[Samba] Urgent Please - Samba 3.0.1 - LDAP - WinXP ... has
anyonegot it working???
Sundaram Ramasamy
sun at percipia.com
Mon Jan 5 16:15:51 GMT 2004
You need to change Administrator uid to 0 and gui to 521( Domain Admin).
-SR
>
> I've been trying to have Samba 3.0.1 work as a primary domain controller
> using LDAP as the authentication mechanism.
>
> However I am unable to get any of my Windows XP Pro machine join the
> domain. When prompt for an account with permissions to join the domain
> by the XP client, I give it the Administrator account which is granted
> Full access to the LDAP directory (BTW this is poor security, what is
> the right privilege I should give to the Domain Admin?), but SAMBA still
> responds with a permission denial when trying to open the domain and
> create the machine account.
>
> Here is a log of what happens on the samba server when I attempt the
> join operation.
>
>
> [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2004/01/05 16:20:28, 2] lib/smbldap.c:smbldap_search_suffix(1068)
> smbldap_search_suffix: searching
> for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
> [2004/01/05 16:20:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
> init_sam_from_ldap: Entry found for user: Administrator
> [2004/01/05 16:20:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636)
> ldapsam_search_one_group: searching
> for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))]
> [2004/01/05 16:20:40, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [Administrator] ->
> [Administrator] -> [Administrator] succeeded
> [2004/01/05 16:20:41, 2] smbd/server.c:exit_server(558)
> Closing connections
> [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2004/01/05 16:20:42, 2] lib/smbldap.c:smbldap_search_suffix(1068)
> smbldap_search_suffix: searching
> for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
> [2004/01/05 16:20:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
> init_sam_from_ldap: Entry found for user: Administrator
> [2004/01/05 16:20:52, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636)
> ldapsam_search_one_group: searching
> for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))]
> [2004/01/05 16:20:52, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [Administrator] ->
> [Administrator] -> [Administrator] succeeded
> [2004/01/05 16:20:53, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
> Returning domain sid for domain SOLA ->
> S-1-5-21-238816456-3885207889-2738941293
> [2004/01/05 16:20:53, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
> _samr_open_domain: ACCESS DENIED (requested: 0x00000211)
> [2004/01/05 16:20:53, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
> Returning domain sid for domain SOLA ->
> S-1-5-21-238816456-3885207889-2738941293
> [2004/01/05 16:20:53, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
> _samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
> 0x00000010)
> [2004/01/05 16:20:53, 2] smbd/server.c:exit_server(558)
> Closing connections
>
>
> Does anyone have any suggestion on how to sort this out?
>
> thanks
>
> Davide
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list