[Samba] Samba+LDAP - so close yet so far :)

abebe lsslp peaceofcrap2001 at yahoo.com
Fri Jul 16 04:24:13 GMT 2004 

Dear my samba friends & Craig (who has been helping me
with this issue so far), please help me with this one
:) I have a fedora core 1, samba 3.0.5, and openldap
2.1.*, and smbldap-tools 0.8.4.1 
 
When I try to join the domain [AGUILAS] from my XP
(winxp), it is quiting half way through the process.
However, I don't completely understand why. I used
samba log level 3 to diagonose the problem. As you can
see below, the XP machine is authomatically entered in
the LDAP directory. 

dn: uid=winxp$,ou=Computers,dc=wbcoll,dc=edu
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: winxp$
sn: winxp$
uid: winxp$
uidNumber: 1001
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 3b567a82-6b15-1028-949e-a8c9465cf53a
creatorsName: cn=Manager,dc=wbcoll,dc=edu
createTimestamp: 20040716014307Z
entryCSN: 2004071601:43:07Z#0x0001#0#0000
modifiersName: cn=Manager,dc=wbcoll,dc=edu
modifyTimestamp: 20040716014307Z

Three log files are also automatically created in
'/var/log/samba/': 192.168.1.18.log, smbd.log, and
xppro.log.  

LOG FILE 1#

'smbd.log' looks fine:
======================================================
[2004/07/15 21:41:06, 3]
lib/smbldap.c:smbldap_connect_system(805)
  ldap_connect_system: succesful connection to the
LDAP server
======================================================

LOG FILE 2#

'192.168.1.18.log' shows the following error:
======================================================
[2004/07/15 22:13:06, 3]
smbd/oplock.c:init_oplocks(1302)
  open_oplock_ipc: opening loopback UDP socket.
[2004/07/15 22:13:06, 3]
smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
  Linux kernel oplocks enabled
[2004/07/15 22:13:06, 3]
smbd/oplock.c:init_oplocks(1333)
  open_oplock ipc: pid = 4520, global_oplock_port =
32770
[2004/07/15 22:13:06, 3]
lib/access.c:check_access(313)
  check_access: no hostnames in host allow/deny list.
[2004/07/15 22:13:06, 2]
lib/access.c:check_access(324)
  Allowed connection from  (192.168.1.18)
[2004/07/15 22:13:06, 3]
smbd/process.c:process_smb(1092)
  Transaction 0 of length 72
[2004/07/15 22:13:06, 2]
smbd/reply.c:reply_special(219)
  netbios connect: name1=EAGLEX          name2=WINXP
[2004/07/15 22:13:06, 2]
smbd/reply.c:reply_special(226)
  netbios connect: local=eaglex remote=winxp, name
type = 0
======================================================
'oplock?'... what is that? I think I have seen it in
swat before!

LOG FILE 3#

'winxp.log'- too long and complicated, yet contains
more useful info (I think) :) I have the full file at
http://150.208.105.24/smbldap-pdc/winxp_log.html
======================================================
LINE 70: check_ntlm_password:  mapped user is:
[AGUILAS]\[administrator]@[WINXP]
LINE 78: init_sam_from_ldap: Entry found for user:
Administrator
LINE 96: init_group_from_ldap: Entry found for group:
512
LINE 100: check_ntlm_password: sam authentication for
user [administrator] succeeded
LINE 110: check_ntlm_password:  authentication for
user [administrator] -> [administrator] ->
[Administrator] succeeded

Then it does some type of setup for user
'Administrator'

LINE 154: winxp (192.168.1.18) connect to service IPC$
initially as user Administrator (uid=0, gid=512) (pid
4447)
LINE 468 - 475: 
[2004/07/15 20:43:06, 3]
smbd/service.c:close_cnum(833)
  winxp (192.168.1.18) closed connection to service
IPC$
[2004/07/15 20:43:06, 3]
smbd/connection.c:yield_connection(69)
  Yielding connection to IPC$
[2004/07/15 20:43:06, 3]
smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/07/15 20:43:06, 3]
smbd/process.c:timeout_processing(1332)
  timeout_processing: End of file from client (client
has disconnected).
======================================================
After these, the process repeats itself few times.
Between the lines, it also looks for 'pipe' and
destroyes some things. It also lists 'Transactions'
which I have no clue what it is about. I hope I have
not given too much information :) I believe Mohammad
(sorry if I miss spell your name) is having the same
problem with SUSE 9.1 as well. 

I really like to thank you for putting your time and
effort to help me! I hope I will do the same for
others, as you will for me! Again, thank you even for
taking your time to read my request :)

Ambex

PS: any moral support will be great at this point of
the ball game as well :)

PSS: You will find my configuration files from this
how to doc I started: http://150.208.105.24/smbldap-pdc.html


		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

More information about the samba mailing list