > > add machine script = /usr/local/sbin/smbldap-useradd -w '%u > > there is a missing ' at the end of the line but when i add it: > > [...] > [2005/03/21 10:29:07, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) >_samr_create_user: Running the command > `/usr/local/sbin/smbldap-useradd -w 'pc4$'' gave 9 > [2005/03/21 10:29:07, 2] smbd/server.c:exit_server(609) >Closing connections > > and if i use " the log is: > > [...] > [2005/03/21 10:33:56, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) >Returning domain sid for domain OPENWIRED -> > S-1-5-21-27105391-1648776033-2601101416 > [2005/03/21 10:33:57, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) >_samr_create_user: Running the command > `/usr/local/sbin/smbldap-useradd -w "pc4$"' gave 9 > [2005/03/21 10:33:57, 2] smbd/server.c:exit_server(609) >Closing connections > > > I think all the problem came from this file, so i would like to know the > correct syntax for it. > > Thank you in advance. first of all...I can't think of a single system that would require unbalanced quotes so it would be either 'value' or "value" Generally the difference in most languages/interpreters is variables inside of single quotes are expanded while those inside double quotes can. >From your explanation, it would appear that you have edited your smbldap configuration file but lost one of the quotation marks inside of the configuration file and thus have created a problem. If you aren't capable of examining the configuration file that you edited, you might want to obtain another copy (hopefully you made a copy of the original before you hacked it). In short - you need to fix your smbldap configuration file. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a domain.
Hi, I've just tried to fix the SID for my domain and actually both have the same value, but still doesn't work: SID for domain PDC-SRV is: S-1-5-21-27105391-1648776033-2601101416 SID for domain OPENWIRED is: S-1-5-21-27105391-1648776033-2601101416 I also want to know the correct syntax for the file smb.conf, i mean, in the smb logs apears these lines when i try to log from my windows machine: [...] [2005/03/21 10:21:29, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain OPENWIRED -> S-1-5-21-27105391-1648776033-2601101416 sh: -c: line 0: unexpected EOF while looking for matching `'' sh: -c: line 1: syntax error: unexpected end of file [2005/03/21 10:21:29, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w 'pc4$' gave 2 [2005/03/21 10:21:29, 2] smbd/server.c:exit_server(609) Closing connections Those errors are from this line in smb.conf: add machine script = /usr/local/sbin/smbldap-useradd -w '%u there is a missing ' at the end of the line but when i add it: [...] [2005/03/21 10:29:07, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w 'pc4$'' gave 9 [2005/03/21 10:29:07, 2] smbd/server.c:exit_server(609) Closing connections and if i use " the log is: [...] [2005/03/21 10:33:56, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain OPENWIRED -> S-1-5-21-27105391-1648776033-2601101416 [2005/03/21 10:33:57, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w "pc4$"' gave 9 [2005/03/21 10:33:57, 2] smbd/server.c:exit_server(609) Closing connections I think all the problem came from this file, so i would like to know the correct syntax for it. Thank you in advance. Craig White escribió: On Mon, 2006-03-20 at 21:24 +0100, David Moron wrote: Hi, I'm running Samba/openLDAP on a FC4 and I'm trying to make it work as a PDC. I installed all the software using yum instead smbldap-tools. I've done all the configuration but, when I try to join a Windows XP Professional named 'pc4' to the domain it fails with "Error joining the domain OPENWIRED. Username not found". And no machine account is created under ou=Computers,dc=openwired,dc=net If I run /usr/local/sbin/smbldap-useradd -w 'pc4$' it works OK. smbd.log at the end. When I start SAMBA it binds OK to the LDAP using the cn=root,dc=openwired,dc=net account and it has all privileges granted in slapd.conf. What's happening Thank you in advance, # net getlocalsid SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 # net getdomainsid SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 SID for domain OPENWIRED is: S-1-5-21-27105391-1648776033-2601101416 presuming that PDC-SRV is the PDC for OPENWIRED DOMAIN, then those should be the same and you need to fix it in LDAP Craig -- David Morón Ruano Coordinador de Proyectos Grupo OpenWired, S.L. Caballero, 87 bajos - 08029 - Barcelona (Spain) Tel (+34) 93/410 75 70 - Fax (+34) 93/419 45 91 www.openwired.net, www.tecnologialinux.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a domain.
On Mon, 2006-03-20 at 21:24 +0100, David Moron wrote: > Hi, > > I'm running Samba/openLDAP on a FC4 and I'm trying to make it work as a > PDC. I installed all the software using yum instead smbldap-tools. > > I've done all the configuration but, when I try to join a Windows XP > Professional named 'pc4' to the domain it fails with "Error joining the > domain OPENWIRED. Username not found". And no machine account is created > under ou=Computers,dc=openwired,dc=net > > If I run /usr/local/sbin/smbldap-useradd -w 'pc4$' it works OK. > > smbd.log at the end. > > When I start SAMBA it binds OK to the LDAP using the > cn=root,dc=openwired,dc=net account and it has all privileges granted in > slapd.conf. > > What's happening > > Thank you in advance, > > # net getlocalsid > SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 > > # net getdomainsid > SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 > SID for domain OPENWIRED is: S-1-5-21-27105391-1648776033-2601101416 presuming that PDC-SRV is the PDC for OPENWIRED DOMAIN, then those should be the same and you need to fix it in LDAP Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining a domain.
Hi, I'm running Samba/openLDAP on a FC4 and I'm trying to make it work as a PDC. I installed all the software using yum instead smbldap-tools. I've done all the configuration but, when I try to join a Windows XP Professional named 'pc4' to the domain it fails with "Error joining the domain OPENWIRED. Username not found". And no machine account is created under ou=Computers,dc=openwired,dc=net If I run /usr/local/sbin/smbldap-useradd -w 'pc4$' it works OK. smbd.log at the end. When I start SAMBA it binds OK to the LDAP using the cn=root,dc=openwired,dc=net account and it has all privileges granted in slapd.conf. What's happening Thank you in advance, # net getlocalsid SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 # net getdomainsid SID for domain PDC-SRV is: S-1-5-21-1518432643-1164322876-3946144605 SID for domain OPENWIRED is: S-1-5-21-27105391-1648776033-2601101416 smd.conf [global] workgroup = OPENWIRED netbios name = PDC-SRV smbd.log: [2005/03/20 21:07:24, 2] smbd/reply.c:reply_special(236) netbios connect: name1=PDC-SRV name2=PC4 [2005/03/20 21:07:24, 2] smbd/reply.c:reply_special(243) netbios connect: local=pdc-srv remote=pc4, name type = 0 [2005/03/20 21:07:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/03/20 21:07:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/03/20 21:07:24, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/20 21:07:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/03/20 21:07:24, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/20 21:07:24, 2] smbd/server.c:exit_server(609) Closing connections [2005/03/20 21:07:24, 2] smbd/reply.c:reply_special(236) netbios connect: name1=PDC-SRV name2=PC4 [2005/03/20 21:07:24, 2] smbd/reply.c:reply_special(243) netbios connect: local=pdc-srv remote=pc4, name type = 0 [2005/03/20 21:07:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/03/20 21:07:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/03/20 21:07:24, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/20 21:07:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/03/20 21:07:24, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/20 21:07:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain OPENWIRED -> S-1-5-21-27105391-1648776033-2601101416 sh: -c: line 0: unexpected EOF while looking for matching `'' sh: -c: line 1: syntax error: unexpected end of file [2005/03/20 21:07:24, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w 'pc4$' gave 2 [2005/03/20 21:07:24, 2] smbd/server.c:exit_server(609) Closing connections -- David Morón Ruano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a domain using ads
Jochen Kaechelin wrote: server: ms 2003 with ads client: debian 3.1/samba 3.0.14 smb.conf: > [snip] krb5.conf: > [snip] "kinit [EMAIL PROTECTED]" works with no error messages. "smbd -b | grep KRB" shows: [snip] "net ads info" shows: [snip] "net ads status -Ujkt" shows: [snip] "net ads join -U jkt" shows: [2005/06/11 11:04:44, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for laptopjkt already exists - modifying old account [2005/06/11 11:04:44, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (laptopjkt): Insufficient access ads_join_realm: Insufficient access what's wrong??? I'm not sure on the actual problem itself, but can you delete `laptopjkt' from the Computers container and try again? Are you sure that the jkt user has add computer priviledges. Can you try with Administrator? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining a domain using ads
server: ms 2003 with ads
client: debian 3.1/samba 3.0.14
smb.conf:
..
[global]
workgroup = SP-GRUPPE
password server = 10.85.117.150
realm = SP-GRUPPE.DE
encrypt passwords = no
server string = %h server (Samba %v)
obey pam restrictions = yes
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = Auto
printcap name = cups
preferred master = no
domain master = no
dns proxy = no
ldap ssl = No
panic action = /usr/share/samba/panic-action %d
invalid users = root
printing = cups
print command =
lpq command =
lprm command =
security = ads
restrict anonymous = no
local master = no
template shell = /bin/bash
winbind uid = 1-2
winbind gid = 1-2
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/ads/%U
max protocol = NT
use spnego = yes
.
.
.
krb5.conf:
[libdefaults]
default_realm = SP-GRUPPE.DE
[realms]
SP-GRUPPE.DE = {
kdc = 10.85.117.150
admin_server = 10.85.117.150
default_domain = SP-GRUPPE.DE
kpasswd_server = 10.85.117.150
}
"kinit [EMAIL PROTECTED]" works with no error messages.
"smbd -b | grep KRB" shows:
HAVE_KRB5_H
HAVE_ADDRTYPE_IN_KRB5_ADDRESS
HAVE_KRB5
HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
HAVE_KRB5_C_ENCTYPE_COMPARE
HAVE_KRB5_ENCRYPT_BLOCK
HAVE_KRB5_ENCRYPT_DATA
HAVE_KRB5_FREE_DATA_CONTENTS
HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS
HAVE_KRB5_FREE_KTYPES
HAVE_KRB5_FREE_UNPARSED_NAME
HAVE_KRB5_GET_PERMITTED_ENCTYPES
HAVE_KRB5_KEYBLOCK_IN_CREDS
HAVE_KRB5_KEYTAB_ENTRY_KEY
HAVE_KRB5_KT_FREE_ENTRY
HAVE_KRB5_LOCATE_KDC
HAVE_KRB5_MK_REQ_EXTENDED
HAVE_KRB5_PRINCIPAL2SALT
HAVE_KRB5_PRINC_COMPONENT
HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
HAVE_KRB5_SET_REAL_TIME
HAVE_KRB5_STRING_TO_KEY
HAVE_KRB5_TKT_ENC_PART2
HAVE_KRB5_USE_ENCTYPE
HAVE_LIBGSSAPI_KRB5
HAVE_LIBKRB5
"net ads info" shows:
LDAP server: 10.85.117.150
LDAP server name: sp-ad01
Realm: SP-GRUPPE.DE
Bind Path: dc=SP-GRUPPE,dc=DE
LDAP port: 389
Server time: Sat, 11 Jun 2005 11:22:45 GMT
KDC server: 10.85.117.150
Server time offset: 22
"net ads status -Ujkt" shows:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: laptopjkt
distinguishedName: CN=laptopjkt,CN=Computers,DC=SP-GRUPPE,DC=DE
instanceType: 4
whenCreated: 20050611063806.0Z
whenChanged: 20050611085635.0Z
uSNCreated: 2705148
uSNChanged: 2705928
name: laptopjkt
objectGUID: 0fbb166e-29a2-4458-928f-e9fa32c2d6b8
userAccountControl: 4096
badPwdCount: 5
codePage: 0
countryCode: 0
badPasswordTime: 127629552317795000
lastLogoff: 0
lastLogon: 127629537953576250
localPolicyFlags: 0
pwdLastSet: 0
primaryGroupID: 515
objectSid: S-1-5-21-854245398-287218729-1801674531-2647
accountExpires: 9223372036854775807
logonCount: 33
sAMAccountName: laptopjkt$
sAMAccountType: 805306369
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=SP-GRUPPE,DC=DE
isCriticalSystemObject: FALSE
mS-DS-CreatorSID:
"net ads join -U jkt" shows:
[2005/06/11 11:04:44, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for laptopjkt already exists -
modifying old account
[2005/06/11 11:04:44, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (laptopjkt):
Insufficient access
ads_join_realm: Insufficient access
what's wrong???
--
_ _ _
__ _(_)___ ___ _ __ ___ ___ | |____| | ___
/ _` | / __/ __| '_ ` _ \ / _ \| '_ \ / _` |/ _ \
| (_| | \__ \__ \ | | | | | (_) | | | || (_| | __/
\__, |_|___/___/_| |_| |_|\___/|_| |_(_)__,_|\___|
|___/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem joining a domain after upgrade
hello, I've upgraded my samba server to samba 3.02. The roaming profiles works fine. But I've got a problem with the workstation accounts. On some machine (not all of them), I can't load any roaming profile. I've got to log localy as administrator and to join manually the domain. Then everything works fine. The matter is that I've got a lot of machine with this problem... is there a way to automatically do this ? The workstation are running Windows2000. And if someone knows why it happends only on some workstation... thanks, Fabrice Tereszkiewicz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Joining a domain
Hi, I've a NT 4 SP6 PDC, i want to join this domain with a Linux Samba server (version 2.2.3a) Here is the GLOBAL of smb.conf: == [global] workgroup = RESSAC netbios name = GABARE server string = Frontal pages Web - Samba Server log file = /var/log/samba/log.%m max log size = 50 log level = 3 hosts allow = 193.55.236. 127. security = domain encrypt passwords = true password server = FREGATE remote announce = 193.55.236.255 dns proxy = no === GABARE is well create on FREGATE as "station server" Trying to join, i receive this message : === [EMAIL PROTECTED] root]# smbpasswd -j RESSAC -D4 added interface ip=193.55.236.130 bcast=193.55.236.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name FREGATE<0x20> getlmhostsent: lmhost entry: 193.55.236.54 FREGATE Connecting to 193.55.236.54 at port 445 error connecting to 193.55.236.54:445 (Connection refused) Connecting to 193.55.236.54 at port 139 resolve_lmhosts: Attempting lmhosts lookup for name FREGATE<0x20> getlmhostsent: lmhost entry: 193.55.236.54 FREGATE Connecting to 193.55.236.54 at port 445 error connecting to 193.55.236.54:445 (Connection refused) Connecting to 193.55.236.54 at port 139 cli_net_req_chal: LSA Request Challenge from FREGATE to GABARE: F41A0E3EFDE773C6 cred_session_key cred_create cli_net_auth2: srv:\\FREGATE acct:GABARE$ sc:2 mc: GABARE chal BCC467572BFF5E20 neg: 1ff cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine FREGATE. Error was : NT_STATUS_ACCESS_DENIED. 2003/03/27 17:50:30 : change_trust_account_password: Failed to change password for domain RESSAC. Unable to join domain RESSAC. === Why does it try to access 445 port? It seems to be a W2000 name service? Any idea? - __ www.eeigm.inpl-nancy.fr __ EEIGM - 6 rue Bastien LEPAGE - 54000 NANCY - FRANCE Phone +33.383.36.83.27 Fax +33.383.36.83.36 _ - This mail sent through IMP: http://horde.org/imp/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
