[Samba] samba 3 LDAP/PDC problem - adding WXP account
McKeever Chris
tech-mail at prupref.com
Sun Nov 9 16:39:09 GMT 2003
On Sun, 9 Nov 2003 10:26 , Tarjei Bitustøyl <astaroth at uses.nofw.org> sent:
>Ok, additional information:
>I am using LDAP as a unix password backend, so I shouldn't be needing the
>/etc/passwd for a machine account.
>The smbldap-useradd.pl -w script adds an account correctly, and both
>posixAccount and sambaSAMAccount is set. When this is done, I get again,
>"access is denied" when I try to join the domain, with the valid SID user.
>It doesn't seem to join correctly on the operation when it actually creates
>the account, however I can see nothing wrong with the account itself. Here
>is an auto-created account: (smbldap-useradd.pl -w %u)
>
>dn: uid=main$,ou=Machines,o=AstarothInc,c=NO
>objectClass: top
>objectClass: inetOrgPerson
>objectClass: posixAccount
>cn: main$
>sn: main$
>uid: main$
>uidNumber: 1003
>gidNumber: 553
>homeDirectory: /dev/null
>loginShell: /bin/false
>description: Computer
>
>I have all the scripts in place, but manually only the add machine script
>works. I don't think I need the others for the operation I am trying,
>though.
>
>The thing is, if I do have an account in /etc/passwd called "main$" when I
>try to join, the auto-created ldap entry looks very very different:
>
>dn: uid=main$,ou=Machines,o=AstarothInc,c=NO
>uid: main$
>sambaSID: S-1-5-21-2523409155-1094959098-2360343008-3006
>sambaPrimaryGroupSID: S-1-5-21-2523409155-1094959098-2360343008-1201
>sambaAcctFlags: [W ]
>objectClass: sambaSamAccount
>objectClass: account
>
>The error upon joining is still the same, username could not be found;
>however, subsequent attempts to join give the error "access is denied." I'm
>going nuts.
>
if this is an XP PRO machine, have you done the signorseal registry hack?
>Regards
>Tarjei
>
>----- Original Message -----
>From: "Andrew Bartlett" abartlet at samba.org>
>To: "Tarjei Bitustøyl" astaroth at uses.nofw.org>
>Cc: samba at lists.samba.org>
>Sent: Sunday, November 09, 2003 10:08 AM
>Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account
>
>On Sun, 2003-11-09 at 19:40, Tarjei Bitustøyl wrote:
>> Hi,
>>
>> I've finally gotten my LDAP password backend up and running, and finally
>figured out the SID 1000/1001 thing for Samba admin.
>> However I'm unable to join the workstation to my domain.
>
>I'm not sure what you mean about the '1000/1001' thing. Root should be
>given the special sid '-500' if at all possible, as that is
>'administrator'.
>
>> Using any random user in the WXP dialogue, I get the "Access is Denied"
>error. Fair enough.
>> Using the user with sambasid and sambagroupsid s-*-1000/s-*-1001, I get
>the error "The Username could not be found". This error is probably not
>referring to the login user, as that one is validated (I get another error
>if I type in a wrong password), so I assume it's the machine account user
>that it is looking for.
>>
>> I have however tried adding the machine account using both LAM and
>smbpasswd -a -m, but no difference.
>>
>> The debug log says everything is successful?
>> I'm at a loss. Does anyone have a hint as to what is wrong here?
>
>Do you have the add user scripts in place?
>
>Andrew Bartlett
>
>--
>Andrew Bartlett abartlet at pcug.org.au
>Manager, Authentication Subsystems, Samba Team abartlet at samba.org
>Student Network Administrator, Hawker College abartlet at hawkerc.net
>http://samba.org http://build.samba.org http://hawkerc.net
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
>
---- Prudential Preferred Properties www.prupref.com
More information about the samba
mailing list