[Samba] cannot login to Samba PDC from win2k

Wed Feb 18 13:32:41 GMT 2004

> I have the following system:
> 
>   - Samba 3 using LDAP backend.
>   - Every old windows user has been inserted in LDAP database.
>   - Samba is configured (or is trying to be) as a PDC.
>   - Win2k is working by now with workgroups, not with domains.
>   
> The idea now is use this new Samba schema for user authentication in the 
> company. From a workstation I changed the workgroup use to domain, and I 
> inserted the one in Samba. It seems to connect to it, but no user can log in
> 
> (wrong username and password), and all of them are already inserted in LDAP.
> 
> Furthermore, whenever a look up in Samba (pdbedit -vL), I can see that all
> the 
> users are accesible by Samba.
> 
> What is the problem?
> 
> I will attach my smb.conf file:
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2004/02/16 15:42:24
> 
> # Global parameters
> [global]
> 	domain master = Yes
> 	preferred master = yes	
> 	local master = yes
> 	domain logons = yes
> 	directory mask = 0770
> 	passdb backend = ldapsam:ldap://localhost:389
> 	logon script = logon.cmd
> 	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
> 	printing = cups
> 	force directory mode = 0770
> 	ldap admin dn = cn=root,dc=my,dc=domain
> 	#logon path = \{}\{}%N\{}profiles\{}%U
> 	#logon path = /var/lib/samaba/netlogon
> 	workgroup = LINUXTEST
> 	os level = 255
> 	create mask = 0770
> 	wins support = true
> 	ldap machine suffix = ou=machines
> 	printcap name = CUPS
> 	#logon home = \{}\{}%N\{}\{}%u\{}winprofile
> 	netbios name = LINUXTEST
> 	force create mode = 0770
> 	ldap group suffix = ou=Groups
> 	ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> 	logon drive = H:
> 	ldap user suffix = ou=People
> 	auto services = homes
> 	time server = Yes
> 	security = user
> 	map to guest = Bad User
> 	socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY 
> SO_SNDBUF=8192
> 	ldap suffix = dc=my,dc=domain
> 	ldap ssl = off
> 	hide unreadable = yes
> 	#hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1
> 	#hosts deny = all
> 	idmap uid = 10000-20000
> 	idmap gid = 10000-20000
> 	idmap backend = ldap:ldap://localhost:389
> 
> [homes]
> 	comment = Home Directories
> 	valid users = %S
> 	read only = No
> 	create mask = 0740
> 	directory mask = 0750
> 	browseable = No
> 
> [printers]
> 	comment = All Printers
> 	path = /var/tmp
> 	create mask = 0600
> 	printable = Yes
> 	browseable = No
> 
> [print$]
> 	comment = Printer Drivers
> 	path = /var/lib/samba/drivers
> 	write list = @ntadmin, root
> 	force group = ntadmin
> 	create mask = 0664
> 	directory mask = 0775
> 
> [supersamba]
> 	user = @ldapusers
> 	path = /usr/local/shares/super
> 	writeable = yes
> 	comment = Samba ist Super
> 	valid users = @ldapusers
> 
> [netlogon]
> 	path = /var/lib/samba/netlogon
> 	write list = root
> 	read only = yes
> 	guest ok = yes
> 	browseable = no
> 
> [profiles]
> 	path = /var/lib/samba/profiles
> 	browseable = no
> 	read only = no
> 	directory mask = 0700
> 	create mask = 0600

I have added the parameter to smb.conf:

[global]
        ldap idmap suffix = ou=idmap

It seems that now winbindd is runned without errors. However, I still cannot 
log in with any user. 

Here I attach the log files, so that someone can help me:

log.winbindd
============

[2004/02/18 14:28:08, 1] nsswitch/winbindd.c:main(842)
  winbindd version 3.0.1 started.
  Copyright The Samba Team 2000-2003
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain LINUXTEST  
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/18 14:29:41, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid
[2004/02/18 14:29:42, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid

log.smbd
========

[2004/02/18 14:28:07, 0] smbd/server.c:main(747)
  smbd version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/02/18 14:28:08, 0] printing/pcap.c:pcap_printer_fn(361)
  Unable to open printcap file CUPS for read!
[2004/02/18 14:28:08, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:28:08, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:29:41, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:29:42, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST

log.nmbd
========

[2004/02/18 14:28:08, 0] nmbd/nmbd.c:main(664)
  Netbios nameserver version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/02/18 14:28:08, 0] nmbd/asyncdns.c:start_async_dns(150)
  started asyncdns process 2539
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
  add_domain_logon_names:
  Attempting to become logon server for workgroup LINUXTEST on subnet 
192.168.1.70
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
  add_domain_logon_names:
  Attempting to become logon server for workgroup LINUXTEST on subnet 
UNICAST_SUBNET
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup LINUXTEST, subnet 
UNICAST_SUBNET.
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
  become_domain_master_browser_wins: querying WINS server from IP 192.168.1.70 
for domain master browser name LINUXTEST<1b> on workgroup LINUXTEST
[2004/02/18 14:28:08, 0] nmbd/nmbd_nameregister.c:register_name_response(130)
  register_name_response: WINS server at IP 192.168.1.70 rejected our name 
registration of LINUXTEST<00> IP 192.168.1.70 with error code 5.
[2004/02/18 14:28:08, 0] nmbd/nmbd_workgroupdb.c:fail_register(210)
  fail_register: Failed to register name LINUXTEST<00> on subnet UNICAST_SUBNET.
[2004/02/18 14:28:08, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(283)
  standard_fail_register: Failed to register/refresh name LINUXTEST<00> on 
subnet UNICAST_SUBNET
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup 
LINUXTEST on subnet UNICAST_SUBNET
[2004/02/18 14:28:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
  *****

  Samba server LINUXTEST is now a domain master browser for workgroup LINUXTEST 
on subnet UNICAST_SUBNET

  *****
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup LINUXTEST on subnet 
192.168.1.70
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
  become_domain_master_browser_bcast: querying subnet 192.168.1.70 for domain 
master browser on workgroup LINUXTEST
[2004/02/18 14:28:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup 
LINUXTEST on subnet 192.168.1.70
[2004/02/18 14:28:16, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
  *****

  Samba server LINUXTEST is now a domain master browser for workgroup LINUXTEST 
on subnet 192.168.1.70

  *****
[2004/02/18 14:28:31, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****

  Samba name server LINUXTEST is now a local master browser for workgroup 
LINUXTEST on subnet 192.168.1.70

  *****
[2004/02/18 14:29:33, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:33, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:40, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x7
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x7

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/