More Re: LDAP machine lookup
I'm using a Debian woody based system (partially upgraded to 'testing' in order to use tls with ldap), with samba_2.2.7 source built by debian/rules with LDAP turned on, using gcc 3.0.4, libldap2-tls_2.0.23-14, and libldap2_2.0.23-14. I'm setting up PDC service -- when I try to join a windows machine (this is XP) to the domain, I get 'specified user does not exist' on the windows system and the following lines appear in log.smbd (with -d 5): [2002/12/04 11:01:01, 2, pid=22667] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [rid] = [3357] Here the rid of the machine account (3357) is retrieved from the ldap server. Then later, this: [2002/12/04 11:01:01, 5, pid=22667] rpc_server/srv_samr_nt.c:_samr_lookup_names(1191) _samr_lookup_names: looking name on SID S-1-5-21-1231883349-2047018666-1483395064 . . . [2002/12/04 11:01:01, 5, pid=22667] rpc_parse/parse_prs.c:prs_uint32(588) 000c rid[00] : 1e22 (== 7714) . . . [2002/12/04 11:01:01, 5, pid=22667] rpc_parse/parse_prs.c:prs_uint32(588) 0018 user_rid : 1e22 . . . [2002/12/04 11:01:01, 2, pid=22667] passdb/pdb_ldap.c:ldap_search_one_user(262) ldap_search_one_user: searching for:[rid=7714] [2002/12/04 11:01:01, 0, pid=22667] passdb/pdb_ldap.c:pdb_getsampwrid(907) We don't find this rid [7714] count=0 And the join fails. Where is it getting the SID that seems to be related to the incorrect rid? How can I get it working? Thanks. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Debian Linux Taxes feed the starving and clothe the naked. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Debian Linux Taxes feed the starving and clothe the naked.
Re: LDAP machine lookup strangeness
Thanks for the response. It helps focus my search. On Wed, 27 Nov 2002, Ignacio Coupeau wrote: > Don Hayward wrote: > > I don't know whether this is a samba problem, but that's my current > > best guess. > > > > I'm using Debian woody with the upgrades mentioned below. I got the > > samba-2.2.7 source and did the build with debain/rules with the > > addition of the ldapsam flag. I've upgraded my ldap, nss, and pam, > > etc. libraries to 'testing' to use the tls enabled libldap. I'm using > > gcc 3.0.4. > > > > I tested the same scenario but with RH 7.2 and gcc 2.96-81 and can't > reproduce the error. > I added a ws account, joined to the domain, logon, etc. But can't > reproduce the error. The rid is stored and fetched well in/from the ldap. > > Ignacio > -- > > Ignacio Coupeau, Ph.D. [EMAIL PROTECTED] > CTI, Director [EMAIL PROTECTED] > University of Navarra [EMAIL PROTECTED] > Pamplona, SPAINhttp://www.unav.es/cti/ > > Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Debian Linux Taxes feed the starving and clothe the naked.
LDAP machine lookup strangeness
I don't know whether this is a samba problem, but that's my current best guess. I'm using Debian woody with the upgrades mentioned below. I got the samba-2.2.7 source and did the build with debain/rules with the addition of the ldapsam flag. I've upgraded my ldap, nss, and pam, etc. libraries to 'testing' to use the tls enabled libldap. I'm using gcc 3.0.4. I'm setting up PDC service -- when I try to join a windows machine to the domain, I get 'specified user does not exist' on the windows system and the following lines appear in log.smbd: [2002/11/25 10:55:50, 2, pid=19589] passdb/pdb_ldap.c:get_single_attribute(286) get_single_attribute: [rid] = [3357] Here the rid of the machine account (3357) is retrieved from the ldap server. Then below, there seems to be an attempt to verify or requery the directory, but the rid used is exactly twice (left shifted?) the original rid. This query fails and the join fails. [2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_open_connection(123) StartTLS issued: using a TLS connection [2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_open_connection(142) ldap_open_connection: connection opened [2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_connect_system(176) ldap_connect_system: succesful connection to the LDAP server [2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_search_one_user(188) ldap_search_one_user: searching for:[rid=7714] [2002/11/25 10:55:52, 0, pid=19589] passdb/pdb_ldap.c:pdb_getsampwrid(820) We don't find this rid [7714] count=0 The admin account was verified earlier, without problem. Has this been seen? Any help to get around this appreciated. Thanks. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Debian Linux Taxes feed the starving and clothe the naked.
Re: multiple PDCs on one machine?
On Mon, 28 Oct 2002, Roland Bauerschmidt wrote: > > So how does /etc/nsswitch.conf look like (in the chroot)? > I was missing the libnss_*s to make it work. Thanks again. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Debian Linux Taxes feed the starving and clothe the naked.
Re: multiple PDCs on one machine?
On Mon, 28 Oct 2002, Roland Bauerschmidt wrote: > So how does /etc/nsswitch.conf look like (in the chroot)? > > -- The etc/nsswitch.conf in the chroot is: passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis I also tried it with: passwd: files nis and: passwd: files with the same result. Thanks. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Linux,Apache/mod_perl/mod_ssl/eperl,Mysql,DBI/DBD Taxes feed the starving and clothe the naked.
Re: multiple PDCs on one machine?
On Sat, 26 Oct 2002, Roland Bauerschmidt wrote: > 'getent passwd' works correctly in the chroot, right? > No, it doesn't -- it returns null. I also tried a line of perl that uses getpwnam and it failed in the same way. I've also replicated this on another Debian woodie system. Thanks for your response.
multiple PDCs on one machine?
I'm trying to set up multiple PDCs on a single machine using virtual interfaces, after the Solaris PC Netlink model. I'm using a Debian woodie Linux system. I have two copies of smbd/nmbd running, with the second on a virtual interface and doing chroot to isolate the config files, copies of the necessary binaries, etc. Both the domains appear in the browse list of a WXP system I'm using for testing. The native domain works fine, I can join it and log into it. The problem is the virtual if domain can't find valid users. The system is on NIS, and ypmatch can find users under the same chroot as I'm running smbd/nmbd, but when I try to open the domain from windows I get 'You might not have permission to use this network resource' and this in smbd.log: [2002/10/25 17:06:26, 3, pid=13570] smbd/reply.c:reply_sesssetup_and_X(1018) No such user nobody [] - using guest account [2002/10/25 17:06:26, 1, pid=13570] smbd/reply.c:reply_sesssetup_and_X(1052) Username nobody is invalid on this system even though nobody is in the passwd file and it has been replicated into the new root tree. Similarly when I try to join a system to that domain, smbd.log shows: [2002/10/24 19:06:44, 0, pid=10729] passdb/pdb_smbpasswd.c:build_sam_account(1192) build_sam_account: smbpasswd database is corrupt! username don not in unix passwd database! I'd appreciate suggestions regarding how to get the smbd process find authentic users. Thanks. Don Hayward [EMAIL PROTECTED] Mote Marine Laboratory Office: 941.388.4441 Cell: 941.302.4982 1600 Ken Thompson Parkway Fax: 941.388.4312 Sarasota, FL 34236 See: http://www.mote.org Independent, non-profit, marine and estuarine research and education facility. For PGP public key do: http://www.mote.org/~don/donpgp.asc use "DISCLAIMER"; # We run Linux,Apache/mod_perl/mod_ssl/eperl,Mysql,DBI/DBD Taxes feed the starving and clothe the naked.
