[Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain
Hi all, I recently migrated my Samba 2.2.8 network to 3.0.2 and the new Samba LDAP schema. Everything is working great so far. In my old config I didn't have any member workstations because I had only recently upgraded from a much older version and that version didn't support Windows 2000/XP. Now I want to get back to user profiles and login scripts. I have tried to join the domain from a Windows 2000 workstation and no matter what user ID and password I enter I'm getting Unknown User ID or Wrong Password. I know the accounts I'm using exist and I'm using the right passwords. I've searched around and I can't find anything that relates to my problem. Any help would be appreciated. Norm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain
Well, the log shows that I'm getting an Access Denied on the SAMR_OPEN_DOMAIN rpc... does that point anyone to my problem? 2004/02/17 09:36:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(251) [2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3107105797-2022331017-1334135658-18780 se_access_check: also S-1-5-21-3107105797-2022331017-1334135658-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1441 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-512 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-513 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1207 [2004/02/17 09:36:47, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Edmunds Sent: Tuesday, February 17, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain On Tue, 17 Feb 2004 09:13:54 -0400 Norm Dressler [EMAIL PROTECTED] wrote: Now I want to get back to user profiles and login scripts. I have tried to join the domain from a Windows 2000 workstation and no matter what user ID and password I enter I'm getting Unknown User ID or Wrong Password. I know the accounts I'm using exist and I'm using the right passwords. Increase the logging setting in smb.conf, and check the logs. I had the same problem recently, and found a rogue invalid users = root in smb.conf. Simple, but I wasted a couple of hours on it. Keith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain
A further follow-up -- Part of my problem was the the Administrator user did not have a GIDNumber of 200 (Domain Admins). The workstation is now being added to my LDAP but then I'm getting an error The user name could not be found. [2004/02/17 11:01:07, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2229) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false vmw-win2000$' gave 0 Any help would be appreciated. Norm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Norm Dressler Sent: Tuesday, February 17, 2004 8:50 AM To: [EMAIL PROTECTED] Subject: FW: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain Well, the log shows that I'm getting an Access Denied on the SAMR_OPEN_DOMAIN rpc... does that point anyone to my problem? 2004/02/17 09:36:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(251) [2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3107105797-2022331017-1334135658-18780 se_access_check: also S-1-5-21-3107105797-2022331017-1334135658-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1441 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-512 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-513 se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1207 [2004/02/17 09:36:47, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Edmunds Sent: Tuesday, February 17, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain On Tue, 17 Feb 2004 09:13:54 -0400 Norm Dressler [EMAIL PROTECTED] wrote: Now I want to get back to user profiles and login scripts. I have tried to join the domain from a Windows 2000 workstation and no matter what user ID and password I enter I'm getting Unknown User ID or Wrong Password. I know the accounts I'm using exist and I'm using the right passwords. Increase the logging setting in smb.conf, and check the logs. I had the same problem recently, and found a rogue invalid users = root in smb.conf. Simple, but I wasted a couple of hours on it. Keith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain
On Wed, 2004-02-18 at 02:04, Norm Dressler wrote: A further follow-up -- Part of my problem was the the Administrator user did not have a GIDNumber of 200 (Domain Admins). For LDAP stuff, the uidnumber should be 0. All LDAP operations have to be as root, until we get proper access controls... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba