[Samba] PDC Samba 3+LDAP
Mccrory, Kevin B
kevin.mccrory at eds.com
Fri Mar 18 22:09:05 GMT 2005
I have had issues with joining windows servers to domains that have a -
in the Domain Name. I ran into the same problem when I was creating an
Active Directory Domain and used a - as in opmg-cops.opmg-eds.local. I
had nothing but problems. Changed the domain name to
opmgcops.opmg-eds.local and it worked fine.
When building the Samba PDC/BDC to replace AD I again used a -. The
Linux BDC could join the domain but my Windows 2000 and XP machines were
getting rejected. Took the - out and they joined fine.
My rule of thumb (which I violated this past week) is not to use special
characters in the Windows Domain name. It has caused me problems in the
past.
If its working for you, fantastic. My experience has been to the
contrary. If you're just building things, it should be a fairly easy
task to change the name.
Cheers.....
Kevin B. McCrory
Network Engineer - COPS
US Government Solutions
13600 EDS Drive
Mail stop: A4S-B21
Herndon, VA 20171
* phone: +01-703-733-3255
* mailto:kevin.mccrory at eds.com
* AKO mailto:kevin.mccrory at us.army.mil
-----Original Message-----
From: Prakash Velayutham [mailto:prakash.velayutham at cchmc.org]
Sent: Friday, March 18, 2005 4:11 PM
To: Mccrory, Kevin B
Cc: benjamin.dupuis at armorarena-fr.com; samba at lists.samba.org
Subject: Re: [Samba] PDC Samba 3+LDAP
Hi,
Are you sure about this? Here is my pdbedit -Lv output. Looks like
Windows does accept '-' in the domain name. My windows clients join the
domain just fine, and the users do login to the PDC without any hitches.
Unix username: xxxx
NT username: xxxx
Account Flags: [U ]
User SID: S-1-5-21-709429014-924526411-3950163471-15102
Primary Group SID: S-1-5-21-709429014-924526411-3950163471-513
Full Name: X X - Network User
Home Directory: \\MCPILDAP1\homes\winprofile
HomeDir Drive: Z:
Logon Script: scripts\logon.bat
Profile Path: \\MCPILDAP1\homes\winprofile
Domain: CMC-NT
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Tue, 08 Mar 2005 17:05:12 GMT
Password can change: Tue, 08 Mar 2005 17:05:12 GMT
Password must change: Mon, 18 Jan 2038 22:14:07 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Prakash
Mccrory, Kevin B wrote:
>Domain: ARZUR-NT
> ^
> |
>There's your problem. Get rid of the - in the domain name. Windows
>machines can't handle anything other than alpha-numerics in the Domain
>name.
>
>
>Kevin B. McCrory
>Network Engineer - COPS
>US Government Solutions
>13600 EDS Drive
>Mail stop: A4S-B21
>Herndon, VA 20171
>* phone: +01-703-733-3255
>* mailto:kevin.mccrory at eds.com
>* AKO mailto:kevin.mccrory at us.army.mil
>
>
>
>-----Original Message-----
>From: samba-bounces+kevin.mccrory=eds.com at lists.samba.org
>[mailto:samba-bounces+kevin.mccrory=eds.com at lists.samba.org] On Behalf
>Of benjamin.dupuis at armorarena-fr.com
>Sent: Friday, March 18, 2005 11:14 AM
>To: samba at lists.samba.org
>Subject: [Samba] PDC Samba 3+LDAP
>
>
>Hello all,
>
>I've some problem with my new Samba / Ldap PDC :
>I cannot join the Domain from Windows (XP) computers
>
>Okay, all configuration seem to be okay on the serveur, I can create
>Users,Computers for samba (and unix)
>I put here some config file, if someone can help me, I'm on since 5
>days, it's my first PDC so I use the tutorial from Idealx
>(smbldap-howto)
>
>getent passwd give me local and ldap account (here are the LDAP
>account) ... Administrateur:x:0:512:Netbios Domain
>Administrator:/root:/sbin/nologin
>nobody:x:999:514:nobody:/dev/null:/sbin/nologin
>bdupuis:x:1005:512:Benjamin
>Dupuis:/home/data1/samba/bdupuis:/sbin/nologin
>POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin
>
>POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to
>computer's name?
>
>pdbedit -Lv give me samba accout (here is just the Administrator):
>
>Unix username: Administrateur
>NT username: Administrateur
>Account Flags: [U ]
>User SID: S-1-5-21-3150904180-1303617548-1471141863-1000
>Primary Group SID: S-1-5-21-1911238739-97561441-2706018148-512
>Full Name: Administrateur
>Home Directory: \\PDC-SMB3\homes\Administrator
>HomeDir Drive: X:
>Logon Script: logon.bat
>Profile Path: \\PDC-SMB3\profiles\Administrator\
>Domain: ARZUR-NT
>Account desc:
>Workstations:
>Munged dial:
>Logon time: 0
>Logoff time: Tue, 19 Jan 2038 04:14:07 GMT
>Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT
>Password last set: Fri, 18 Mar 2005 16:15:41 GMT
>Password can change: 0
>Password must change: Sat, 25 Jun 2005 17:15:41 GMT
>Last bad password : 0
>Bad password count : 0
>Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>init_sam_from_ldap: Entry found for user: nobody
>
>Now when I try to join the domain From windows XP,
>I enter username : bdupuis
>password: toto
>domain name : ARZUR-NT
>
>computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also)
>
>User name: Administrateur
>password: toto
>domain name : ARZUR-NT
>
>and I have an error
>
>Log on Samba :
>[2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
>[2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
> init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18
>17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
> init_group_from_ldap: Entry found for group: 512
>[2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [Administrateur] ->
>[Administrateur] -> [Administrateur] succeeded
>[2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575)
> Closing connections
>
>Log on LDAP :
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from
>IP=127.0.0.1:33002 (IP=0.0.0.0:389)
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND
>dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND
>dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0
>text= Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH
>base="dc=arzur,dc=local" scope=2 deref=0
>filter="(&(uid=arzur)(objectClass=sambaSamAccount))"
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH attr=uid
>uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
>sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
>displayName sambaHomeDrive sambaHomePath sambaLogonScript
>sambaProfilePath description sambaUserWorkstations sambaSID
>sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
>objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
>sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
>sambaLogonHours modifyTimestamp
>Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SEARCH RESULT tag=101
>err=0 nentries=0 text=
>Mar 18 17:09:00 mastok slapd[5569]: conn=131 fd=8 closed
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 fd=8 ACCEPT from
>IP=127.0.0.1:33004 (IP=0.0.0.0:389)
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND
>dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND
>dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 RESULT tag=97 err=0
>text= Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH
>base="dc=arzur,dc=local" scope=2 deref=0
>filter="(&(uid=arzur)(objectClass=sambaSamAccount))"
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH attr=uid
>uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
>sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
>displayName sambaHomeDrive sambaHomePath sambaLogonScript
>sambaProfilePath description sambaUserWorkstations sambaSID
>sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
>objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
>sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
>sambaLogonHours modifyTimestamp
>Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SEARCH RESULT tag=101
>err=0 nentries=0 text=
>Mar 18 17:09:11 mastok slapd[5569]: conn=132 fd=8 closed
>
More information about the samba
mailing list