[Samba] Samba 3.0.2/LDAP and Adding a Workstation to the Domain

Norm Dressler ndressler at dinmar.com
Tue Feb 17 15:04:48 GMT 2004

A further follow-up --

Part of my problem was the the Administrator user did not have a
GIDNumber of 200 (Domain Admins).  

The workstation is now being added to my LDAP but then I'm getting an
error "The user name could not be found".

[2004/02/17 11:01:07, 3]
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd.pl
-w -d /dev/null -g "machines" -c 'Machine Account' -s
/bin/false vmw-win2000$' gave 0

Any help would be appreciated.


-----Original Message-----
From: samba-bounces+ndressler=dinmar.com at lists.samba.org
[mailto:samba-bounces+ndressler=dinmar.com at lists.samba.org]On Behalf Of
Norm Dressler
Sent: Tuesday, February 17, 2004 8:50 AM
To: samba at lists.samba.org
Subject: FW: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the

Well, the log shows that I'm getting an Access Denied on the
SAMR_OPEN_DOMAIN rpc... does that point anyone to my problem?

2004/02/17 09:36:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509)
  api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(251)
[2004/02/17 09:36:47, 3] lib/util_seaccess.c:se_access_check(252)
  se_access_check: user sid is
  se_access_check: also S-1-5-21-3107105797-2022331017-1334135658-512
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1441
  se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-512
  se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-513
  se_access_check: also S-1-5-21-2409148434-2038783532-1251894419-1207
[2004/02/17 09:36:47, 2]
  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)

-----Original Message-----
From: keith at midnighthax.com [mailto:keith at midnighthax.com]On Behalf Of
Keith Edmunds
Sent: Tuesday, February 17, 2004 9:32 AM
To: ndressler at dinmar.com
Subject: Re: [Samba] Samba 3.0.2/LDAP and Adding a Workstation to the

On Tue, 17 Feb 2004 09:13:54 -0400
"Norm Dressler" <ndressler at dinmar.com> wrote:

> Now I want to get back to user profiles and login scripts.  I have
> tried to join the domain from a Windows 2000 workstation and no matter
> what user ID and password I enter I'm getting Unknown User ID or Wrong
> Password.  I know the accounts I'm using exist and I'm using the right
> passwords.

Increase the logging setting in smb.conf, and check the logs. I had the
same problem recently, and found a rogue "invalid users = root" in
smb.conf. Simple, but I wasted a couple of hours on it.


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list