[Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11
Henrik Dige Semark
hds at semark.dk
Wed Jan 27 14:16:35 MST 2010
I have remembered to run smbpassd -W, and I still get the same error
when I try with -S pdc on net join command.
I can see that LDAP is activated, and that samba is doing something, but
it seams like the answer is disappear on the way back.
Samba have initialised my LDAP with its SID and RID's, when it can do
this way is it not possible to lookup users?
Is it necessary to join my PDC to its own domain btw.? cause the new
server here is going to be PDC and replace my old Win2k DC (its not a
member it a separate test-domain)
---
Med Venlig Hilsen / Best regards
Henrik Dige Semark
On 27-01-2010 21:56, Dale Schroeder wrote:
> Did you remember to run "smbpasswd -W"?
>
> Sometimes you have to add the -S switch for the join to work.
> net rpc join -S pdc -U root
>
> Dale
>
>
> On 01/27/2010 2:33 PM, Henrik Dige Semark wrote:
>> I have just tried with "net join -U Admin" and I get the same error as
>> before.
>>
>> # net join -U Admin
>> Enter admin's password:
>> Could not connect to server PDC
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> Ldap search for Admin:
>>
>> # ldapsearch -x -h 127.0.0.1 -p 389
>>
>> # Admin, Users, semark-testing.dk
>> dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk
>> cn: Admin
>> sn: Admin
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: sambaSamAccount
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> gidNumber: 0
>> uid: Admin
>> uidNumber: 0
>> homeDirectory: /home/Admin
>> sambaLogonTime: 0
>> sambaLogoffTime: 2147483647
>> sambaKickoffTime: 2147483647
>> sambaPwdCanChange: 0
>> sambaHomePath: \\192.168.1.182\Admin
>> sambaHomeDrive: H:
>> sambaProfilePath: \\192.168.1.182\profiles\Admin
>> sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512
>> sambaSID: S-1-5-21-860714184-2299130787-2886737959-500
>> loginShell: /bin/false
>> gecos: Netbios Domain Administrator
>> sambaLMPassword: my-pass
>> sambaAcctFlags: [U]
>> sambaNTPassword: my-pass
>> sambaPwdLastSet: 1264374249
>> sambaPwdMustChange: 1268262249
>> shadowMax: 45
>>
>> Log dump from net join command:
>>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got
>> connid=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22):
>> checking for input on id=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>>
>> dnPrettyNormal:<dc=semark-testing,dc=dk>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<<
>> dnPrettyNormal:<dc=semark-testing,dc=dk>,<dc=semark-testing,dc=dk>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH
>> "dc=semark-testing,dc=dk" 2 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter:
>> (&(uid=admin)(objectClass=sambaSamAccount))
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uid
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: gidNumber
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: homeDirectory
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdLastSet
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdCanChange
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPwdMustChange
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonTime
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogoffTime
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaKickoffTime
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: cn
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sn
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: displayName
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomeDrive
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaHomePath
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonScript
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaProfilePath
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: description
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaUserWorkstations
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaSID
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLMPassword
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaNTPassword
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaDomainName
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: objectClass
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaAcctFlags
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMungedDial
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordCount
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaBadPasswordTime
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaPasswordHistory
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLogonHours
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: modifyTimestamp
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: uidNumber
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> bdb_dn2entry("dc=semark-testing,dc=dk")
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: search_candidates:
>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: =>
>> hdb_dn2idl("dc=semark-testing,dc=dk")
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [b49d1940]
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>> (-30990)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=0, first=0, last=0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (uid)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [f67dad88]
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 1
>> candidates
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=1, first=6, last=6
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [f937ce0f]
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= bdb_index_read 3
>> candidates
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=3, first=6, last=18
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: bdb_search_candidates:
>> id=1 first=6 last=6
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry:
>> conn 22 dn="uid=Admin,ou=Users,dc=semark-testing,dc=dk"
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry:
>> conn 22 exit.
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result:
>> conn=22 op=3 p=3
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>> matched="" text=""
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response:
>> msgid=4 tag=101 err=0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got
>> connid=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22):
>> checking for input on id=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=4 do_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>>
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<<
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaMaxPwdAge
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base:
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry:
>> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk"
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry:
>> conn 22 exit.
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result:
>> conn=22 op=4 p=3
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>> matched="" text=""
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response:
>> msgid=5 tag=101 err=0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got
>> connid=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22):
>> checking for input on id=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=5 do_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:>>>
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<<<
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 0 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter: (objectClass=*)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: sambaLockoutThreshold
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => hdb_search
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:
>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: base_candidates: base:
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" (0x00000011)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: => send_search_entry:
>> conn 22 dn="sambaDomainName=semarktest,dc=semark-testing,dc=dk"
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]:<= send_search_entry:
>> conn 22 exit.
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result:
>> conn=22 op=5 p=3
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>> matched="" text=""
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: send_ldap_response:
>> msgid=6 tag=101 err=0
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got
>> connid=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22):
>> checking for input on id=22
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: ber_get_next on fd 22
>> failed errno=0 (Success)
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_closing:
>> readying conn=22 sd=22 for close
>> Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_close:
>> conn=22 sd=22
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_get(14): got
>> connid=5
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: connection_read(14):
>> checking for input on id=5
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: conn=5 op=1145 do_search
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:>>>
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<<<
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: SRCH
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: 0 15 0
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: filter:
>> (objectClass=sambaTrustedDomainPassword)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: attrs:
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaDomainName
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: sambaSID
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => hdb_search
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:
>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: search_candidates:
>> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk"
>> (0x00000011) scope=2
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: =>
>> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [b49d1940]
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>> (-30990)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=0, first=0, last=0
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [633a0e9d]
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>> (-30990)
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=0, first=0, last=0
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: bdb_search_candidates:
>> id=0 first=17 last=0
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: hdb_search: no candidates
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: conn=5
>> op=1145 p=3
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>> matched="" text=""
>> Jan 27 21:31:41 hds-debian-virt slapd[1868]: send_ldap_response:
>> msgid=1146 tag=101 err=0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_get(14): got
>> connid=5
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: connection_read(14):
>> checking for input on id=5
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: conn=5 op=1146 do_search
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:>>>
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<<<
>> dnPrettyNormal:<sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: SRCH
>> "sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: 0 15 0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: filter:
>> (objectClass=sambaTrustedDomainPassword)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: attrs:
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaDomainName
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: sambaSID
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => hdb_search
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:
>> bdb_dn2entry("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: search_candidates:
>> base="sambaDomainName=semarktest,dc=semark-testing,dc=dk"
>> (0x00000011) scope=2
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: =>
>> hdb_dn2idl("sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [b49d1940]
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>> (-30990)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=0, first=0, last=0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: =>
>> bdb_equality_candidates (objectClass)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: => key_read
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>> [633a0e9d]
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>> (-30990)
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]:<=
>> bdb_equality_candidates: id=0, first=0, last=0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates:
>> id=0 first=17 last=0
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5
>> op=1146 p=3
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>> matched="" text=""
>> Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response:
>> msgid=1147 tag=101 err=0
>>
>> ---
>> Med Venlig Hilsen / Best regards
>> Henrik Dige Semark
>>
>>
>> On 27-01-2010 21:06, Gaiseric Vandal wrote:
>>
>>> Try using "net ... -U Administrator" instead, since "root" is not
>>> by default a member of the domain admin group. This presumes you have
>>> created the Administrator account in samba, created the "domain
>>> admins" group and setup the approp group mapping for key groups
>>> (domain admins, domain users etc.)
>>>
>>>
>>>
>>>
>>> On 01/27/10 14:23, Henrik Dige Semark wrote:
>>>
>>>> Dos the PDC have to join the domain also?
>>>>
>>>> When I try to join my PDC to its domain with "net join" I get the
>>>> following error.
>>>>
>>>> Enter root's password:
>>>> Could not connect to server PDC
>>>> The username or password was not correct.
>>>> Connection failed: NT_STATUS_LOGON_FAILURE
>>>>
>>>>
>>>> The netbios name for my PDC is pdc.semarktest.dk I guess that way it
>>>> tells my that is can't connect to server PDC
>>>> I have checked that pdc is in the name server (nameserver is on
>>>> 127.0.0.1)
>>>>
>>>> # host pdc
>>>> pdc.semarktest.dk has address 192.168.1.182
>>>>
>>>> Is there something I'm missing?
>>>>
>>>> Log dump from net join command:
>>>>
>>>> # tail -200 /var/log/syslog | grep slapd
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
>>>> connid=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
>>>> checking for input on id=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>>
>>>> dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>>>
>>>>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<<
>>>> dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
>>>>
>>>>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH
>>>> "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk"
>>>>
>>>> 2 0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter:
>>>> (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))
>>>>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
>>>> bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>>>>
>>>>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>
>>>> hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
>>>>
>>>>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed:
>>>> DB_NOTFOUND: No matching key/data pair found (-30990)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result:
>>>> conn=15 op=2 p=3
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10
>>>> matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text=""
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response:
>>>> msgid=3 tag=101 err=32
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
>>>> connid=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
>>>> checking for input on id=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>>
>>>> dnPrettyNormal:<dc=semark-testing,dc=dk>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<<
>>>> dnPrettyNormal:<dc=semark-testing,dc=dk>,<dc=semark-testing,dc=dk>
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH
>>>> "dc=semark-testing,dc=dk" 2 0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter:
>>>> (&(uid=root)(objectClass=sambaSamAccount))
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
>>>> bdb_dn2entry("dc=semark-testing,dc=dk")
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates:
>>>> base="dc=semark-testing,dc=dk" (0x00000001) scope=2
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>
>>>> hdb_dn2idl("dc=semark-testing,dc=dk")
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>
>>>> bdb_equality_candidates (objectClass)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>>>> [b49d1940]
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>>>> (-30990)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<=
>>>> bdb_equality_candidates: id=0, first=0, last=0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>
>>>> bdb_equality_candidates (uid)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key:
>>>> [15f2129b]
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed
>>>> (-30990)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<=
>>>> bdb_equality_candidates: id=0, first=0, last=0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates:
>>>> id=0 first=1 last=0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result:
>>>> conn=15 op=3 p=3
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0
>>>> matched="" text=""
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response:
>>>> msgid=4 tag=101 err=0
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
>>>> connid=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
>>>> checking for input on id=15
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22
>>>> failed errno=0 (Success)
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing:
>>>> readying conn=15 sd=22 for close
>>>> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close:
>>>> conn=15 sd=22
>>>>
>>>> ---
>>>> Med Venlig Hilsen / Best regards
>>>> Henrik Dige Semark
>>>>
>>>>
>>>> On 26-01-2010 22:42, Dale Schroeder wrote:
>>>>
>>>>
>>>>> Henrik,
>>>>>
>>>>> I saw that another user wanted you to make sure that the PDC was
>>>>> added
>>>>> to the domain, and he is correct.
>>>>> If it is still not working after adding the PDC to the domain,
>>>>> consider changing the add machine script to this:
>>>>>
>>>>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u'
>>>>>
>>>>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
>>>>> is what fixed the issue.
>>>>>
>>>>> Dale
>>>>>
>>>>>
>>>>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:
>>>>>
>>>>>
>>>>>> I have a serous problem.
>>>>>>
>>>>>> I have for some time now tried to get an SAMBA based Domain
>>>>>> Controller
>>>>>> working.
>>>>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same
>>>>>> error every time.
>>>>>>
>>>>>> I wood prefer to use LDAP as my backend.
>>>>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to
>>>>>> work
>>>>>> for my, is there someone that maybe can see what I have done rung in
>>>>>> my config.?
>>>>>>
>>>>>> I have attached my samba conf and LDAP conf.
>>>>>>
>>>>>> Samba is connected to OpenLDAP, and LDAP is running fine.
>>>>>> But when I try to join my Windows XP Pro SP3 I takes about one
>>>>>> Min and
>>>>>> it tells my that Username and/or Password maybe rung, ore not
>>>>>> existing.
>>>>>>
>>>>>> There is no doubt that Samba and Ldap is talking together (samba
>>>>>> have
>>>>>> updated the SID and RID's), cause when I try to join the domain LDAP
>>>>>> is activated, but the return value is somehow disappearing on the
>>>>>> way
>>>>>> back to my client
>>>>>>
>>>>>> I have some wireshark dump that I can provide if its necessary.
>>>>>> I can provide LOGS, DUMPS, and everything needed if its necessary.
>>>>>>
>>>>>> System info:
>>>>>> Clean installed Debian Lenny (5.0.3)
>>>>>> Clean installed Samba 3.2.5 + Winbind 3.2.5
>>>>>> Clean installed OpenLDAP 2.4.11 (slapd)
>>>>>> Debian default smbldap-tools (smbldap-populate is working and have
>>>>>> populated LDAP without problems)
>>>>>> if there is something I have forgotten please just ask for it, I'm
>>>>>> close to be desperate.!
>>>>>>
>>>>>> ---
>>>>>> Med Venlig Hilsen / Best regards
>>>>>> Henrik Dige Semark
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>
>>
More information about the samba
mailing list