[Samba] XP Joining Samba Domain
_Chris McKeever_
tech-mail at prupref.com
Tue May 20 21:15:50 GMT 2003
Some more information from the afternoon trials (comments inline below):
TRIAL 1:
Master LDAP
domain logons = no
domain master = yes
Slave LDAP/BDC
domain master = no
domain logons = yes
result: cannot find domain
TRIAL 2:
Master LDAP
domain logons = no
domain master = no
Slave LDAP/BDC
domain master = yes
domain logons = yes
result: machine account created, ACCESS DENIED joining domain
result 2 (checking replica delay): ACCESS DENIED
TRIAL 3:
Master LDAP
domain logons = yes
domain master = yes
Slave LDAP/BDC
domain master = no
domain logons = yes
result: successful join of machine via the MASTER LDAP using the machine
account created in TRIAL 2...successful authentication via the BDC after
reboot
> >> _Chris McKeever_ wrote:
> >
> > Those logs are from when it tries to join the BDC when the machine
> > account _already_ exists
> >
>
> Then we know what the problem is by elimination ...
>
>
> Assuming you have samba-2.2.8 or later, it should show that
> it rebinds to
> the master (assuming you slave returns a referral on a write
> request). It
> will of course rebind with the dn in the BDC's smb.conf with
> the password
> you set on the BDC with smbpasswd -w
>
I am using cn=root,dc=mylan,dc=net for both the rootdn and the ldap admin dn
for samba
re-ran smbpasswd -w THEPASSWORDHERE on both machine
> So, your problem is either
> 1)You haven't setup referrals
wouldn't this mean I couldnt create the machine account? Which I am able to
do: updateref "ldaps://ldap.prupref.com"
> 2)Your dn used in the smb.conf on the slave does not have
> write access to
> the machine account. Note, samba-2.2.x will want to write all the
> attributes for the account (not just the ones that change).
it is ldap admin dn = cn=root,dc=prupref,dc=com..but then again, I can get
the machine account created when joinging via the BDC..it just wont finish
the joining
> 3)You didn't give samba on the BDC it's LDAP password.
>
smbpasswd -w THEPASSWORDHERE was run
Is there a way I can test the referrals and the samba password?
is this a sign of a problem?
BDC# smbpasswd -a cgmckeever
New SMB password:
Retype new SMB password:
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
failed to modify user with uid = cgmckeever with: No such object
Password changed for user cgmckeever.
Failed to modify entry for user cgmckeever.
Failed to modify password entry for user cgmckeever
updateref "ldaps://ldap.prupref.com"
OR
updateref "ldap://ldap.prupref.com"
Searches definately show a uid=cgmckeever and I can access samba shares no
problem fro both machines
BDC# ldapsearch -LL -H ldap://localhost -b"dc=prupref,dc=com" -x
"(uid=cgmckeever)"
version: 1
dn: uid=cgmckeever, ou=People, dc=prupref,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixaccount
objectClass: shadowaccount
objectClass: kerberosSecurityObject
objectClass: sambaAccount
BDC# ldapsearch -LL -H ldap://ldap.prupref.com -b"dc=prupref,dc=com" -x
"(uid=cgmckeever)"
version: 1
dn: uid=cgmckeever, ou=People, dc=prupref,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixaccount
objectClass: shadowaccount
objectClass: kerberosSecurityObject
objectClass: sambaAccount
> Regards,
> Buchan
>
>
More information about the samba
mailing list