Re: [Samba] Joining XP clients to a Samba PDC
As far as I can tell I should be able to join the domain with the root account (added with smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F -P root). But all I get for my efforts is an error dialog The following error occurred attempting to join the domain 'BI': The network path was not found. If you're using the stock idealx setup (I believe) that you could be using the Administrator account, make sure that you have the password for that account, change it with smbpasswd if not. Your root user may or may not be set up right, I don't know the syntax of the command off hand. I've set the passwords for Administrator and for root with smbpassword and that doesn't seem to help. Try to change your double quotes to single quotes, I believe that has been known to cause issues. Do you mean the double quotes in the smbldap-useradd command above? Have you set the password for your manager DN? Does your sambaDomain object exist? The sambaDomain object does exist and was created by the idealx setup script I believe. At any rate it shows up in my LDAP tree. From my gui LDAP browser, this is what my directory looks like: World iiw bibleinfo bi #sambaDomain object? * Computers * Groups * Idmap % Manager % NextFreeUnixId * People % Administrator % User1 % User2 . . % nobody % proxyagent % root % user3 . . I'm using JXplorer and the symbols * % above translate to icons as follows: = small round circle (generic object icon I think) * = an icon looking like a cluster or tree of boxes (container for objects?) % = an icon consisting of a little face (user) and a sheet of paper (properties) Grasping at straws a bit here since your log doesn't seem to say anything blatantly obvious. Speaking of logs. I bumped the log level down to 2 and this is what was printed for two consecutive domain joining attempts (one with the root user, and one with the Administrator user) [2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:03:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: root [2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 512 [2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 1000 [2004/12/08 09:03:35, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2004/12/08 09:03:36, 2] smbd/server.c:exit_server(571) Closing connections [2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: Administrator [2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 512 [2004/12/08 09:10:53, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/12/08 09:10:54, 2] smbd/server.c:exit_server(571) Closing connections A log level of 3 gives much more detail, but that's a lot to post here and I don't see anything that jumps out at me error-wise. Would it be a problem with an obscure setting on the XP machine somehow? I've tried disabling Domain member: Digitally encrypt or sign secure channel data (always) as suggested by Chuck, but I still get the same error. (The network path was not found) I presume this is the same as another suggestion I found about changing the registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter s] requiresignorseal=dword: signsecurechannel=dword: So the bottom line is still no luck. Anyone have additional suggestions? -Andrew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining XP clients to a Samba PDC
Hi Andrew, I ran into a couple of XP issues when trying to join my Totalnet Advanced Server (TAS) domain. Though not exactly Samba, this was a change on the XP end and may help. I found that I had to change the local security policy such that Domain member: Digitally encrypt or sign secure channel data (always) had to be disabled. A reboot afterwards is needed. This is found under Control Panel - Performance and Maintenance - Administrative Tools - Local Security Policy - Security Settings - Local Policies - Security Options. I also had to disable the Internet Connection Firewall, at least with non-SP2. SP2 will generally prompt you as to whether to allow programs to get through the firewall. If you are not using domain membership, this may not apply, but it would be good to check into the firewall angle in any case. Chuck At 05:07 PM 12/7/2004, Andrew wrote: Greetings, I've been pulling my hair out on this problem for several days and I'm not really any closer to a solution. I hope someone out there can help me. I'm trying to set up a samba PDC on a Fedora Core 2 box using an LDAP backend (on another server). The base install of everything is working fine. At the unix level LDAP connectivity is configured and working properly for users and groups. I've also installed idealix's smbldap-tools and used their script to configure the ldap directory for SAMBA. As far as I can tell that's all configured and working properly too. I can add users and groups with smbldap-useradd and groupadd tools and they show up in the proper places when I browse the LDAP directory with a gui tool I have. (Note, the SAMBA PDC and the LDAP server are two separate machines) Here's what's installed for samba on my FC2 box: samba-swat-3.0.7-2.FC2 samba-common-3.0.7-2.FC2 samba-client-3.0.7-2.FC2 samba-3.0.7-2.FC2 The relevant portions of my smb.conf file are as follows: # Global parameters [global] netbios name = LUNA workgroup = BI passdb backend = ldapsam:ldap://mercury.bibleinfo.com os level = 35 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\LUNA\profiles\%u logon drive = H: logon home = \\LUNA\%u logon script = logon.cmd ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -a -m %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u server string = Bibleinfo.com file server log file = /var/log/samba/%m.log log level = 10 max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap dns proxy = No ldap suffix = dc=bibleinfo,dc=iiw ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=Manager,dc=bibleinfo,dc=iiw ldap ssl = start tls ldap passwd sync = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 [netlogon] path = /var/lib/samba/netlogon snip As far as I can tell I should be able to join the domain with the root account (added with smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F -P root). But all I get for my efforts is an error dialog The following error occurred attempting to join the domain 'BI': The network path was not found. The log of this attempt server side is as follows: [EMAIL PROTECTED] samba]# cat 10.10.10.153.log [2004/12/07 17:02:59, 6] param/loadparm.c:lp_file_list_changed(2684) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Tue Dec 7 16:51:08 2004 [2004/12/07 17:02:59, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2004/12/07 17:02:59, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2004/12/07 17:02:59, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2004/12/07 17:02:59, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 12086, global_oplock_port = 32895 [2004/12/07 17:02:59, 4] lib/time.c:get_serverzone(122) Serverzone is 28800 [2004/12/07 17:02:59, 10] lib/smbldap.c:smbldap_idle_fn(1118) ldap connection not idle... [2004/12/07 17:02:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 68 [2004/12/07 17:02:59, 6] smbd/process.c:process_smb(1091) got message type 0x81 of len 0x44 [2004/12/07 17:02:59, 3] smbd/process.c:process_smb(1092) Transaction 0 of length 72 [2004/12/07 17:02:59, 2]
Re: [Samba] Joining XP clients to a Samba PDC
As far as I can tell I should be able to join the domain with the root account (added with smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F -P root). But all I get for my efforts is an error dialog The following error occurred attempting to join the domain 'BI': The network path was not found. If you're using the stock idealx setup (I believe) that you could be using the Administrator account, make sure that you have the password for that account, change it with smbpasswd if not. Your root user may or may not be set up right, I don't know the syntax of the command off hand. Try to change your double quotes to single quotes, I believe that has been known to cause issues. Have you set the password for your manager DN? Does your sambaDomain object exist? Grasping at straws a bit here since your log doesn't seem to say anything blatantly obvious. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
