[Samba] samba3 PDC+ldap domain logon problem

Muhammad Reza reza at mra.co.id
Thu Jun 24 08:08:16 GMT 2004 

Is this bug fix with rpm version of samba-3.0.3-5 (fedora package ?)

Cause is still can't join to Samba LDAP server with unknown user name 
and password error form Windows 2000.
smbd.log said

[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))]
[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_open_connection(639)
  smbldap_open_connection: connection opened
[2004/06/17 23:22:20, 3] lib/smbldap.c:smbldap_connect_system(806)
  ldap_connect_system: succesful connection to the LDAP server

and <machinename>.log said

[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(208)
  netbios connect: name1=PDC-SMB3        name2=BACKUP        
[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(215)
  netbios connect: local=pdc-smb3 remote=backup, name type = 0

Is there something wrong with my configuration ?
-----smb.conf
 workgroup = SMB3
        netbios name = PDC-SMB3
        interfaces = 172.16.0.232
        username map = /etc/samba/smbusers
        admin users= administrator,@"Domain Admins"
        server string = Samba Server %v
        security = user
        encrypt passwords = Yes
      <snip>domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        passdb backend = ldapsam:ldap://127.0.0.1/
        # passdb backend = ldapsam:"ldap://127.0.0.1/ 
ldap://slave.idealx.com"
        ldap admin dn = cn=Manager,dc=mragroup,dc=net
        ldap suffix = dc=mragroup,dc=net
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Users
        #ldap ssl = start tls
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        #delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"


#smbldap-usershow Administrator
dn: uid=Administrator,ou=Users,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-1931314229-1443927316-3005072698-512
sambaSID: S-1-5-21-1931314229-1443927316-3005072698-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 552902031BEDE9EFAAD3B435B51404EE
sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
sambaPwdCanChange: 1087541956
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1087541956
sambaAcctFlags: [U          ]
userPassword: {SMD5}W826bGtUtVBFm2cy9pjOoLleifE=

please help me

regards
reza

            





> There is a bug with seperating the machine suffix and the user suffix, 
> they both need to be the same container.
>
> Please search the archives more, this topic comes up every week or so.
>
> David Caplan wrote:
>
>> Hi,
>>
>> I've got an issue with a samba 3 PDC with an ldap backend. I get a logon
>> failure (unknown username or bad password) when trying to add a win2k
>> box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap 
>> 2.1.22. I am able to set up the workgroup on the w2k box, and access 
>> folders for
>> users registered in the ldap database, however I am not able to join the
>> domain with the user Administrator.
>> Any ideas on where I can look to find errors or test another way? (I 
>> cant find anything
>> in the ldap logs or the samba logs).
>>
>> Please CC me any response, as I'm not subscribed to the list.
>>
>> Thanks.
>> - David
>>
>> ---Some relevant smb.conf
>>
>> [global]
>>
>>    ...
>>     username map = /etc/samba3/smbusers
>>     obey pam restrictions = No
>>     ldap passwd sync = yes
>>     passdb backend = ldapsam:ldap://127.0.0.1/
>>     unix password sync = yes
>>     pam password change = yes
>>     passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* 
>> %n\n *LDAP*password*information*changed*for*dcaplan*\n 
>> *passwd:*all*authentication*tokens*updated*successfully*     ldap 
>> admin dn = cn=root,dc=cloudraker,dc=com
>>    ldap suffix = dc=cloudraker,dc=com
>>    ldap group suffix = ou=Group
>>    ldap user suffix = ou=People
>>    ldap machine suffix = ou=Hosts
>>    ldap idmap suffix = ou=People
>>    ldap ssl = off    #ldap ssl = start tls
>>    add user script = /usr/bin/smbldap-useradd3 -m "%u"
>>    ldap delete dn = Yes
>>    delete user script = /usr/bin/smbldap-userdel3 "%u"
>>    add machine script = /usr/bin/smbldap-useradd3 -w "%u"
>>    add group script = /usr/bin/smbldap-groupadd3 -p "%g"    #delete 
>> group script = /usr/bin/smbldap-groupdel3 "%g"
>>    add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g"
>>    delete user from group script = /usr/bin/smbldap-groupmod3 -x "%u" 
>> "%g"
>>    set primary group script = /usr/bin/smbldap-usermod3 -g "%g" "%u"
>>     os level = 65
>>     security = user
>>     logon path = \\%L\profiles\%U
>>     logon drive = U:
>>     update encrypted = Yes
>>     encrypt passwords = yes
>>     domain master = yes
>>     domain logons = yes
>>     local master = yes
>>     preferred master = yes
>>     guest ok = no
>>     admin users = root Administrator
>>     
>>     #wins support = yes
>>     #wins proxy = yes
>> ----
>>
>>
>> -- 
>> David Caplan <david at david.ath.cx>
>> Key fingerprint: AADC 53B6 D5FB 31FE E191  4E9A 8D5D 2952 9358 
>>  
>>
>

More information about the samba mailing list