[Samba] samba 3 LDAP/PDC problem - adding WXP account

Tarjei Bitustøyl astaroth at uses.nofw.org
Sun Nov 9 18:36:20 GMT 2003


Microsoft Client Services: Digitally sign communications (Always) = Disabled
That's what you mean right? In that case, yes.

Regards
Tarjei
----- Original Message ----- 
From: "McKeever Chris" <tech-mail at prupref.com>
To: "Andrew Bartlett" <abartlet at samba.org>; <samba at lists.samba.org>; "Tarjei
Bitustøyl" <astaroth at uses.nofw.org>
Sent: Sunday, November 09, 2003 5:39 PM
Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account


>
>
> On Sun, 9 Nov 2003 10:26 , Tarjei Bitustøyl <astaroth at uses.nofw.org> sent:
>
> >Ok, additional information:
> >I am using LDAP as a unix password backend, so I shouldn't be needing the
> >/etc/passwd for a machine account.
> >The smbldap-useradd.pl -w script adds an account correctly, and both
> >posixAccount and sambaSAMAccount is set. When this is done, I get again,
> >"access is denied" when I try to join the domain, with the valid SID
user.
> >It doesn't seem to join correctly on the operation when it actually
creates
> >the account, however I can see nothing wrong with the account itself.
Here
> >is an auto-created account: (smbldap-useradd.pl -w %u)
> >
> >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO
> >objectClass: top
> >objectClass: inetOrgPerson
> >objectClass: posixAccount
> >cn: main$
> >sn: main$
> >uid: main$
> >uidNumber: 1003
> >gidNumber: 553
> >homeDirectory: /dev/null
> >loginShell: /bin/false
> >description: Computer
> >
> >I have all the scripts in place, but manually only the add machine script
> >works. I don't think I need the others for the operation I am trying,
> >though.
> >
> >The thing is, if I do have an account in /etc/passwd called "main$" when
I
> >try to join, the auto-created ldap entry looks very very different:
> >
> >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO
> >uid: main$
> >sambaSID: S-1-5-21-2523409155-1094959098-2360343008-3006
> >sambaPrimaryGroupSID: S-1-5-21-2523409155-1094959098-2360343008-1201
> >sambaAcctFlags: [W          ]
> >objectClass: sambaSamAccount
> >objectClass: account
> >
> >The error upon joining is still the same, username could not be found;
> >however, subsequent attempts to join give the error "access is denied."
I'm
> >going nuts.
> >
>
>
> if this is an XP PRO machine, have you done the signorseal registry hack?
>
>
> >Regards
> >Tarjei
> >
> >----- Original Message ----- 
> >From: "Andrew Bartlett" abartlet at samba.org>
> >To: "Tarjei Bitustøyl" astaroth at uses.nofw.org>
> >Cc: samba at lists.samba.org>
> >Sent: Sunday, November 09, 2003 10:08 AM
> >Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account
> >
> >On Sun, 2003-11-09 at 19:40, Tarjei Bitustøyl wrote:
> >> Hi,
> >>
> >> I've finally gotten my LDAP password backend up and running, and
finally
> >figured out the SID 1000/1001 thing for Samba admin.
> >> However I'm unable to join the workstation to my domain.
> >
> >I'm not sure what you mean about the '1000/1001' thing.  Root should be
> >given the special sid '-500' if at all possible, as that is
> >'administrator'.
> >
> >> Using any random user in the WXP dialogue, I get the "Access is Denied"
> >error. Fair enough.
> >> Using the user with sambasid and sambagroupsid s-*-1000/s-*-1001, I get
> >the error "The Username could not be found". This error is probably not
> >referring to the login user, as that one is validated (I get another
error
> >if I type in a wrong password), so I assume it's the machine account user
> >that it is looking for.
> >>
> >> I have however tried adding the machine account using both LAM and
> >smbpasswd -a -m, but no difference.
> >>
> >> The debug log says everything is successful?
> >> I'm at a loss. Does anyone have a hint as to what is wrong here?
> >
> >Do you have the add user scripts in place?
> >
> >Andrew Bartlett
> >
> >-- 
> >Andrew Bartlett                                 abartlet at pcug.org.au
> >Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> >Student Network Administrator, Hawker College   abartlet at hawkerc.net
> >http://samba.org     http://build.samba.org     http://hawkerc.net
> >
> >-- 
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
> ---- Prudential Preferred Properties   www.prupref.com
>
>




More information about the samba mailing list