[Samba] Can join domain; can't logon
Chris St. Pierre
stpierre at NebrWesleyan.edu
Tue Oct 5 15:24:36 GMT 2004
I had a problem similar to my current one a week or so ago, and I was
encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now
that I've completed that nightmare, the problem I initially set out to
fix is still there, just different. Namely:
I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC
whose only job will be authentication. Our LDAP server is on a
separate box. I can join the domain just fine, but when I try to
login via Windows, I get the following error:
"The system cannot log you on to this domain because the system's
computer account in its primary domain is missing or the password on
that account is incorrect."
I suspected that neither of these were the case, as I created the
account with idealx's smbldap-tools. I verified that the account is
there with ldapsearch. Last time I had this problem, Samba wasn't
even communicating with LDAP, but this time it is. When I try to
login, here's what the LDAP logs show:
[05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH
base="o=nebrwesleyan.edu,o=isp" scope=2
filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount
sambabadpasswordtime sambapasswordhistory modifyTimestamp
sambalogonhours modifyTimestamp"
[05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH
base="o=nebrwesleyan.edu,o=isp" scope=2
filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount
sambabadpasswordtime sambapasswordhistory modifyTimestamp
sambalogonhours modifyTimestamp"
It searches twice for the machine trust account, which I've verified
exists. The only thing I can think of is that not all of the
attributes it's asking for exist. (In fact, a lot of them don't.) As
you can see in the attached nmbd log, though, Samba doesn't show any
obvious errors. I've also included my smb.conf (with some changes to
protect my server's innocence). Any ideas are greatly appreciated.
Thanks.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549
-------------- next part --------------
[global]
server string = test
workgroup = NWU_TEST
netbios name = TESTERATOR
log level = 1
encrypt passwords = yes
max smbd processes = 0
socket options = TCP_NODELAY
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
domain logons = yes
local master = yes
preferred master = yes
wins server = 10.9.1.12
security = user
passdb backend = ldapsam:ldap://server.nebrwesleyan.edu
ldap suffix = o=nebrwesleyan,o=edu
ldap machine suffix = ou=Machines
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap filter = (uid=%u)
ldap admin dn = cn=foo
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
[tmp]
comment = temporary files
path = /tmp
read only = yes
-------------- next part --------------
[2004/10/05 11:14:43, 5] nmbd/nmbd_packets.c:process_dgram(1194)
process_dgram: ignoring dgram packet sent to name COMPUTER LABS<1d> from 10.9.1.10
[2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found.
[2004/10/05 11:14:43, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1096992883) - last(1096992397) < 900
[2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
[2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
[2004/10/05 11:14:48, 10] lib/util_sock.c:read_udp_socket(230)
read_udp_socket: lastip 10.9.1.97 lastport 138 read: 290
[2004/10/05 11:14:48, 5] libsmb/nmblib.c:read_packet(757)
Received a packet of len 290 from (10.9.1.97) port 138
[2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69)
nmbd_subnetdb:namelist_entry_compare()
-1 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1d>", 84 )
[2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69)
nmbd_subnetdb:namelist_entry_compare()
0 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1c>", 84 )
[2004/10/05 11:14:48, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(124)
find_name_on_subnet: on subnet 10.9.1.111 - found name NWU_TEST<1c> source=2
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:process_dgram(1259)
process_dgram: datagram from GUINEA-PIG<00> to NWU_TEST<1c> IP 10.9.1.97 for \MAILSLOT\NET\NETLOGON of type 18 len=116
[2004/10/05 11:14:48, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95)
process_logon_packet: Logon from 10.9.1.97: code = 0x12
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315)
process_logon_packet: SAMLOGON sidsize 24, len = 116
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322)
process_logon_packet: len = 116 PTR_DIFF(q, buf) = 108
[2004/10/05 11:14:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347)
process_logon_packet: SAMLOGON sidsize 24 ntv 11
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356)
process_logon_packet: SAMLOGON user GUINEA-PIG$
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363)
process_logon_packet: SAMLOGON request from GUINEA-PIG(10.9.1.97) for GUINEA-PIG$, returning logon svr \\TESTERATOR domain NWU_TEST code 13 token=ffff
[2004/10/05 11:14:48, 4] lib/util.c:dump_data(1835)
[000] 13 00 5C 00 5C 00 54 00 45 00 53 00 54 00 45 00 ..\.\.T. E.S.T.E.
[010] 52 00 41 00 54 00 4F 00 52 00 00 00 47 00 55 00 R.A.T.O. R...G.U.
[020] 49 00 4E 00 45 00 41 00 2D 00 50 00 49 00 47 00 I.N.E.A. -.P.I.G.
[030] 24 00 00 00 4E 00 57 00 55 00 5F 00 54 00 45 00 $...N.W. U._.T.E.
[040] 53 00 54 00 00 00 01 00 00 00 FF FF FF FF S.T..... ......
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:send_mailslot(1902)
send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from TESTERATOR<00> IP 10.9.1.111 to GUINEA-PIG<00> IP 10.9.1.97
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:debug_browse_data(100)
debug_browse_data():
0 char ..\.\.T.E.S.T.E. hex 13 00 5c 00 5c 00 54 00 45 00 53 00 54 00 45 00
10 char R.A.T.O.R...G.U. hex 52 00 41 00 54 00 4f 00 52 00 00 00 47 00 55 00
20 char I.N.E.A.-.P.I.G. hex 49 00 4e 00 45 00 41 00 2d 00 50 00 49 00 47 00
30 char $...N.W.U._.T.E. hex 24 00 00 00 4e 00 57 00 55 00 5f 00 54 00 45 00
40 char S.T........... hex 53 00 54 00 00 00 01 00 00 00 ff ff ff ff
[2004/10/05 11:14:48, 5] libsmb/nmblib.c:send_udp(779)
Sending a packet of len 252 to (10.9.1.97) on port 138
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found.
[2004/10/05 11:14:48, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1096992883) - last(1096992397) < 900
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
[2004/10/05 11:14:48, 10] lib/util_sock.c:read_udp_socket(230)
read_udp_socket: lastip 10.9.1.97 lastport 138 read: 290
[2004/10/05 11:14:48, 5] libsmb/nmblib.c:read_packet(757)
Received a packet of len 290 from (10.9.1.97) port 138
[2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69)
nmbd_subnetdb:namelist_entry_compare()
0 == memcmp( "NWU_TEST<1c>", "NWU_TEST<1c>", 84 )
[2004/10/05 11:14:48, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(124)
find_name_on_subnet: on subnet 10.9.1.111 - found name NWU_TEST<1c> source=2
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:process_dgram(1259)
process_dgram: datagram from GUINEA-PIG<00> to NWU_TEST<1c> IP 10.9.1.97 for \MAILSLOT\NET\NETLOGON of type 18 len=116
[2004/10/05 11:14:48, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95)
process_logon_packet: Logon from 10.9.1.97: code = 0x12
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315)
process_logon_packet: SAMLOGON sidsize 24, len = 116
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322)
process_logon_packet: len = 116 PTR_DIFF(q, buf) = 108
[2004/10/05 11:14:48, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347)
process_logon_packet: SAMLOGON sidsize 24 ntv 11
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356)
process_logon_packet: SAMLOGON user GUINEA-PIG$
[2004/10/05 11:14:48, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363)
process_logon_packet: SAMLOGON request from GUINEA-PIG(10.9.1.97) for GUINEA-PIG$, returning logon svr \\TESTERATOR domain NWU_TEST code 13 token=ffff
[2004/10/05 11:14:48, 4] lib/util.c:dump_data(1835)
[000] 13 00 5C 00 5C 00 54 00 45 00 53 00 54 00 45 00 ..\.\.T. E.S.T.E.
[010] 52 00 41 00 54 00 4F 00 52 00 00 00 47 00 55 00 R.A.T.O. R...G.U.
[020] 49 00 4E 00 45 00 41 00 2D 00 50 00 49 00 47 00 I.N.E.A. -.P.I.G.
[030] 24 00 00 00 4E 00 57 00 55 00 5F 00 54 00 45 00 $...N.W. U._.T.E.
[040] 53 00 54 00 00 00 01 00 00 00 FF FF FF FF S.T..... ......
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:send_mailslot(1902)
send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from TESTERATOR<00> IP 10.9.1.111 to GUINEA-PIG<00> IP 10.9.1.97
[2004/10/05 11:14:48, 4] nmbd/nmbd_packets.c:debug_browse_data(100)
debug_browse_data():
0 char ..\.\.T.E.S.T.E. hex 13 00 5c 00 5c 00 54 00 45 00 53 00 54 00 45 00
10 char R.A.T.O.R...G.U. hex 52 00 41 00 54 00 4f 00 52 00 00 00 47 00 55 00
20 char I.N.E.A.-.P.I.G. hex 49 00 4e 00 45 00 41 00 2d 00 50 00 49 00 47 00
30 char $...N.W.U._.T.E. hex 24 00 00 00 4e 00 57 00 55 00 5f 00 54 00 45 00
40 char S.T........... hex 53 00 54 00 00 00 01 00 00 00 ff ff ff ff
[2004/10/05 11:14:48, 5] libsmb/nmblib.c:send_udp(779)
Sending a packet of len 252 to (10.9.1.97) on port 138
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found.
[2004/10/05 11:14:48, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1096992888) - last(1096992397) < 900
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
dump_workgroups()
dump workgroup on subnet 10.9.1.111: netmask= 255.255.0.0:
COMPSERV(4) current master browser = SPOOLWATCH
WORKGROUP(3) current master browser = EDUCATION
NWU_EXODUS(2) current master browser = BELL
NWU_TEST(1) current master browser = TESTERATOR
TESTERATOR 400c9b0b (test)
GUINEA-PIG 40011003 ()
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
dump_workgroups()
dump workgroup on subnet UNICAST_SUBNET: netmask= 0.0.0.0:
NWU_TEST(1) current master browser = UNKNOWN
TESTERATOR 40099b0b (test)
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
[2004/10/05 11:14:48, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found.
More information about the samba
mailing list