[Samba] Re: Can join domain; can't logon

[Igor Belyi]

Chris St. Pierre wrote:

>However!  Here's the smbd log:
>
>[2004/10/05 16:24:17, 1] lib/smbldap.c:add_new_domain_info(1289)
>  failed to add domain dn= sambaDomainName=NWU_TEST,o=nebrwesleyan.edu,o=isp with: Object class violation
>  	
>[2004/10/05 16:24:17, 0] lib/smbldap.c:smbldap_search_domain_info(1338)
>  Adding domain info for NWU_TEST failed with NT_STATUS_UNSUCCESSFUL
>[2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261)
>  get_md4pw: Workstation GUINEA-PIG$: no account in domain
>[2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261)
>  get_md4pw: Workstation GUINEA-PIG$: no account in domain
>
>Which alerts me to the fact that it's the creation of the domain in
>LDAP that's causing problems.  I properly installed the 3.0.7 schema
>-- as is evidenced by other things working -- but this is giving me an
>object class violation.  I cranked the log level up to 10, but it
>didn't give me much more information that was readily useful to me;
>the full 157K log is available, though, if you want it.
>
>Any ideas?  Or, if anyone has a typical LDAP domain entry I can look
>at, I can add it by hand and get more info from it.
>  
>
Hopefuly you already found that it's something obvious in your setup, 
but just in case...

Here's the relevant part of the samba.scheme:

objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
        DESC 'Samba Domain Information'
        MUST ( sambaDomainName $
               sambaSID )
        MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
              sambaAlgorithmicRidBase ) )

Here's what I have for this entry:

# TESTPDC, mydomain.org
dn: sambaDomainName=TESTPDC,dc=mydomain,dc=org
sambaDomainName: TESTPDC
sambaSID: S-1-5-21-2972487546-3827399895-3041126189
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain

You can also look in LDAP log to see if all MUST attributes are sent in 
ldap_add_s call for the domain entry.

Hope it helps,
Igor