[Samba] samba3 PDC+ldap domain logon problem
Muhammad Reza
reza at mra.co.id
Thu Jun 24 08:08:16 GMT 2004
Is this bug fix with rpm version of samba-3.0.3-5 (fedora package ?)
Cause is still can't join to Samba LDAP server with unknown user name
and password error form Windows 2000.
smbd.log said
[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))]
[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_open_connection(639)
smbldap_open_connection: connection opened
[2004/06/17 23:22:20, 3] lib/smbldap.c:smbldap_connect_system(806)
ldap_connect_system: succesful connection to the LDAP server
and <machinename>.log said
[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(208)
netbios connect: name1=PDC-SMB3 name2=BACKUP
[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(215)
netbios connect: local=pdc-smb3 remote=backup, name type = 0
Is there something wrong with my configuration ?
-----smb.conf
workgroup = SMB3
netbios name = PDC-SMB3
interfaces = 172.16.0.232
username map = /etc/samba/smbusers
admin users= administrator,@"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
<snip>domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.idealx.com"
ldap admin dn = cn=Manager,dc=mragroup,dc=net
ldap suffix = dc=mragroup,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
#smbldap-usershow Administrator
dn: uid=Administrator,ou=Users,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-1931314229-1443927316-3005072698-512
sambaSID: S-1-5-21-1931314229-1443927316-3005072698-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 552902031BEDE9EFAAD3B435B51404EE
sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
sambaPwdCanChange: 1087541956
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1087541956
sambaAcctFlags: [U ]
userPassword: {SMD5}W826bGtUtVBFm2cy9pjOoLleifE=
please help me
regards
reza
> There is a bug with seperating the machine suffix and the user suffix,
> they both need to be the same container.
>
> Please search the archives more, this topic comes up every week or so.
>
> David Caplan wrote:
>
>> Hi,
>>
>> I've got an issue with a samba 3 PDC with an ldap backend. I get a logon
>> failure (unknown username or bad password) when trying to add a win2k
>> box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap
>> 2.1.22. I am able to set up the workgroup on the w2k box, and access
>> folders for
>> users registered in the ldap database, however I am not able to join the
>> domain with the user Administrator.
>> Any ideas on where I can look to find errors or test another way? (I
>> cant find anything
>> in the ldap logs or the samba logs).
>>
>> Please CC me any response, as I'm not subscribed to the list.
>>
>> Thanks.
>> - David
>>
>> ---Some relevant smb.conf
>>
>> [global]
>>
>> ...
>> username map = /etc/samba3/smbusers
>> obey pam restrictions = No
>> ldap passwd sync = yes
>> passdb backend = ldapsam:ldap://127.0.0.1/
>> unix password sync = yes
>> pam password change = yes
>> passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password*
>> %n\n *LDAP*password*information*changed*for*dcaplan*\n
>> *passwd:*all*authentication*tokens*updated*successfully* ldap
>> admin dn = cn=root,dc=cloudraker,dc=com
>> ldap suffix = dc=cloudraker,dc=com
>> ldap group suffix = ou=Group
>> ldap user suffix = ou=People
>> ldap machine suffix = ou=Hosts
>> ldap idmap suffix = ou=People
>> ldap ssl = off #ldap ssl = start tls
>> add user script = /usr/bin/smbldap-useradd3 -m "%u"
>> ldap delete dn = Yes
>> delete user script = /usr/bin/smbldap-userdel3 "%u"
>> add machine script = /usr/bin/smbldap-useradd3 -w "%u"
>> add group script = /usr/bin/smbldap-groupadd3 -p "%g" #delete
>> group script = /usr/bin/smbldap-groupdel3 "%g"
>> add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g"
>> delete user from group script = /usr/bin/smbldap-groupmod3 -x "%u"
>> "%g"
>> set primary group script = /usr/bin/smbldap-usermod3 -g "%g" "%u"
>> os level = 65
>> security = user
>> logon path = \\%L\profiles\%U
>> logon drive = U:
>> update encrypted = Yes
>> encrypt passwords = yes
>> domain master = yes
>> domain logons = yes
>> local master = yes
>> preferred master = yes
>> guest ok = no
>> admin users = root Administrator
>>
>> #wins support = yes
>> #wins proxy = yes
>> ----
>>
>>
>> --
>> David Caplan <david at david.ath.cx>
>> Key fingerprint: AADC 53B6 D5FB 31FE E191 4E9A 8D5D 2952 9358
>>
>>
>
More information about the samba
mailing list