I receive an "Access is Denied" error after provide the Administrator username and password when trying to join my Samba domain. Has anyone run into this??
---log.smbd--------------------------------------------- [2005/03/14 19:37:19, 2] lib/interface.c:add_interface(79) added interface ip=192.168.2.4 bcast=192.168.2.255 nmask=255.255.255.0 [2005/03/14 19:37:19, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2005/03/14 19:37:19, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/03/14 19:37:19, 2] smbd/server.c:open_sockets_smbd(324) waiting for a connection [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:05, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:05, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:05, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs ------------------------------------------------------------------ ---smb.conf-------------------------------------------------------- [global] workgroup = SRSCORP netbios name = mail1 enable privileges = yes interfaces = 192.168.2.4 username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.srsmanagement.com" # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=samba,ou=DSA,dc=srsmanagement,dc=com ldap suffix = dc=srsmanagement,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users # ldap ssl = start tls ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "% g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /home/public browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0664 -------------------------------------------------------------------------- ---LDAP DATA------------------------------------------------------------ # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (objectclass=*) # requesting: ALL # # srsmanagement.com dn: dc=srsmanagement,dc=com objectClass: dcObject objectClass: organization o: srsmanagement dc: srsmanagement # Users, srsmanagement.com dn: ou=Users,dc=srsmanagement,dc=com objectClass: organizationalUnit ou: Users # Groups, srsmanagement.com dn: ou=Groups,dc=srsmanagement,dc=com objectClass: organizationalUnit ou: Groups # Computers, srsmanagement.com dn: ou=Computers,dc=srsmanagement,dc=com objectClass: organizationalUnit ou: Computers # Idmap, srsmanagement.com dn: ou=Idmap,dc=srsmanagement,dc=com objectClass: organizationalUnit ou: Idmap # SRSCORP, srsmanagement.com dn: sambaDomainName=SRSCORP,dc=srsmanagement,dc=com objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: SRSCORP sambaSID: S-1-5-21-3789725346-2910097175-2107068922 uidNumber: 1000 gidNumber: 1000 # Administrator, Users, srsmanagement.com dn: uid=Administrator,ou=Users,dc=srsmanagement,dc=com cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /tmp sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\mail1\homes\Administrator sambaHomeDrive: H: sambaProfilePath: \\mail1\profiles\Administrator\ sambaPrimaryGroupSID: S-1-5-21-3789725346-2910097175-2107068922-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-3789725346-2910097175-2107068922-2996 loginShell: /bin/false gecos: Netbios Domain Administrator # nobody, Users, srsmanagement.com dn: uid=nobody,ou=Users,dc=srsmanagement,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\mail1\homes\nobody sambaHomeDrive: H: sambaProfilePath: \\mail1\profiles\nobody sambaPrimaryGroupSID: S-1-5-21-3789725346-2910097175-2107068922-514 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-3789725346-2910097175-2107068922-2998 loginShell: /bin/false # Domain Admins, Groups, srsmanagement.com dn: cn=Domain Admins,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-3789725346-2910097175-2107068922-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, Groups, srsmanagement.com dn: cn=Domain Users,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3789725346-2910097175-2107068922-513 sambaGroupType: 2 displayName: Domain Users # Domain Guests, Groups, srsmanagement.com dn: cn=Domain Guests,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3789725346-2910097175-2107068922-514 sambaGroupType: 2 displayName: Domain Guests # Domain Computers, Groups, srsmanagement.com dn: cn=Domain Computers,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-3789725346-2910097175-2107068922-515 sambaGroupType: 2 displayName: Domain Computers # Administrators, Groups, srsmanagement.com dn: cn=Administrators,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators # Print Operators, Groups, srsmanagement.com dn: cn=Print Operators,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators sambaSID: S-1-5-32-550 sambaGroupType: 5 displayName: Print Operators # Backup Operators, Groups, srsmanagement.com dn: cn=Backup Operators,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files sambaSID: S-1-5-32-551 sambaGroupType: 5 displayName: Backup Operators # Replicators, Groups, srsmanagement.com dn: cn=Replicators,ou=Groups,dc=srsmanagement,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicators description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: S-1-5-32-552 sambaGroupType: 5 displayName: Replicators # DSA, srsmanagement.com dn: ou=DSA,dc=srsmanagement,dc=com objectClass: top objectClass: organizationalUnit ou: DSA description: security accounts for LDAP clients # samba, DSA, srsmanagement.com dn: cn=samba,ou=DSA,dc=srsmanagement,dc=com objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject cn: samba userPassword:: e1NNRDV9SjJMbHNJcituY1V4RzFST0ZTS3pNdWpveFd3PQ== # nssldap, DSA, srsmanagement.com dn: cn=nssldap,ou=DSA,dc=srsmanagement,dc=com objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject cn: nssldap userPassword:: e1NNRDV9TzgxZEN6TWlyMC95Yy9SbDRHMkQ5bHZiOTc0PQ== # smbldap-tools, DSA, srsmanagement.com dn: cn=smbldap-tools,ou=DSA,dc=srsmanagement,dc=com objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject cn: smbldap-tools userPassword:: e1NNRDV9TmNDczdJUFgzVGpENXJNS0J4N1YwZSsweGV3PQ== # search result search: 2 result: 0 Success # numResponses: 21 # numEntries: 20 ------------------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba