[Samba] Samba-2.2.8a /LDAP can't join domain

_Chris McKeever_ tech-mail at prupref.com
Sun Jul 13 18:08:24 GMT 2003 

make sure your ldap.conf is set like this, or it wont go searching the tree:

nss_base_passwd dc=domin,dc=com?sub

> -----Original Message-----
> From: PHELPS, SCOTT [mailto:SPHELPS at ridgways.com]
> Sent: Sunday, July 13, 2003 2:19 AM
> To: 'samba at lists.samba.org'
> Subject: Re: [Samba] Samba-2.2.8a /LDAP can't join domain
> 
> 
> On Sat, 2003-07-12 at 01:43, Chee Wai Yeung wrote:
> Hi,
> > 
> > have you checked your smb logs? Is the smbd talking to
> > your ldap server as a start? Also try to check your
> > ldap logs to see if any searches were made to your
> > ldap server when the join took place. smbd should be
> > searching for something in the line of
> > 
> > (&(uid=MYMACHINE$)(objectclass=sambaAccount))
> > 
> > Hope this can help your troubleshooting.
> > 
> > (PS: your LDIF entries looked ok)
> > 
> > Chee Wai
> > 
> Hooooorahhhh!  I got it working!  Although with one bug which 
> I will list at the bottom of this email.  
> 
> I am posting how I fixed this for everyone in the future who 
> runs into this problem.
> 
> First I recompiled OpenLDAP with the --include-debug option 
> (It won't log jack unless you do!)  And set up slapd.conf to 
> loglevel = -1.
> It's also a good idea to configure syslog to dump this to 
> it's own file because it uses /var/log/messages by default.
> 
> Second I started Samba and Slapd up and tried to join my new 
> domain from a Windows XP laptop.
> 
> Here's the (pertinent) output from my slapd.log.... sorry 
> it's so long.
> I'll continue at the bottom......
> 
> 
> 
> Jul 12 16:43:29 localhost slapd[11546]: ====> 
> cache_find_entry_id( 8 ) 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" (found) (1 tries)
> Jul 12 16:43:29 localhost slapd[11546]: <= id2entry_r( 8 ) 
> 0x80e96f8 (cache)
> Jul 12 16:43:29 localhost slapd[11546]: => test_filter
> Jul 12 16:43:29 localhost slapd[11546]:     AND
> Jul 12 16:43:29 localhost slapd[11546]: => test_filter_and
> Jul 12 16:43:29 localhost slapd[11546]: => test_filter
> Jul 12 16:43:29 localhost slapd[11546]:     EQUALITY
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> search access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
> Jul 12 16:43:29 localhost slapd[11546]: => test_filter
> Jul 12 16:43:29 localhost slapd[11546]:     EQUALITY
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> search access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "objectClass" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
> Jul 12 16:43:29 localhost slapd[11546]: <= test_filter_and 6
> Jul 12 16:43:29 localhost slapd[11546]: <= test_filter 6
> Jul 12 16:43:29 localhost slapd[11546]: => send_search_entry: 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net"
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "entry" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "uid" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "pwdLastSet" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "pwdLastSet" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" 
> requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "logonTime" 
> requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "logoffTime" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "logoffTime" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" 
> "kickoffTime" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: => access_allowed: 
> read access to 
> "uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net" "cn" requested
> Jul 12 16:43:29 localhost slapd[11546]: <= root access granted
> Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 ENTRY 
> dn="uid=MY_COMPUTER$,ou=Machine,dc=MY_DOMAIN,dc=net"
> Jul 12 16:43:29 localhost slapd[11546]: <= send_search_entry
> Jul 12 16:43:29 localhost slapd[11546]: ====> 
> cache_return_entry_r( 8 ): returned (0)
> Jul 12 16:43:29 localhost slapd[11500]: daemon: select: 
> listen=6 active_threads=1 tvp=NULL
> Jul 12 16:43:29 localhost slapd[11546]: send_ldap_search_result 0::
> Jul 12 16:43:29 localhost slapd[11546]: send_ldap_response: 
> msgid=2 tag=101 err=0
> Jul 12 16:43:29 localhost slapd[11546]: conn=10 op=1 SEARCH 
> RESULT tag=101 err=0 text=
> Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 
> descriptors
> Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on:
> Jul 12 16:43:29 localhost slapd[11500]:  15r
> Jul 12 16:43:29 localhost slapd[11500]:
> Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 15
> Jul 12 16:43:29 localhost slapd[11500]: connection_get(15)
> Jul 12 16:43:29 localhost slapd[11500]: connection_get(15): 
> got connid=8
> Jul 12 16:43:29 localhost slapd[11500]: connection_read(15): 
> checking for input on id=8
> Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 15 
> failed errno=11 (Resource temporarily unavailable)
> Jul 12 16:43:29 localhost slapd[11543]: do_search
> Jul 12 16:43:29 localhost slapd[11543]: SRCH 
> "ou=People,dc=MY_DOMAIN,dc=NET" 2 0
> Jul 12 16:43:29 localhost slapd[11543]:     1 0 0
> Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
> Jul 12 16:43:29 localhost slapd[11543]: AND
> Jul 12 16:43:29 localhost slapd[11543]: begin get_filter_list
> Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
> Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
> Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
> Jul 12 16:43:29 localhost slapd[11543]: begin get_filter
> Jul 12 16:43:29 localhost slapd[11543]: EQUALITY
> Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
> Jul 12 16:43:29 localhost slapd[11543]: end get_filter_list
> Jul 12 16:43:29 localhost slapd[11543]: end get_filter 0
> Jul 12 16:43:29 localhost slapd[11543]:     filter: 
> (&(objectClass=posixAccount)(uid=MY_COMPUTER$))
> Jul 12 16:43:29 localhost slapd[11543]:     attrs:
> Jul 12 16:43:29 localhost slapd[11543]:  uid
> Jul 12 16:43:29 localhost slapd[11543]:  userPassword
> Jul 12 16:43:29 localhost slapd[11543]:  uidNumber
> Jul 12 16:43:29 localhost slapd[11543]:  gidNumber
> Jul 12 16:43:29 localhost slapd[11543]:  cn
> Jul 12 16:43:29 localhost slapd[11543]:  homeDirectory
> Jul 12 16:43:29 localhost slapd[11543]:  loginShell
> Jul 12 16:43:29 localhost slapd[11543]:  gecos
> Jul 12 16:43:29 localhost slapd[11543]:  description
> Jul 12 16:43:29 localhost slapd[11543]:  objectClass
> Jul 12 16:43:29 localhost slapd[11543]:
> Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SRCH 
> base="ou=People,dc=MY_DOMAIN,dc=NET" scope=2 
> filter="(&(objectClass=posixAccount)(uid=MY_COMPUTER$))"
> Jul 12 16:43:29 localhost slapd[11543]: => ldbm_back_search
> Jul 12 16:43:29 localhost slapd[11543]: dn2entry_r: dn: 
> "OU=PEOPLE,DC=MY_DOMAIN,DC=NET"
> Jul 12 16:43:29 localhost slapd[11543]: => dn2id( 
> "OU=PEOPLE,DC=MY_DOMAIN,DC=NET" )
> Jul 12 16:43:29 localhost slapd[11543]: ====> 
> cache_find_entry_dn2id("OU=PEOPLE,DC=MY_DOMAIN,DC=NET"): 3 (1 tries)
> Jul 12 16:43:29 localhost slapd[11543]: <= dn2id 3 (in cache)
> Jul 12 16:43:29 localhost slapd[11543]: => id2entry_r( 3 )
> Jul 12 16:43:29 localhost slapd[11543]: ====> 
> cache_find_entry_id( 3 ) "ou=People,dc=MY_DOMAIN,dc=net" 
> (found) (1 tries)
> Jul 12 16:43:29 localhost slapd[11543]: <= id2entry_r( 3 ) 
> 0x80ea280 (cache)
> Jul 12 16:43:29 localhost slapd[11543]: search_candidates: 
> base="OU=PEOPLE,DC=MY_DOMAIN,DC=NET" s=2 d=0
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         AND
> Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         DN SUBTREE
> Jul 12 16:43:29 localhost slapd[11543]: => dn2idl( 
> "@OU=PEOPLE,DC=MY_DOMAIN,DC=NET" )
> Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( 
> "dn2id.dbb", 73, 600 )Jul 12 16:43:29 localhost slapd[11543]: 
> <= ldbm_cache_open (cache 0)
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         OR
> Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa1
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         EQUALITY
> Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
> Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( 
> "objectClass.dbb", 73, 600 )
> Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3)
> Jul 12 16:43:29 localhost slapd[11543]: => key_read
> Jul 12 16:43:29 localhost slapd[11543]: <= index_read 0 candidates
> Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates NULL
> Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 0
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         AND
> Jul 12 16:43:29 localhost slapd[11543]: => list_candidates 0xa0
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         EQUALITY
> Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
> Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( 
> "objectClass.dbb", 73, 600 )
> Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 3)
> Jul 12 16:43:29 localhost slapd[11543]: => key_read
> Jul 12 16:43:29 localhost slapd[11543]: <= index_read 4 candidates
> Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 4
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 4
> Jul 12 16:43:29 localhost slapd[11543]: => filter_candidates
> Jul 12 16:43:29 localhost slapd[11543]:         EQUALITY
> Jul 12 16:43:29 localhost slapd[11543]: => equality_candidates
> Jul 12 16:43:29 localhost slapd[11543]: => ldbm_cache_open( 
> "uid.dbb", 73, 600 )
> Jul 12 16:43:29 localhost slapd[11543]: <= ldbm_cache_open (cache 4)
> Jul 12 16:43:29 localhost slapd[11543]: => key_read
> Jul 12 16:43:29 localhost slapd[11543]: <= index_read 1 candidates
> Jul 12 16:43:29 localhost slapd[11543]: <= equality_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 1
> Jul 12 16:43:29 localhost slapd[11543]: <= list_candidates 0
> Jul 12 16:43:29 localhost slapd[11543]: <= filter_candidates 0
> Jul 12 16:43:29 localhost slapd[11500]: daemon: select: 
> listen=6 active_threads=1 tvp=NULL
> Jul 12 16:43:29 localhost slapd[11543]: ====> 
> cache_return_entry_r( 3 ): returned (0)
> Jul 12 16:43:29 localhost slapd[11543]: ldbm_search: no candidates
> Jul 12 16:43:29 localhost slapd[11543]: send_ldap_search_result 0::
> Jul 12 16:43:29 localhost slapd[11543]: send_ldap_response: 
> msgid=7 tag=101 err=0
> Jul 12 16:43:29 localhost slapd[11543]: conn=8 op=6 SEARCH 
> RESULT tag=101 err=0 text=
> Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on 1 
> descriptors
> Jul 12 16:43:29 localhost slapd[11500]: daemon: activity on:
> Jul 12 16:43:29 localhost slapd[11500]:  17r
> Jul 12 16:43:29 localhost slapd[11500]:
> Jul 12 16:43:29 localhost slapd[11500]: daemon: read activity on 17
> Jul 12 16:43:29 localhost slapd[11500]: connection_get(17)
> Jul 12 16:43:29 localhost slapd[11500]: connection_get(17): 
> got connid=10
> Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): 
> checking for input on id=10
> Jul 12 16:43:29 localhost slapd[11500]: ber_get_next on fd 17 
> failed errno=0 (Success)
> Jul 12 16:43:29 localhost slapd[11500]: connection_read(17): 
> input error=-2 id=10, closing.
> Jul 12 16:43:29 localhost slapd[11500]: connection_closing: 
> readying conn=10 sd=17 for close
> Jul 12 16:43:29 localhost slapd[11500]: connection_close: 
> deferring conn=10 sd=17
> Jul 12 16:43:29 localhost slapd[11542]: do_unbind
> Jul 12 16:43:29 localhost slapd[11542]: conn=10 op=2 UNBIND
> Jul 12 16:43:29 localhost slapd[11542]: connection_resched: 
> attempting closing conn=10 sd=17
> Jul 12 16:43:29 localhost slapd[11542]: connection_close: 
> conn=10 sd=17
> Jul 12 16:43:29 localhost slapd[11542]: daemon: removing 17
> Jul 12 16:43:29 localhost slapd[11542]: conn=-1 fd=17 closed
> Well, as you can see, the problem was that Samba was looking 
> for MY_COMPUTER$ in ou=People.  So I took MY_COMPUTER$ out of 
> ou=Machines and put it in ou=People.  Then when I attempeted 
> to join MY_DOMAIN i got the friendly "Welcome to the 
> MY_DOMAIN Domain!"  Yay!
> 
> No the issue is this.  I want my Machines in there own OU.  
> What piece am I missing here to make Samba work with an 
> Account in Machines only?
> 
> My Machine account is in my previous email so here is my 
> /etc/ldap.conf:
> # ldap.conf
> host 127.0.0.1
> base dc=MY_DOMAIN,dc=NET
> 
> rootbinddn cn=manager,dc=MY_DOMAIN,dc=NET
> 
> pam_filter objectclass=posixaccount
> pam_login_attribute uid
> pam_member_attribute gid
> pam_password md5
> 
> nss_base_passwd         ou=People,dc=MY_DOMAIN,dc=NET?sub
> nss_base_shadow         ou=People,dc=MY_DOMAIN,dc=NET?sub
> nss_base_group          ou=Group,dc=MY_DOMAIN,dc=NET?one
> 
> P.S.  I suspect I need to change shadow, but how?  Can 
> somebody explain what one and sub mean and how this ties to nss?
> 
> Thanks!
> 
> -- Scott Phelps
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list