[Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11
Henrik Dige Semark
hds at semark.dk
Wed Jan 27 12:23:15 MST 2010
Dos the PDC have to join the domain also?
When I try to join my PDC to its domain with "net join" I get the
following error.
Enter root's password:
Could not connect to server PDC
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
The netbios name for my PDC is pdc.semarktest.dk I guess that way it
tells my that is can't connect to server PDC
I have checked that pdc is in the name server (nameserver is on 127.0.0.1)
# host pdc
pdc.semarktest.dk has address 192.168.1.182
Is there something I'm missing?
Log dump from net join command:
# tail -200 /var/log/syslog | grep slapd
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: <sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: <sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>, <sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))
Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
Jan 27 20:21:53 hds-debian-virt slapd[1868]:
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=2 p=3
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text=""
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=3 tag=101 err=32
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: >>> dnPrettyNormal: <dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <<< dnPrettyNormal: <dc=semark-testing,dc=dk>, <dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(uid=root)(objectClass=sambaSamAccount))
Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid
Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn
Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath
Jan 27 20:21:53 hds-debian-virt slapd[1868]: description
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName
Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory
Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours
Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]:
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940]
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b]
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: <= bdb_equality_candidates: id=0, first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=1 last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text=""
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying conn=15 sd=22 for close
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22
---
Med Venlig Hilsen / Best regards
Henrik Dige Semark
On 26-01-2010 22:42, Dale Schroeder wrote:
> Henrik,
>
> I saw that another user wanted you to make sure that the PDC was added
> to the domain, and he is correct.
> If it is still not working after adding the PDC to the domain,
> consider changing the add machine script to this:
>
> add machine script = /usr/sbin/smbldap-useradd -i -w '%u'
>
> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
> is what fixed the issue.
>
> Dale
>
>
> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:
>> I have a serous problem.
>>
>> I have for some time now tried to get an SAMBA based Domain Controller
>> working.
>> I have tried with OpenLDAP and tdbsam as backend, but I get the same
>> error every time.
>>
>> I wood prefer to use LDAP as my backend.
>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work
>> for my, is there someone that maybe can see what I have done rung in
>> my config.?
>>
>> I have attached my samba conf and LDAP conf.
>>
>> Samba is connected to OpenLDAP, and LDAP is running fine.
>> But when I try to join my Windows XP Pro SP3 I takes about one Min and
>> it tells my that Username and/or Password maybe rung, ore not existing.
>>
>> There is no doubt that Samba and Ldap is talking together (samba have
>> updated the SID and RID's), cause when I try to join the domain LDAP
>> is activated, but the return value is somehow disappearing on the way
>> back to my client
>>
>> I have some wireshark dump that I can provide if its necessary.
>> I can provide LOGS, DUMPS, and everything needed if its necessary.
>>
>> System info:
>> Clean installed Debian Lenny (5.0.3)
>> Clean installed Samba 3.2.5 + Winbind 3.2.5
>> Clean installed OpenLDAP 2.4.11 (slapd)
>> Debian default smbldap-tools (smbldap-populate is working and have
>> populated LDAP without problems)
>> if there is something I have forgotten please just ask for it, I'm
>> close to be desperate.!
>>
>> ---
>> Med Venlig Hilsen / Best regards
>> Henrik Dige Semark
>>
>>
More information about the samba
mailing list