[Samba] Samba-2.2.8a & LDAP - Can't join Domain - SID mapping error
PHELPS, SCOTT
SPHELPS at ridgways.com
Sat Jul 12 01:19:23 GMT 2003
Hi everyone,
I am at my wits end and am hoping one of you can help me out.
I am getting the following error when attempting to join Windows XP/2000 machine to the domain:
"The following error occurred attempting to join the domain "MY_DOMAIN"
No mapping between account names and security IDs was done.
Running Gentoo Linux
Samba 2.2.8a
OpenLDAP 2.0.27
I performed the following registry hacks:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
"requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
"requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
I am attempting to join the domain as root.
root was added via smbpasswd -a root
domain admin group = root Was placed in my smb.conf
I set up a fake root user this way in LDAP:
dn: uid=root,ou=People,dc=virginiabeach,dc=net
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaAccount
uidNumber: 0
gidNumber: 0
homeDirectory: /home/root
loginShell: /bin/bash
gecos: root
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
userPassword: {SSHA}GN3hrCs7c8Kgd93df23838hHH
uid: root
pwdLastSet: 1057974221
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 2147483647
pwdMustChange: 2147483647
displayName: root
cn: root
smbHome: \\MY_PDC\homes
homeDrive: Z:
scriptPath: logon.cmd
profilePath: \\MT-PDC\profiles\root
rid: 1000
primaryGroupID: 1001
lmPassword: 639C041927C79D99AAEJKHRJFHKRJKL
ntPassword: 6E1766AB79DDFHGJDHFJJHBJFHBJRHR
acctFlags: [UX ]
The machine name is also in LDAP like this:
dn: uid=MYMACHINE$,ou=Machine,dc=virginiabeach,dc=net
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaAccount
uid: MYMACHINE$
uidNumber: 11014
gidNumber: 11014
homeDirectory: /dev/null
loginShell: /bin/false
gecos: rid96itlaptop windows machine,,,
userPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 2147483647
pwdMustChange: 2147483647
displayName: MYMACHINE$
acctFlags: [W]
rid: 23028
primaryGroupID: 23029
homeDrive: U:
smbHome:
profilePath:
scriptPath: logon.cmd
lmPassword: xxx
ntPassword: xxx
cn: MYMACHINE$
Everything else works, and I am able to log into Linux and a Samba share using a test user authenticating strictly via LDAP.
Any help is greatly appreciated. Otherwise I will have no hair left!
Thanks,
-- Scott Phelps
More information about the samba
mailing list