[Samba] Samba-2.2.8a /LDAP can't join domain
PHELPS, SCOTT
SPHELPS at ridgways.com
Sun Jul 13 07:18:44 GMT 2003
On Sat, 2003-07-12 at 01:43, Chee Wai Yeung wrote:
Hi,
>
> have you checked your smb logs? Is the smbd talking to
> your ldap server as a start? Also try to check your
> ldap logs to see if any searches were made to your
> ldap server when the join took place. smbd should be
> searching for something in the line of
>
> (&(uid=MYMACHINE$)(objectclass=sambaAccount))
>
> Hope this can help your troubleshooting.
>
> (PS: your LDIF entries looked ok)
>
> Chee Wai
>
Hooooorahhhh! I got it working! Although with one bug which I will list at the bottom of this email.
I am posting how I fixed this for everyone in the future who runs into this problem.
First I recompiled OpenLDAP with the --include-debug option (It won't log jack unless you do!) And set up slapd.conf to loglevel = -1.
It's also a good idea to configure syslog to dump this to it's own file because it uses /var/log/messages by default.
Second I started Samba and Slapd up and tried to join my new domain from a Windows XP laptop.
Here's the (pertinent) output from my slapd.log.... sorry it's so long.
I'll continue at the bottom......
Jul 12 16:43:29 localhost slapd[11546]: ====> cache_find_entry_id( 8 ) "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" (found) (1 tries)
Jul 12 16:43:29 localhost slapd[11546]: <= id2entry_r( 8 ) 0x80e96f8 (cache)
Jul 12 16:43:29 localhost slapd[11546]: => test_filter
Jul 12 16:43:29 localhost slapd[11546]: AND
Jul 12 16:43:29 localhost slapd[11546]: => test_filter_and
Jul 12 16:43:29 localhost slapd[11546]: => test_filter
Jul 12 16:43:29 localhost slapd[11546]: EQUALITY
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: search access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
Jul 12 16:43:29 localhost slapd[11546]: => test_filter
Jul 12 16:43:29 localhost slapd[11546]: EQUALITY
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: search access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "objectClass" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
Jul 12 16:43:29 localhost slapd[11546]: <= test_filter_and 6
Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
Jul 12 16:43:29 localhost slapd[11546]: => send_search_entry: "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net"
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "entry" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "pwdLastSet" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "pwdLastSet" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logoffTime" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logoffTime" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "kickoffTime" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: read access to "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "cn" requested
Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 ENTRY dn="uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net"
Jul 12 16:43:29 localhost slapd[11546]: <= send_search_entry
Jul 12 16:43:29 localhost slapd[11546]: ====> cache_return_entry_r( 8 ): returned (0)
Jul 12 16:43:29 localhost slapd[11500]: daemon: select: listen=6 active_threads=1 tvp=NULL
Jul 12 16:43:29 localhost slapd[11546]: send_ldap_search_result 0::
Jul 12 16:43:29 localhost slapd[11546]: send_ldap_response: msgid=2 tag=101 err=0
Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 SEARCH RESULT tag=101 err=0 text=
Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 descriptors
Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on:
Jul 12 16:43:29 localhost slapd[11500]: 15r
Jul 12 16:43:29 localhost slapd[11500]:
Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 15
Jul 12 16:43:29 localhost slapd[11500]: connection_get(15)
Jul 12 16:43:29 localhost slapd[11500]: connection_get(15): got connid=8
Jul 12 16:43:29 localhost slapd[11500]: connection_read(15): checking for input on id=8
Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
Jul 12 16:43:29 localhost slapd[11543]: do_search
Jul 12 16:43:29 localhost slapd[11543]: SRCH "ou=People,dc=MY_DOMAIN,dc=NET" 2 0
Jul 12 16:43:29 localhost slapd[11543]: 1 0 0
Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
Jul 12 16:43:29 localhost slapd[11543]: AND
Jul 12 16:43:29 localhost slapd[11543]: begin get_filter_list
Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
Jul 12 16:43:29 localhost slapd[11543]: end get_filter_list
Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
Jul 12 16:43:29 localhost slapd[11543]: filter: (&(objectClass=posixAccount)(uid=MY_COMPUTER$))
Jul 12 16:43:29 localhost slapd[11543]: attrs:
Jul 12 16:43:29 localhost slapd[11543]: uid
Jul 12 16:43:29 localhost slapd[11543]: userPassword
Jul 12 16:43:29 localhost slapd[11543]: uidNumber
Jul 12 16:43:29 localhost slapd[11543]: gidNumber
Jul 12 16:43:29 localhost slapd[11543]: cn
Jul 12 16:43:29 localhost slapd[11543]: homeDirectory
Jul 12 16:43:29 localhost slapd[11543]: loginShell
Jul 12 16:43:29 localhost slapd[11543]: gecos
Jul 12 16:43:29 localhost slapd[11543]: description
Jul 12 16:43:29 localhost slapd[11543]: objectClass
Jul 12 16:43:29 localhost slapd[11543]:
Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SRCH base="ou=People,dc=MY_DOMAIN,dc=NET" scope=2 filter="(&(objectClass=posixAccount)(uid=MY_COMPUTER$))"
Jul 12 16:43:29 localhost slapd[11543]: => ldbm_back_search
Jul 12 16:43:29 localhost slapd[11543]: dn2entry_r: dn: "OU=PEOPLE,DC=MY_DOMAIN,DC=NET"
Jul 12 16:43:29 localhost slapd[11543]: => dn2id( "OU=PEOPLE,DC=MY_DOMAIN,DC=NET" )
Jul 12 16:43:29 localhost slapd[11543]: ====> cache_find_entry_dn2id("OU=PEOPLE,DC=MY_DOMAIN,DC=NET"): 3 (1 tries)
Jul 12 16:43:29 localhost slapd[11543]: <= dn2id 3 (in cache)
Jul 12 16:43:29 localhost slapd[11543]: => id2entry_r( 3 )
Jul 12 16:43:29 localhost slapd[11543]: ====> cache_find_entry_id( 3 ) "ou=People,dc=MY_DOMAIN,dc=net" (found) (1 tries)
Jul 12 16:43:29 localhost slapd[11543]: <= id2entry_r( 3 ) 0x80ea280 (cache)
Jul 12 16:43:29 localhost slapd[11543]: search_candidates: base="OU=PEOPLE,DC=MY_DOMAIN,DC=NET" s=2 d=0
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: AND
Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: DN SUBTREE
Jul 12 16:43:29 localhost slapd[11543]: => dn2idl( "@OU=PEOPLE,DC=MY_DOMAIN,DC=NET" )
Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( "dn2id.dbb", 73, 600 )Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 0)
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: OR
Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa1
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( "objectClass.dbb", 73, 600 )
Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3)
Jul 12 16:43:29 localhost slapd[11543]: => key_read
Jul 12 16:43:29 localhost slapd[11543]: <= index_read 0 candidates
Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates NULL
Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 0
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: AND
Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( "objectClass.dbb", 73, 600 )
Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3)
Jul 12 16:43:29 localhost slapd[11543]: => key_read
Jul 12 16:43:29 localhost slapd[11543]: <= index_read 4 candidates
Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 4
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4
Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( "uid.dbb", 73, 600 )
Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 4)
Jul 12 16:43:29 localhost slapd[11543]: => key_read
Jul 12 16:43:29 localhost slapd[11543]: <= index_read 1 candidates
Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 0
Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0
Jul 12 16:43:29 localhost slapd[11500]: daemon: select: listen=6 active_threads=1 tvp=NULL
Jul 12 16:43:29 localhost slapd[11543]: ====> cache_return_entry_r( 3 ): returned (0)
Jul 12 16:43:29 localhost slapd[11543]: ldbm_search: no candidates
Jul 12 16:43:29 localhost slapd[11543]: send_ldap_search_result 0::
Jul 12 16:43:29 localhost slapd[11543]: send_ldap_response: msgid=7 tag=101 err=0
Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SEARCH RESULT tag=101 err=0 text=
Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 descriptors
Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on:
Jul 12 16:43:29 localhost slapd[11500]: 17r
Jul 12 16:43:29 localhost slapd[11500]:
Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 17
Jul 12 16:43:29 localhost slapd[11500]: connection_get(17)
Jul 12 16:43:29 localhost slapd[11500]: connection_get(17): got connid=10
Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): checking for input on id=10
Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 17 failed errno=0 (Success)
Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): input error=-2 id=10, closing.
Jul 12 16:43:29 localhost slapd[11500]: connection_closing: readying conn=10 sd=17 for close
Jul 12 16:43:29 localhost slapd[11500]: connection_close: deferring conn=10 sd=17
Jul 12 16:43:29 localhost slapd[11542]: do_unbind
Jul 12 16:43:29 localhost slapd[11542]: conn=10 op=2 UNBIND
Jul 12 16:43:29 localhost slapd[11542]: connection_resched: attempting closing conn=10 sd=17
Jul 12 16:43:29 localhost slapd[11542]: connection_close: conn=10 sd=17
Jul 12 16:43:29 localhost slapd[11542]: daemon: removing 17
Jul 12 16:43:29 localhost slapd[11542]: conn=-1 fd=17 closed
Well, as you can see, the problem was that Samba was looking for MY_COMPUTER$ in ou=People. So I took MY_COMPUTER$ out of ou=Machines and put it in ou=People. Then when I attempeted to join MY_DOMAIN i got the friendly "Welcome to the MY_DOMAIN Domain!" Yay!
No the issue is this. I want my Machines in there own OU. What piece am I missing here to make Samba work with an Account in Machines only?
My Machine account is in my previous email so here is my /etc/ldap.conf:
# ldap.conf
host 127.0.0.1
base dc=MY_DOMAIN,dc=NET
rootbinddn cn=manager,dc=MY_DOMAIN,dc=NET
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
nss_base_passwd ou=People,dc=MY_DOMAIN,dc=NET?sub
nss_base_shadow ou=People,dc=MY_DOMAIN,dc=NET?sub
nss_base_group ou=Group,dc=MY_DOMAIN,dc=NET?one
P.S. I suspect I need to change shadow, but how? Can somebody explain what one and sub mean and how this ties to nss?
Thanks!
-- Scott Phelps
More information about the samba
mailing list