[Samba] PDC+LDAP+Win2k/XP domain logon
Sandor Feher
sfeher at bluesystem.hu
Fri Nov 28 14:08:09 GMT 2003
Hi,
I successfully installed samba 3.0.1pre4 from cvs tree with ldap-2.0.27.
I can log in with administrator but can't get my machines (win2k and XP)
joined into the domain.
Here are some relevant part of the log file.
[2003/11/28 15:02:32, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(251)
[2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-3516781642-1962875130-3438800523-3004
se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-1401
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-518063335-3730449020-288107188-1401
[2003/11/28 15:02:32, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2003/11/28 15:07:25, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 732
[2003/11/28 15:07:25, 3] smbd/process.c:process_smb(890)
Transaction 35 of length 168
[2003/11/28 15:07:25, 3] smbd/process.c:switch_message(685)
switch message SMBtrans (pid 2501)
[2003/11/28 15:07:25, 3] smbd/ipc.c:reply_trans(530)
trans <\PIPE\> data=80 params=0 setup=2
[2003/11/28 15:07:25, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2003/11/28 15:07:25, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 775c)free_pipe_context:
destroying talloc pool of size 0
[2003/11/28 15:07:25, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509)
api_rpcTNP: rpc command: SAMR_CREATE_USER
[2003/11/28 15:07:25, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
0x00000010)
*****************
smb.conf
workgroup = TEST
security = user
server string = Test Samba 3.0
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
ldap admin dn = "cn=Manager,dc=csw,dc=com"
ldap server = 192.168.1.30
ldap suffix = dc=csw,dc=com
ldap port = 389
ldap ssl = off
passdb backend = ldapsam:ldap://192.168.1.30
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %u
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
%u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -g gid %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
debuglevel = 3
max log size = 10000
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd.pl %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*succ
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = 192.168.1.255
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon script = %U.bat
logon path = \\%L\Profiles\%U
wins support = yes
...
******************
At the client side a simple access denied message appears.
Any idea would be appreciated.
thanks.,FS
--
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
More information about the samba
mailing list