[Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Jan 27 13:06:44 MST 2010
Try using "net ... -U Administrator" instead, since "root" is not by
default a member of the domain admin group. This presumes you have
created the Administrator account in samba, created the "domain admins"
group and setup the approp group mapping for key groups (domain admins,
domain users etc.)
On 01/27/10 14:23, Henrik Dige Semark wrote:
> Dos the PDC have to join the domain also?
>
> When I try to join my PDC to its domain with "net join" I get the
> following error.
>
> Enter root's password:
> Could not connect to server PDC
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
>
>
> The netbios name for my PDC is pdc.semarktest.dk I guess that way it
> tells my that is can't connect to server PDC
> I have checked that pdc is in the name server (nameserver is on 127.0.0.1)
>
> # host pdc
> pdc.semarktest.dk has address 192.168.1.182
>
> Is there something I'm missing?
>
> Log dump from net join command:
>
> # tail -200 /var/log/syslog | grep slapd
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" 2 0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=2 p=3
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text=""
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=3 tag=101 err=32
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>> dnPrettyNormal:<dc=semark-testing,dc=dk>
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<< dnPrettyNormal:<dc=semark-testing,dc=dk>,<dc=semark-testing,dc=dk>
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter: (&(uid=root)(objectClass=sambaSamAccount))
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uid
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: gidNumber
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: homeDirectory
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdLastSet
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdCanChange
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPwdMustChange
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonTime
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogoffTime
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaKickoffTime
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: cn
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sn
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: displayName
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomeDrive
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaHomePath
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonScript
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaProfilePath
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: description
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaUserWorkstations
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaSID
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPrimaryGroupSID
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLMPassword
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaNTPassword
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaDomainName
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: objectClass
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaAcctFlags
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaMungedDial
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordCount
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaBadPasswordTime
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaPasswordHistory
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: sambaLogonHours
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: modifyTimestamp
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: uidNumber
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_search
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_dn2entry("dc=semark-testing,dc=dk")
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: base="dc=semark-testing,dc=dk" (0x00000001) scope=2
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => hdb_dn2idl("dc=semark-testing,dc=dk")
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (objectClass)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940]
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => bdb_equality_candidates (uid)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: => key_read
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b]
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, first=0, last=0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 first=1 last=0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" text=""
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 tag=101 err=0
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for input on id=15
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed errno=0 (Success)
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying conn=15 sd=22 for close
> Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22
>
> ---
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
>
>
> On 26-01-2010 22:42, Dale Schroeder wrote:
>
>> Henrik,
>>
>> I saw that another user wanted you to make sure that the PDC was added
>> to the domain, and he is correct.
>> If it is still not working after adding the PDC to the domain,
>> consider changing the add machine script to this:
>>
>> add machine script = /usr/sbin/smbldap-useradd -i -w '%u'
>>
>> I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
>> is what fixed the issue.
>>
>> Dale
>>
>>
>> On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:
>>
>>> I have a serous problem.
>>>
>>> I have for some time now tried to get an SAMBA based Domain Controller
>>> working.
>>> I have tried with OpenLDAP and tdbsam as backend, but I get the same
>>> error every time.
>>>
>>> I wood prefer to use LDAP as my backend.
>>> I have read tons of how-to SAMBA + LDAP, but non of the seams to work
>>> for my, is there someone that maybe can see what I have done rung in
>>> my config.?
>>>
>>> I have attached my samba conf and LDAP conf.
>>>
>>> Samba is connected to OpenLDAP, and LDAP is running fine.
>>> But when I try to join my Windows XP Pro SP3 I takes about one Min and
>>> it tells my that Username and/or Password maybe rung, ore not existing.
>>>
>>> There is no doubt that Samba and Ldap is talking together (samba have
>>> updated the SID and RID's), cause when I try to join the domain LDAP
>>> is activated, but the return value is somehow disappearing on the way
>>> back to my client
>>>
>>> I have some wireshark dump that I can provide if its necessary.
>>> I can provide LOGS, DUMPS, and everything needed if its necessary.
>>>
>>> System info:
>>> Clean installed Debian Lenny (5.0.3)
>>> Clean installed Samba 3.2.5 + Winbind 3.2.5
>>> Clean installed OpenLDAP 2.4.11 (slapd)
>>> Debian default smbldap-tools (smbldap-populate is working and have
>>> populated LDAP without problems)
>>> if there is something I have forgotten please just ask for it, I'm
>>> close to be desperate.!
>>>
>>> ---
>>> Med Venlig Hilsen / Best regards
>>> Henrik Dige Semark
>>>
>>>
>>>
More information about the samba
mailing list