[Samba] XP Joining Samba Domain

_Chris McKeever_ tech-mail at prupref.com
Tue May 20 21:15:50 GMT 2003 

Some more information from the afternoon trials (comments inline below):

TRIAL 1:

Master LDAP 
domain logons = no
domain master = yes

Slave LDAP/BDC
domain master = no
domain logons = yes


result: cannot find domain

TRIAL 2:

Master LDAP 
domain logons = no
domain master = no

Slave LDAP/BDC
domain master = yes
domain logons = yes

result: machine account created, ACCESS DENIED joining domain

result 2 (checking replica delay): ACCESS DENIED

TRIAL 3:

Master LDAP 
domain logons = yes
domain master = yes

Slave LDAP/BDC
domain master = no
domain logons = yes

result: successful join of machine via the MASTER LDAP using the machine
account created in TRIAL 2...successful authentication via the BDC after
reboot


> >> _Chris McKeever_ wrote:
> >
> > Those logs are from when it tries to join the BDC when the machine
> > account _already_ exists
> >
> 
> Then we know what the problem is by elimination ...
> 

> 
> Assuming you have samba-2.2.8 or later, it should show that 
> it rebinds to
> the master (assuming you slave returns a referral on a write 
> request). It
> will of course rebind with the dn in the BDC's smb.conf with 
> the password
> you set on the BDC with smbpasswd -w
> 

I am using cn=root,dc=mylan,dc=net for both the rootdn and the ldap admin dn
for samba

re-ran smbpasswd -w THEPASSWORDHERE on both machine


> So, your problem is either
> 1)You haven't setup referrals

wouldn't this mean I couldnt create the machine account?  Which I am able to
do: updateref "ldaps://ldap.prupref.com"

> 2)Your dn used in the smb.conf on the slave does not have 
> write access to
> the machine account. Note, samba-2.2.x will want to write all the
> attributes for the account (not just the ones that change).

it is ldap admin dn = cn=root,dc=prupref,dc=com..but then again, I can get
the machine account created when joinging via the BDC..it just wont finish
the joining

> 3)You didn't give samba on the BDC it's LDAP password.
> 

smbpasswd -w THEPASSWORDHERE was run


Is there a way I can test the referrals and the samba password? 

is this a sign of a problem?

BDC# smbpasswd -a cgmckeever             
New SMB password:
Retype new SMB password:
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
failed to modify user with uid = cgmckeever with: No such object

Password changed for user cgmckeever.
Failed to modify entry for user cgmckeever.
Failed to modify password entry for user cgmckeever


updateref "ldaps://ldap.prupref.com"
OR
updateref "ldap://ldap.prupref.com"

Searches definately show a uid=cgmckeever and I can access samba shares no
problem fro both machines

BDC# ldapsearch -LL -H ldap://localhost -b"dc=prupref,dc=com" -x
"(uid=cgmckeever)"
version: 1

dn: uid=cgmckeever, ou=People, dc=prupref,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixaccount
objectClass: shadowaccount
objectClass: kerberosSecurityObject
objectClass: sambaAccount


BDC# ldapsearch -LL -H ldap://ldap.prupref.com -b"dc=prupref,dc=com" -x
"(uid=cgmckeever)"
version: 1

dn: uid=cgmckeever, ou=People, dc=prupref,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixaccount
objectClass: shadowaccount
objectClass: kerberosSecurityObject
objectClass: sambaAccount


> Regards,
> Buchan
> 
>

More information about the samba mailing list