[Samba] Samba+LDAP - so close yet so far :)

Craig White craigwhite at azapple.com
Fri Jul 16 05:55:08 GMT 2004 

On Thu, 2004-07-15 at 21:24, abebe lsslp wrote:
> Dear my samba friends & Craig (who has been helping me
> with this issue so far), please help me with this one
> :) I have a fedora core 1, samba 3.0.5, and openldap
> 2.1.*, and smbldap-tools 0.8.4.1 
>  
> When I try to join the domain [AGUILAS] from my XP
> (winxp), it is quiting half way through the process.
> However, I don't completely understand why. I used
> samba log level 3 to diagonose the problem. As you can
> see below, the XP machine is authomatically entered in
> the LDAP directory. 
> 
> dn: uid=winxp$,ou=Computers,dc=wbcoll,dc=edu
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: winxp$
> sn: winxp$
> uid: winxp$
> uidNumber: 1001
> gidNumber: 553
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: 3b567a82-6b15-1028-949e-a8c9465cf53a
> creatorsName: cn=Manager,dc=wbcoll,dc=edu
> createTimestamp: 20040716014307Z
> entryCSN: 2004071601:43:07Z#0x0001#0#0000
> modifiersName: cn=Manager,dc=wbcoll,dc=edu
> modifyTimestamp: 20040716014307Z
> 
> Three log files are also automatically created in
> '/var/log/samba/': 192.168.1.18.log, smbd.log, and
> xppro.log.  
> 
> LOG FILE 1#
> 
> 'smbd.log' looks fine:
> ======================================================
> [2004/07/15 21:41:06, 3]
> lib/smbldap.c:smbldap_connect_system(805)
>   ldap_connect_system: succesful connection to the
> LDAP server
> ======================================================
> 
> LOG FILE 2#
> 
> '192.168.1.18.log' shows the following error:
> ======================================================
> [2004/07/15 22:13:06, 3]
> smbd/oplock.c:init_oplocks(1302)
>   open_oplock_ipc: opening loopback UDP socket.
> [2004/07/15 22:13:06, 3]
> smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
>   Linux kernel oplocks enabled
> [2004/07/15 22:13:06, 3]
> smbd/oplock.c:init_oplocks(1333)
>   open_oplock ipc: pid = 4520, global_oplock_port =
> 32770
> [2004/07/15 22:13:06, 3]
> lib/access.c:check_access(313)
>   check_access: no hostnames in host allow/deny list.
> [2004/07/15 22:13:06, 2]
> lib/access.c:check_access(324)
>   Allowed connection from  (192.168.1.18)
> [2004/07/15 22:13:06, 3]
> smbd/process.c:process_smb(1092)
>   Transaction 0 of length 72
> [2004/07/15 22:13:06, 2]
> smbd/reply.c:reply_special(219)
>   netbios connect: name1=EAGLEX          name2=WINXP
> [2004/07/15 22:13:06, 2]
> smbd/reply.c:reply_special(226)
>   netbios connect: local=eaglex remote=winxp, name
> type = 0
> ======================================================
> 'oplock?'... what is that? I think I have seen it in
> swat before!
> 
> LOG FILE 3#
> 
> 'winxp.log'- too long and complicated, yet contains
> more useful info (I think) :) I have the full file at
> http://150.208.105.24/smbldap-pdc/winxp_log.html
> ======================================================
> LINE 70: check_ntlm_password:  mapped user is:
> [AGUILAS]\[administrator]@[WINXP]
> LINE 78: init_sam_from_ldap: Entry found for user:
> Administrator
> LINE 96: init_group_from_ldap: Entry found for group:
> 512
> LINE 100: check_ntlm_password: sam authentication for
> user [administrator] succeeded
> LINE 110: check_ntlm_password:  authentication for
> user [administrator] -> [administrator] ->
> [Administrator] succeeded
> 
> Then it does some type of setup for user
> 'Administrator'
> 
> LINE 154: winxp (192.168.1.18) connect to service IPC$
> initially as user Administrator (uid=0, gid=512) (pid
> 4447)
> LINE 468 - 475: 
> [2004/07/15 20:43:06, 3]
> smbd/service.c:close_cnum(833)
>   winxp (192.168.1.18) closed connection to service
> IPC$
> [2004/07/15 20:43:06, 3]
> smbd/connection.c:yield_connection(69)
>   Yielding connection to IPC$
> [2004/07/15 20:43:06, 3]
> smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/07/15 20:43:06, 3]
> smbd/process.c:timeout_processing(1332)
>   timeout_processing: End of file from client (client
> has disconnected).
> ======================================================
> After these, the process repeats itself few times.
> Between the lines, it also looks for 'pipe' and
> destroyes some things. It also lists 'Transactions'
> which I have no clue what it is about. I hope I have
> not given too much information :) I believe Mohammad
> (sorry if I miss spell your name) is having the same
> problem with SUSE 9.1 as well. 
> 
> I really like to thank you for putting your time and
> effort to help me! I hope I will do the same for
> others, as you will for me! Again, thank you even for
> taking your time to read my request :)
> 
> Ambex
> 
> PS: any moral support will be great at this point of
> the ball game as well :)
> 
> PSS: You will find my configuration files from this
> how to doc I started: http://150.208.105.24/smbldap-pdc.html
----
The logs you sent through don't provide enough clues. The only thing
that even suggests a problem was the one line about
> smbd/process.c:timeout_processing(1332)
>   timeout_processing: End of file from client (client
> has disconnected).

You are attempting to join WinXP to domain, are asked for the
name/password/domain of a user who has sufficient privileges to add a
machine to the domain and it fails to finish? The machine is indeed
added to LDAP - that's all I can figure out from your email.

First off - my understanding is that Machine accounts should still be
located in the People subtree and not in the Computers subtree because
subsequent searches will not locate it there. If this has been fixed,
I'm sure someone will correct me.

Secondly - ldap log?

Thirdly - why not up the samba log level while you are debugging? Don't
you want to figure the problem out?

Craig

More information about the samba mailing list