AW: Add Machine to Domain failed using NT4SP6-Wrk

A. Pohl pohl at vegu.de
Thu Mar 30 13:54:23 GMT 2006 

> Andreas,
>
> We've successfully used NT4SP6 with Samba 3.0.21c.  As far as your
> error goes, are you able to add non-NT4 machines to the domain?

Yes, I'm able to add WinXP machines without problems to the domain.
But NT4 doesn't work.

> We had an issue where non-root users were not able to join the machines
> to the domain, but then again, I think we may have precreated the
> machine account for the NT4 boxes.  Have you tried to create
> the LDAP
> account for the NT4 machine yet prior to adding it to the domain?

If Samba found the account (objectclass=sambaSamAccount) in LDAP, I get an error that the
machine already in domain and I should contact my admin.

Should I contact you ? ;-)

Nevertheless, the "smbldap-useradd -w "-Skript creates only the posix-stuff und WinXP/Samba
seems to complete the sambaSamAccount stuff when I add the machine to LDAP.
With NT4 samba logs the error
Failed to modify user dn= uid=testus$,ou=Computers,dc=IM
Uede,dc=de with: No such attribute
        modify/delete: sambaPrimaryGroupSID: no such value

and seems to run smbldap-usermod before this error. But WinXP doesn't this.

I'm confused. Sorry

Thanks,

Andreas Pohl


>
> Thanks,
>
> Joshua Preston.
> --
>
> The knack of flying is learning how to throw yourself at the ground
> and miss.
>
> --Hitchhikers Guide to the Galaxy
>
>
> Joshua Preston
> joshua at prestoncentral.com
>
>
>
> On Mar 30, 2006, at 2:41 AM, A. Pohl wrote:
>
> > Hi all,
> >
> > I'm testing Samba3.0.21c with OpenLDAP/IDEALX-Scripts. When
> I add a
> > WinNT4 machine to the domain I get an error "The computer
> > account doesn't exists...". The same with a WinXP machine has no
> > problems.
> > Here is a piece of client-log:
> >
> > for NT4:
> > [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> >   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> > [2006/03/30 09:26:36, 3] smbd/uid.c:push_conn_ctx(393)
> >   push_conn_ctx(100) : conn_ctx_stack_ndx = 1
> > [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> >   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> > [2006/03/30 09:26:36, 5] auth/auth_util.c:debug_nt_user_token(433)
> >   NT user token: (NULL)
> > [2006/03/30 09:26:36, 5] auth/auth_util.c:debug_unix_user_token(454)
> >   UNIX token of user 0
> >   Primary group is 0 and contains 0 supplementary groups
> > [2006/03/30 09:26:36, 5] lib/smbldap.c:smbldap_search_ext(1099)
> >   smbldap_search_ext: base => [ou=Groups,dc=IMUede,dc=de], filter
> > => [(&(objectC
> > lass=sambaGroupMapping)
> > (sambaSID=S-1-5-21-2134219367-4279175790-25907577-513))],
> >  scope => [2]
> > [2006/03/30 09:26:36, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2202)
> >   init_group_from_ldap: Entry found for group: 513
> > [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> > [2006/03/30 09:26:37, 3]
> groupdb/mapping.c:smb_set_primary_group(1041)
> >   smb_set_primary_group: Running the command `/opt/IDEALX/sbin/
> > smbldap-usermod -
> > g "Domain Users" "testus$"' gave 0
> > [2006/03/30 09:26:37, 4] passdb/
> > pdb_ldap.c:ldapsam_update_sam_account(1846)
> >   ldapsam_update_sam_account: user testus$ to be modified has dn:
> > uid=testus$,ou
> > =Computers,dc=IMUede,dc=de
> > [2006/03/30 09:26:37, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
> >   init_ldap_from_sam: Setting entry for user: testus$
> > [2006/03/30 09:26:37, 5] lib/smbldap.c:smbldap_modify(1273)
> >   smbldap_modify: dn => [uid=testus$,ou=Computers,dc=IMUede,dc=de]
> > [2006/03/30 09:26:37, 1]
> passdb/pdb_ldap.c:ldapsam_modify_entry(1648)
> >   ldapsam_modify_entry: Failed to modify user dn= uid=testus
> > $,ou=Computers,dc=IM
> > Uede,dc=de with: No such attribute
> >         modify/delete: sambaPrimaryGroupSID: no such value
> > [2006/03/30 09:26:37, 0] passdb/
> > pdb_ldap.c:ldapsam_update_sam_account(1873)
> >   ldapsam_update_sam_account: failed to modify user with uid =
> > testus$, error: m
> > odify/delete: sambaPrimaryGroupSID: no such value (Success)
> > [2006/03/30 09:26:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_debug(84)
> >   000000 samr_io_r_set_userinfo
> > [2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)
> >       0000 status: NT_STATUS_ACCESS_DENIED
> > [2006/03/30 09:26:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277)
> >   api_rpcTNP: called samr successfully
> >
> >
> > the same with WinXP:
> >
> > [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
> >   UNIX token of user 0
> >   Primary group is 0 and contains 0 supplementary groups
> > [2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_search_ext(1099)
> >   smbldap_search_ext: base => [dc=IMUede,dc=de], filter => [(&
> > (sambaSID=S-1-5-21
> > -2134219367-4279175790-25907577-3066)
> > (objectclass=sambaSamAccount))], scope => [
> > 2]
> > [2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> >   init_sam_from_ldap: Entry found for user: testus1$
> > [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [2006/03/29 16:16:06, 5]
> rpc_server/srv_samr_nt.c:_samr_set_userinfo
> > (3258)
> >   _samr_set_userinfo:  does possess sufficient rights
> > [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> >   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> > [2006/03/29 16:16:06, 3] smbd/uid.c:push_conn_ctx(393)
> >   push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> > [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> >   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> > [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_nt_user_token(433)
> >   NT user token: (NULL)
> > [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
> >   UNIX token of user 0
> >   Primary group is 0 and contains 0 supplementary groups
> > [2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23
> > (3079)
> >   Attempting administrator password change (level 23) for user
> > testus1$
> > [2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23
> > (3099)
> >   Changing trust account or non-unix-user password, not updating /
> > etc/passwd
> > [2006/03/29 16:16:06, 4] passdb/
> > pdb_ldap.c:ldapsam_update_sam_account(1846)
> >   ldapsam_update_sam_account: user testus1$ to be modified has dn:
> > uid=testus1$,
> > ou=Computers,dc=IMUede,dc=de
> > [2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
> >   init_ldap_from_sam: Setting entry for user: testus1$
> > [2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_modify(1273)
> >   smbldap_modify: dn => [uid=testus1$,ou=Computers,dc=IMUede,dc=de]
> > [2006/03/29 16:16:06, 2] passdb/
> > pdb_ldap.c:ldapsam_update_sam_account(1879)
> >   ldapsam_update_sam_account: successfully modified uid = testus1$
> > in the LDAP d
> > atabase
> > [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
> >   000000 samr_io_r_set_userinfo
> > [2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)
> >
> > Can someone test it against NT4? What is wrong? Is it
> impossible to
> > use NT4 with Samba3?
> >
> > Thanks,
> >
> > Andreas Pohl
> > pohl at vegu.de
> > --------------------------------------------------
> > INTERMET Ueckermünde
> > D-17373 Ueckermünde, Eggesiner Str. 11
> > Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210
> >
>

More information about the samba-technical mailing list