[Samba] Samba/Netscape Directory Server

Christian Merrill cmerrill at redhat.com
Tue Nov 16 16:20:06 GMT 2004


Christian Merrill wrote:

> For whatever reason I am trying to configure the following environment 
> and am running into trouble towards the end of things.  Hopefully I am 
> overlooking something basic, any assistance would be greatly appreciated.
>
> 1. Redhat AS 2.1 server running Netscape Directory Server 5.2
> 2. RHEL3 system using Samba 3.0.8 acting as a PDC integrated with the 
> Netscape LDAP server
> 3. Win2k/XP clients as domain members
> 4.**Using crypt and not md5
>
> Following through various documentation I have what I believe is a 
> functional directory server with the appropriate samba schema loaded 
> in.  The RHEL3 system is able to act as an ldap client -- via the 
> various idealx tools the directory server has been populated.  " net 
> getlocalsid" works, getent passwd/group shows appropriate users, and I 
> can su to the various directory users that exist.
>
> However, I am unable to join the domain from a windows machine or even 
> manually access a share via something like "net use * \\server\share 
> /user:Administrator".  The directory server is getting a query but I 
> am getting bad user/pw errors.  Additionally I cannot ssh/telnet/ftp 
> on the client machine with ldap accounts though I believe this is 
> likely due to using crypt and pam needing modification.
>
> --------
> A "net use * \\192.168.0.8\test /user:Administrator
> --with password, returns in the netscape directory log:
>
> [16/Nov/2004:10:36:50 -0500] conn=157 op=-1 msgId=-1 - fd=56 slot=56 
> LDAP connection from 172.16.59.205 to 172.16.59.50
> [16/Nov/2004:10:36:50 -0500] conn=157 op=0 msgId=1 - BIND 
> dn="cn=Directory Manager" method=128 version=3
> [16/Nov/2004:10:36:50 -0500] conn=157 op=0 msgId=1 - RESULT err=0 
> tag=97 nentries=0 etime=0 dn="cn=directory manager"
> [16/Nov/2004:10:36:50 -0500] conn=157 op=1 msgId=2 - SRCH 
> base="dc=rdu,dc=redhat,dc=com" scope=2 
> filter="(&(objectClass=sambaDomain)(sambaDomainName=LDAP))" 
> attrs="sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid 
> sambaSID sambaAlgorithmicRidBase objectClass"
> [16/Nov/2004:10:36:50 -0500] conn=157 op=1 msgId=2 - RESULT err=0 
> tag=101 nentries=1 etime=0
> [16/Nov/2004:10:36:50 -0500] conn=157 op=2 msgId=3 - SRCH 
> base="dc=rdu,dc=redhat,dc=com" scope=2 
> filter="(&(sambaSID=S-1-5-21-709490077-3483046013-2562787883-501)(objectClass=sambaSamAccount))" 
> attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet 
> sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime 
> sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
> sambaLogonScript sambaProfilePath description sambaUserWorkstations 
> sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
> sambaDomainName objectClass sambaAcctFlags sambamungeddial 
> sambabadpasswordcount sambabadpasswordtime sambapasswordhistory 
> modifyTimestamp sambalogonhours modifyTimestamp"
> [16/Nov/2004:10:36:50 -0500] conn=157 op=2 msgId=3 - RESULT err=0 
> tag=101 nentries=0 etime=0
> [16/Nov/2004:10:36:50 -0500] conn=158 op=-1 msgId=-1 - fd=59 slot=59 
> LDAP connection from 172.16.59.205 to 172.16.59.50
> [16/Nov/2004:10:36:50 -0500] conn=158 op=0 msgId=1 - BIND 
> dn="cn=Directory Manager" method=128 version=3
> [16/Nov/2004:10:36:50 -0500] conn=158 op=0 msgId=1 - RESULT err=0 
> tag=97 nentries=0 etime=0 dn="cn=directory manager"
> [16/Nov/2004:10:36:50 -0500] conn=158 op=1 msgId=2 - SRCH 
> base="ou=groups,dc=rdu,dc=redhat,dc=com" scope=1 
> filter="(&(objectClass=posixGroup)(memberUid=nobody))" attrs="gidNumber"
> [16/Nov/2004:10:36:50 -0500] conn=158 op=1 msgId=2 - RESULT err=0 
> tag=101 nentries=0 etime=0
> [16/Nov/2004:10:36:50 -0500] conn=157 op=3 msgId=4 - SRCH 
> base="ou=groups,dc=rdu,dc=redhat,dc=com" scope=2 
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" 
> attrs="gidNumber sambaSID sambaGroupType sambasidlist description 
> displayName cn objectClass"
> [16/Nov/2004:10:36:50 -0500] conn=157 op=3 msgId=4 - RESULT err=0 
> tag=101 nentries=0 etime=0
> [16/Nov/2004:10:36:50 -0500] conn=157 op=4 msgId=5 - SRCH 
> base="dc=rdu,dc=redhat,dc=com" scope=2 
> filter="(&(uid=root)(objectClass=sambaSamAccount))" attrs="uid
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount 
> sambabadpasswordtime sambapasswordhistory modifyTimestamp 
> sambalogonhours modifyTimestamp"[16/Nov/2004:10:36:50 -0500] conn=157 
> op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=0
> [16/Nov/2004:10:36:51 -0500] conn=157 op=5 msgId=6 - SRCH 
> base="dc=rdu,dc=redhat,dc=com" scope=2 
> filter="(&(uid=root)(objectClass=sambaSamAccount))" attrs="uid
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount 
> sambabadpasswordtime sambapasswordhistory modifyTimestamp 
> sambalogonhours modifyTimestamp"[16/Nov/2004:10:36:51 -0500] conn=157 
> op=5 msgId=6 - RESULT err=0 tag=101 nentries=0 etime=0
>
>
> Thanks again for any help,
> Christian
>
Ok, managed to fix most of this...however something appears to be goofy 
with the Administrator account...I cannot access shares with it directly 
and it won't allow me to join a machine to the domain.

Christian



More information about the samba mailing list