[Samba] cannot login to Samba PDC from win2k

Pablo Molina Candel pmc2 at alu.um.es
Thu Feb 19 11:20:26 GMT 2004 

I have the following system:
 
   - Samba 3 using LDAP backend.
   - Every old windows user has been inserted in LDAP database.
   - Samba is configured (or is trying to be) as a PDC.
   - Win2k is working by now with workgroups, not with domains.
   
The idea now is use this new Samba schema for user authentication in the 
company. From a workstation I changed the workgroup use to domain, and I 
inserted the one in Samba. It seems to connect to it, but no user can log in 
(wrong username and password), and all of them are already inserted in LDAP.
 
In the winbindd log file (shown bellow), I got a warning saying that the GID 
for the user when trying to log in cannot be converted into SID. 
When I show the group map list, everything seems to be correct.

net groupmap list
=================

Domain Users (S-1-5-21-2373055660-3689259650-2501062268-21001) -> ldapusers
Domain Admins (S-1-5-21-2373055660-3689259650-2501062268-21003) -> adm

However, every group in LDAP database doesn't belong to any domain, cause there 
was a conflict between the LDAP Domain and the one specified in smb.conf (too 
many (2) doamins).

I don't know if I should make any special thing about this group mapping, and I 
really don't know what the problem is here. Can anyone help me?
 
I attach my smb.conf file:

smb.conf
========

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/02/16 15:42:24

# Global parameters
[global]
	domain master = Yes
	preferred master = yes	
	local master = yes
	domain logons = yes
	directory mask = 0770
	passdb backend = ldapsam:ldap://localhost:389
	logon script = logon.cmd
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
	printing = cups
	force directory mode = 0770
	ldap admin dn = cn=root,dc=my,dc=domain
	#logon path = \{}\{}%N\{}profiles\{}%U
	#logon path = /var/lib/samaba/netlogon
	workgroup = LINUXTEST
	os level = 255
	create mask = 0770
	wins support = true
	ldap machine suffix = ou=machines
	printcap name = CUPS
	#logon home = \{}\{}%N\{}\{}%u\{}winprofile
	netbios name = LINUXTEST
	force create mode = 0770
	ldap group suffix = ou=Groups
	ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
	logon drive = H:
	ldap user suffix = ou=People
	auto services = homes
	time server = Yes
	security = user
	map to guest = Bad User
	socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY 
SO_SNDBUF=8192
	ldap suffix = dc=my,dc=domain
	ldap ssl = no
	hide unreadable = yes
	#hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1
	#hosts deny = all
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	idmap backend = ldap:ldap://localhost:389
	ldap idmap suffix = ou=idmap
	winbind separator = +
	winbind enum users = yes
	winbind enum groups = yes

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0740
	directory mask = 0750
	browseable = No

[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @ntadmin, root
	force group = ntadmin
	create mask = 0664
	directory mask = 0775

[supersamba]
	user = @ldapusers
	path = /usr/local/shares/super
	writeable = yes
	comment = Samba ist Super
	valid users = @ldapusers

[netlogon]
	path = /var/lib/samba/netlogon
	write list = root
	read only = yes
	guest ok = yes
	browseable = no

[profiles]
	path = /var/lib/samba/profiles
	browseable = no
	read only = no
	directory mask = 0700
	create mask = 0600


Here I attach the winbindd log file, so that someone can help me:
 
log.winbindd
============

[2004/02/19 12:06:38, 1] nsswitch/winbindd.c:main(842)
  winbindd version 3.0.1 started.
  Copyright The Samba Team 2000-2003
[2004/02/19 12:06:38, 1] nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain LINUXTEST  
[2004/02/19 12:06:38, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/19 12:06:38, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/19 12:07:47, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid
[2004/02/19 12:07:49, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

More information about the samba mailing list