[Samba] Samba/Netscape Directory Server

Christian Merrill cmerrill at redhat.com
Tue Nov 16 16:05:13 GMT 2004 

For whatever reason I am trying to configure the following environment 
and am running into trouble towards the end of things.  Hopefully I am 
overlooking something basic, any assistance would be greatly appreciated.

1. Redhat AS 2.1 server running Netscape Directory Server 5.2
2. RHEL3 system using Samba 3.0.8 acting as a PDC integrated with the 
Netscape LDAP server
3. Win2k/XP clients as domain members
4.**Using crypt and not md5

Following through various documentation I have what I believe is a 
functional directory server with the appropriate samba schema loaded 
in.  The RHEL3 system is able to act as an ldap client -- via the 
various idealx tools the directory server has been populated.  " net 
getlocalsid" works, getent passwd/group shows appropriate users, and I 
can su to the various directory users that exist.

However, I am unable to join the domain from a windows machine or even 
manually access a share via something like "net use * \\server\share 
/user:Administrator".  The directory server is getting a query but I am 
getting bad user/pw errors.  Additionally I cannot ssh/telnet/ftp on the 
client machine with ldap accounts though I believe this is likely due to 
using crypt and pam needing modification.

--------
A "net use * \\192.168.0.8\test /user:Administrator
--with password, returns in the netscape directory log:

[16/Nov/2004:10:36:50 -0500] conn=157 op=-1 msgId=-1 - fd=56 slot=56 
LDAP connection from 172.16.59.205 to 172.16.59.50
[16/Nov/2004:10:36:50 -0500] conn=157 op=0 msgId=1 - BIND 
dn="cn=Directory Manager" method=128 version=3
[16/Nov/2004:10:36:50 -0500] conn=157 op=0 msgId=1 - RESULT err=0 tag=97 
nentries=0 etime=0 dn="cn=directory manager"
[16/Nov/2004:10:36:50 -0500] conn=157 op=1 msgId=2 - SRCH 
base="dc=rdu,dc=redhat,dc=com" scope=2 
filter="(&(objectClass=sambaDomain)(sambaDomainName=LDAP))" 
attrs="sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid 
sambaSID sambaAlgorithmicRidBase objectClass"
[16/Nov/2004:10:36:50 -0500] conn=157 op=1 msgId=2 - RESULT err=0 
tag=101 nentries=1 etime=0
[16/Nov/2004:10:36:50 -0500] conn=157 op=2 msgId=3 - SRCH 
base="dc=rdu,dc=redhat,dc=com" scope=2 
filter="(&(sambaSID=S-1-5-21-709490077-3483046013-2562787883-501)(objectClass=sambaSamAccount))" 
attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet 
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime 
sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaUserWorkstations 
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
sambaDomainName objectClass sambaAcctFlags sambamungeddial 
sambabadpasswordcount sambabadpasswordtime sambapasswordhistory 
modifyTimestamp sambalogonhours modifyTimestamp"
[16/Nov/2004:10:36:50 -0500] conn=157 op=2 msgId=3 - RESULT err=0 
tag=101 nentries=0 etime=0
[16/Nov/2004:10:36:50 -0500] conn=158 op=-1 msgId=-1 - fd=59 slot=59 
LDAP connection from 172.16.59.205 to 172.16.59.50
[16/Nov/2004:10:36:50 -0500] conn=158 op=0 msgId=1 - BIND 
dn="cn=Directory Manager" method=128 version=3
[16/Nov/2004:10:36:50 -0500] conn=158 op=0 msgId=1 - RESULT err=0 tag=97 
nentries=0 etime=0 dn="cn=directory manager"
[16/Nov/2004:10:36:50 -0500] conn=158 op=1 msgId=2 - SRCH 
base="ou=groups,dc=rdu,dc=redhat,dc=com" scope=1 
filter="(&(objectClass=posixGroup)(memberUid=nobody))" attrs="gidNumber"
[16/Nov/2004:10:36:50 -0500] conn=158 op=1 msgId=2 - RESULT err=0 
tag=101 nentries=0 etime=0
[16/Nov/2004:10:36:50 -0500] conn=157 op=3 msgId=4 - SRCH 
base="ou=groups,dc=rdu,dc=redhat,dc=com" scope=2 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" 
attrs="gidNumber sambaSID sambaGroupType sambasidlist description 
displayName cn objectClass"
[16/Nov/2004:10:36:50 -0500] conn=157 op=3 msgId=4 - RESULT err=0 
tag=101 nentries=0 etime=0
[16/Nov/2004:10:36:50 -0500] conn=157 op=4 msgId=5 - SRCH 
base="dc=rdu,dc=redhat,dc=com" scope=2 
filter="(&(uid=root)(objectClass=sambaSamAccount))" attrs="uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount 
sambabadpasswordtime sambapasswordhistory modifyTimestamp 
sambalogonhours modifyTimestamp"[16/Nov/2004:10:36:50 -0500] conn=157 
op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2004:10:36:51 -0500] conn=157 op=5 msgId=6 - SRCH 
base="dc=rdu,dc=redhat,dc=com" scope=2 
filter="(&(uid=root)(objectClass=sambaSamAccount))" attrs="uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount 
sambabadpasswordtime sambapasswordhistory modifyTimestamp 
sambalogonhours modifyTimestamp"[16/Nov/2004:10:36:51 -0500] conn=157 
op=5 msgId=6 - RESULT err=0 tag=101 nentries=0 etime=0


Thanks again for any help,
Christian

More information about the samba mailing list