[Samba] Winxp / LDAP No account in domain
Neil Marjoram
n.marjoram at adastral.ucl.ac.uk
Mon Aug 16 15:09:07 GMT 2004
Can anyone help - this is driving me up the wall.
I keep getting this error from my LDAP enabled BDC :
[2004/08/16 15:38:12, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
get_md4pw: Workstation ALDEBURGH$: no account in domain
It is the same for all workstations. I have made sure the Sign Or Seal
reg hack is in place. The same client system is OK when not using LDAP
as a password backend.
I have checked the LDAP log output (all 61 pages) and believe there is
nothing abnormal in the output.
User authorisation against LDAP works fine, group mapping is OK.
My latest change is to alter the case in LDAP to uppercase but this has
had no effect.
Here's the output from LDAP for the account above :
dn: uid=aldeburgh$,ou=Computers,dc=adastral,dc=ucl,dc=ac,dc=uk
uidNumber: 5022
sambaDomainName: ADASTRAL
sambaAcctFlags: [W ]
homeDirectory: /dev/null
objectClass: top
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: account
gidNumber: 251
loginShell: /bin/false
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
description: Computer Account
sambaLMPassword: xxx
sambaNTPassword: xxx
sambaPrimaryGroupSID: S-1-5-21-946251905-4084600911-3774255997-1503
sambaSID: S-1-5-21-946251905-4084600911-3774255997-11044
cn: ALDEBURGH$
displayName: ALDEBURGH$
uid: ALDEBURGH$
Heres the global section of the smb.conf :
netbios name = BURY
log file = /var/log/samba/%m.log
load printers = yes
#LDAP
passdb backend = ldapsam:ldap://ldap.adastral.ucl.ac.uk
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
ldap admin dn = cn=xxxxxx,dc=adastral,dc=ucl,dc=ac,dc=uk
ldap suffix = dc=adastral,dc=ucl,dc=ac,dc=uk
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = start tls
ldap passwd sync = yes
#LDAP END
logon drive = H:
logon home = \\%L\%U
logon path = \\%L\%U\profile
logon script = common.bat
obey pam restrictions = yes
pam password change = yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
domain master = no
domain logons = yes
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd %u
case sensitive = yes
wins support = yes
dns proxy = no
writeable = yes
server string = Adastral Park BDC Samba Server
printing = cups
preferred master = Yes
workgroup = adastral
time server = yes
os level = 33
printcap name = /etc/printcap
# security = user
Anybody got any clues ?
Thanks,
Neil.
--
Neil Marjoram.
Systems Manager
University College London
Adastral Park Campus
Martlesham Heath
Ipswich
Suffolk
IP5 3RL
01473 663711
More information about the samba
mailing list