[Samba] samba with ldap PDC cannot join my windows to domain?

Dale Schroeder dale at BriannasSaladDressing.com
Wed Aug 12 12:17:30 MDT 2009 

Alberto,

You will need a [netlogon] share.

I used these tutorials for my setup, taking the best from both.  I know 
they can work.
I did skip the [profiles] share, as I didn't want roaming profiles.
http://wiki.makethemove.net/index.php?title=LDAP-Samba
https://help.ubuntu.com/community/OpenLDAP-SambaPDC-OrgInfo-Posix

Compare these to what you've done; see if anything was missed.

Dale


Alberto Moreno wrote:
>   Hi people.
>
>   I have been working with samba+ldap = PDC in my test netwwork. I had
> follow the good tutorial: Samba By Example, chapter 5, I had done all
> the test the book say and no issues.
>
>   I have 2 issues:
>
> 1; I cannot see my domain at my windows browser.
> 2; I cannot add my windows xp pro to my domain.
>
>   I have been trying to see if I could find the solution but nothing
> yet, there is the reason I send this email.
>
>   My server is Centos 5.3 latest one all the packages are the current
> from centos.
>
>   Ldap looks that is working, because all my test from the book pass,
> and the same with samba.
>
>   Went I try to add one Winbox to the domain I receive this:
>
>   "The following error occurred attempting to join the domain "MyDomain"
>   "The network path as not found"
>
>   My smb.conf is this:
>
> [global]
>         dos charset = 850
>         unix charset = ISO8859-1
>         display charset = ISO8859-1
>         workgroup = RMAI
>         netbios name = RMAIPDC
>         server string = Samba Server on %L
>         os level = 33
>         remote announce = 192.168.50.255
>         interfaces = eth0,lo
>         bind interfaces only = Yes
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         allow hosts = 192.168.50.0/24 127.0.0.1
>         admin users = Manager @"Domain Admins"
>         passdb backend = ldapsam:ldap://127.0.0.1
>         enable privileges = Yes
>         username map = /etc/samba/smbusers
>         log level = 6
>         syslog = 1
>         log file = /var/log/samba/%m.log
>         max log size = 100
>         smb ports = 139 445
>         name resolve order = wins bcast hosts
>         time server = No
>         #printcap name = CUPS
>         show add printer wizard = No
>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>         delete user script = /usr/sbin/smbldap-userdel "%u"
>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>         #logon script = scripts\logon.bat
>         #logon path = \\%L\profiles\%U
>         #logon drive = X:
>         domain logons = Yes
>         domain master = Yes
>         preferred master = Yes
>         wins support = Yes
>         ##########LDAP###################
>         ldap suffix = dc=rmai,dc=local
>         ldap machine suffix = ou=Computers
>         ldap user suffix = ou=People
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap admin dn = cn=Manager,dc=rmai,dc=local
>         idmap backend = ldap:ldap://127.0.0.1
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         #################################
>         map acl inherit = Yes
>         cups options = ""
>
> [homes]
>         comment = RMAI Home Directories
>         browseable = No
>         writeable = Yes
>         read only = No
>         create mask = 0664
>         browseable = No
>         valid users = %U
>
> [profiles]
>         path = /home/samba/profiles
>         read only = No
>         store dos attributes = Yes
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         writeable = Yes
>         guest ok = No
>
> The stuff I can see at the log files is this:
>
> windows-box.log
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               004c uni_max_len: 0000000c
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               0050 offset     : 00000000
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               0054 uni_str_len: 0000000c
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
>               0058 buffer     : F.A.M.-.C.H.O.R.I.Z.O...
> [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
>       000070 smb_io_chal
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
>           0070 data: 03 a3 f4 30 4b c7 3c 90
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 net_io_r_auth
> [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
>       000000 smb_io_chal
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
>           0000 data: 00 00 00 00 00 00 00 00
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
>       0008 status: NT_STATUS_ACCESS_DENIED
> [2009/08/11 16:40:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
>   api_rpcTNP: called NETLOGON successfully
> [2009/08/11 16:40:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
>   free_pipe_context: destroying talloc pool of size 70
>
> I will increase the debug level and give u more info.
>
> Thanks for your time!!!
>
>

More information about the samba mailing list