[Samba] can't join NT4 wks into samba 3.0.0 domain

Ionut Gumeni igumeni at constantza-port.ro
Thu Nov 20 08:50:45 GMT 2003 

When I try to join the wks into samba domain using Administrator account 
I receive following in logfile:

[2003/11/20 10:03:21, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
[2003/11/20 10:03:21, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
  _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required: 
0x00000010)
[2003/11/20 10:03:21, 2] lib/smbldap.c:smbldap_search_suffix(1066)
------------------------------------------
smb.conf:
    passdb backend = ldapsam:ldap://localhost
        passwd program = /usr/local/smb/sbin/smbldap-passwd.pl -o %u
        add user script = /usr/local/smb/sbin/smbldap-useradd.pl -a %u
        delete user script = /usr/local/smb/sbin/smbldap-userdel.pl -r %u
        add group script = /usr/local/smb/sbin/smbldap-groupadd.pl %g
        delete group script = /usr/local/smb/sbin/smbldap-groupdel.pl %g
        add user to group script = 
/usr/local/smb/sbin/smbldap-groupmod.pl -m %u %g
        delete user from group script = 
/usr/local/smb/sbin/smbldap-groupmod.pl -x %u %g
        set primary group script = 
/usr/local/smb/sbin/smbldap-usermod.pl -g %g %u
        add machine script = /usr/local/smb/sbin/smbldap-useradd.pl -w %u
        ldap suffix = o=smb_dc,dc=xap,dc=ul
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = o=sxxxxxxxxmb_dc,dc=xap,dc=ul
        ldap admin dn = cn=Manager,dc=xap,dc=ul
        ldap ssl = no
-------------------------------------


ldap:


dn: o=smb_dc, dc=xap,dc=ul
objectClass: organization
o: smb_dc

dn: ou=Users, o=smb_dc, dc=xap,dc=ul
ou: Users
objectClass: organizationalUnit

dn: ou=Groups, o=smb_dc, dc=xap,dc=ul
ou: Groups
objectClass: organizationalUnit

dn: ou=Computers, o=smb_dc, dc=xap,dc=ul
ou: Computers
objectClass: organizationalUnit

dn: uid=nobody,ou=Users, o=smb_dc, dc=xap,dc=ul
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaPrimaryGroupSID: S-1-5-21-3967911966-3537913209-3658253730-514
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
sambaLogonTime: 0
sambaHomeDrive: _HOMEDRIVE_
uid: nobody
uidNumber: 999
cn: nobody
sambaLogoffTime: 2147483647
sambaPwdLastSet: 0
loginShell: /bin/false
sambaAcctFlags: [NU         ]
sambaProfilePath: \\_PDCNAME_\profiles\
gidNumber: 514
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-2998
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaPwdCanChange: 0
homeDirectory: /dev/null
sambaKickoffTime: 2147483647
sn: nobody
sambaHomePath: \\_PDCNAME_\homes

dn: cn=Domain Users,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-513
gidNumber: 513
sambaGroupType: 2
objectClass: sambaGroupMapping
objectClass: posixGroup
description: Netbios Domain Users
cn: Domain Users

dn: cn=Domain Guests,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-514 
gidNumber: 514
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Guests Users
cn: Domain Guests

dn: cn=Users,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-545
gidNumber: 545
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Ordinary users (not implemented yet)
cn: Users

dn: cn=Guests,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-546
gidNumber: 546
sambaGroupType: 2
memberUid: nobody
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Users granted guest access to the 
computer/sambaD
cn: Guests

dn: cn=Power Users,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-547
gidNumber: 547
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Members can share directories and printers 
(not i
cn: Power Users

dn: cn=Account Operators,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-548
gidNumber: 548
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Users to manipulate users accounts (not 
implement
cn: Account Operators

dn: cn=Server Operators,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-549
gidNumber: 549
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Server Operators (need smb.conf configuration)
cn: Server Operators

dn: cn=Print Operators,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-550
gidNumber: 550
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Print Operators (need smb.conf configuration)
cn: Print Operators

dn: cn=Backup Operators,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-551
gidNumber: 551
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Members can bypass file security to back up 
files
cn: Backup Operators

dn: cn=Replicator,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-552
gidNumber: 552
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Supports file replication in a 
sambaDomainName (n
cn: Replicator

dn: cn=Domain Computers,ou=Groups, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-553
gidNumber: 553
sambaGroupType: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Netbios Domain Computers accounts
cn: Domain Computers

dn: sambaDomainName=XAPMC, o=smb_dc, dc=xap,dc=ul
sambaSID: S-1-5-21-3967911966-3537913209-3658253730
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: XAPMC

dn: cn=Domain Admins,ou=Groups, o=smb_dc, dc=xap,dc=ul
gidNumber: 0
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-512
memberUid: Administrator
sambaGroupType: 2
objectClass: sambaGroupMapping
objectClass: posixGroup
objectClass: top
description: Windows Domain Users
cn: Domain Admins

dn: cn=root,ou=Groups, o=smb_dc, dc=xap,dc=ul
gidNumber: 0
description: Netbios Domain Members can fully administer the 
computer/sambaDo
 mainName (not implemented yet)
objectClass: posixGroup
cn: root

dn: uid=Administrator, o=smb_dc, dc=xap,dc=ul
sambaLMPassword: 3A4BBD2578F21623AAD3B435B51404EE
sambaPrimaryGroupSID: S-1-5-21-3967911966-3537913209-3658253730-512
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
userPassword:: e1NTSEF9bGJNbzhjTmNBR1dHc3pGUHM0d0JqbFVHZ0xjS1dmdDU=
sambaLogonTime: 0
sambaHomeDrive: _HOMEDRIVE_
uid: Administrator
uidNumber: 998
cn: Administrator
sambaLogoffTime: 2147483647
sambaPwdLastSet: 1069167452
sambaAcctFlags: [U          ]
loginShell: /bin/false
sambaProfilePath: \\_PDCNAME_\profiles\
gidNumber: 512
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-3967911966-3537913209-3658253730-2996
gecos: Netbios Domain Administrator
sambaNTPassword: 82AEDFBE9A6849028B292A74613A921B
sambaPwdCanChange: 0
homeDirectory: _HOMEPREFIX_
sambaKickoffTime: 2147483647
sn: Administrator
sambaHomePath: \\_PDCNAME_\homes

More information about the samba mailing list