[Samba] Winxp / LDAP No account in domain

Neil Marjoram n.marjoram at adastral.ucl.ac.uk
Mon Aug 16 15:09:07 GMT 2004 

Can anyone help - this is driving me up the wall.

I keep getting this error from my LDAP enabled BDC :

[2004/08/16 15:38:12, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation ALDEBURGH$: no account in domain

It is the same for all workstations. I have made sure the Sign Or Seal
reg hack is in place. The same client system is OK when not using LDAP
as a password backend.

I have checked the LDAP log output (all 61 pages) and believe there is
nothing abnormal in the output.

User authorisation against LDAP works fine, group mapping is OK.

My latest change is to alter the case in LDAP to uppercase but this has
had no effect. 

Here's the output from LDAP for the account above :

dn: uid=aldeburgh$,ou=Computers,dc=adastral,dc=ucl,dc=ac,dc=uk
uidNumber: 5022
sambaDomainName: ADASTRAL
sambaAcctFlags: [W          ]
homeDirectory: /dev/null
objectClass: top
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: account
gidNumber: 251
loginShell: /bin/false
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
description: Computer Account
sambaLMPassword: xxx
sambaNTPassword: xxx
sambaPrimaryGroupSID: S-1-5-21-946251905-4084600911-3774255997-1503
sambaSID: S-1-5-21-946251905-4084600911-3774255997-11044
cn: ALDEBURGH$
displayName: ALDEBURGH$
uid: ALDEBURGH$

Heres the global section of the smb.conf :

	netbios name = BURY
        log file = /var/log/samba/%m.log
        load printers = yes
#LDAP
        passdb backend = ldapsam:ldap://ldap.adastral.ucl.ac.uk
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        ldap delete dn = Yes
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        ldap admin dn = cn=xxxxxx,dc=adastral,dc=ucl,dc=ac,dc=uk
        ldap suffix = dc=adastral,dc=ucl,dc=ac,dc=uk
        ldap group suffix = ou=Group
        ldap user suffix = ou=People
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        ldap ssl = start tls
        ldap passwd sync = yes
#LDAP END
        logon drive = H:
        logon home = \\%L\%U
        logon path = \\%L\%U\profile
        logon script = common.bat
        obey pam restrictions = yes
        pam password change = yes
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        domain master = no
        domain logons = yes
        encrypt passwords = yes
        passwd program = /usr/sbin/smbldap-passwd %u
        case sensitive = yes
        wins support = yes
        dns proxy = no
        writeable = yes
        server string = Adastral Park BDC Samba Server
        printing = cups
        preferred master = Yes
        workgroup = adastral
        time server = yes
        os level = 33
        printcap name = /etc/printcap
#       security = user


Anybody got any clues ?

Thanks,

Neil.


-- 
Neil Marjoram.
Systems Manager
University College London
Adastral Park Campus
Martlesham Heath
Ipswich
Suffolk
IP5 3RL

01473 663711

More information about the samba mailing list