[Samba] account is not autorized to connect from this station.
Patrick DUBAU
patrick.dubau at alsace.iufm.fr
Thu Oct 7 09:28:24 GMT 2004
Hi all,
(i'am beginner)
i have samba 3.0.7 and ldap 2.1.30-3 installed on linux debian sarge
My users account are stored in ldap (ou=people,dc=alsace,dc=iufm,dc=fr)
I used idealx smbldaptools .0.8.5 to :
- populate LDAP (account administrator is created, id administrator
gives " uid=0(Administrator) gid=512(Domain Admins) groupes=512(Domain
Admins)"
- add my machine accoun (named i-dp-test) by : smbldap-useradd -w i-dp-test
- created some user accounts by : smbldap-useradd -a -m -c "Pat DUBAU" pat
For tests i did :
- pdbvedit -Vl : lists all my users/computers with samba attributes. So OK
- smbclient -L FS1 : prompts me a password, i give the *root's*
password then i get :
Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian]
Sharename Type Comment
--------- ---- -------
commun Disk commun aux profs et _tudiants
compta Disk fichiers du service comptable
prothee Disk acc__ prothee
netlogon Disk Network Logon Service
IPC$ IPC IPC Service (Samba 3.0.7-Debian)
ADMIN$ IPC IPC Service (Samba 3.0.7-Debian)
Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian]
Server Comment
--------- -------
FS1 Samba 3.0.7-Debian
Workgroup Master
--------- -------
DOMI FS1
INFORMATIQUE I_AM
MSHOME I_NN
WORKGROUP I-ADMRESEAU
My problem :
when i change the workgroup to domain DOMI on workstation i-dp-test, i'm
prompted for user and password, i give *administrator *and his password,
but i get the errror message :
"The following error occured while attempting to join domain IDOM
The account is not autorized to connect from this station."
Note : The machine is windows XP Sp1
I'm looking for a few days now about that problem, but i can't find out
what's wrong.
Thank you for any help
*Here my smn.conf file :
*[global]
netbios name = FS1
workgroup = DOMI
security = user
encrypt passwords = no
admin users= @"Domain Admins"
interfaces=192.168.251.8
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
log file = /var/log/samba/%m.log
log level = 3
max log size = 5000
add machine script = /usr/local/sbin/smbldap-useradd -w %u"
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
#set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = dc=alsace,dc=iufm,dc=fr
ldap admin dn = "cn=admin,dc=alsace,dc=iufm,dc=fr"
ldap ssl=no
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
#ldap idmap suffix = ou=Users
ldap passwd sync = Yes
#***********************************************************************************
ldap passwd sync = Yes
[commun]
comment = commun aux profs et étudiants
volume = commun
path = /home/samba/commun
guest ok=yes
read only = no
writeable = yes
[compta]
comment = fichiers du service comptable
path = /home/samba/fichiers/compta
public = yes
writeable = yes
read only = no
create mask = 0750
valid users = @compta
[prothee]
comment = accès à prothee
path=/home/samba/prothee
public = yes
writeable = yes
read only = no
create mask = 0750
valid users = "prothee"
[netlogon]
path = /home/samba/netlogon
browseable = no
read only = yes
*Here's me slapd.conf file :
*
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 256
# Create a replication log in /var/lib/ldap for use by slurpd.
replogfile /var/log/ldap.log
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_ldbm
#######################################################################
# Specific Backend Directives for ldbm:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend ldbm
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type ldbm:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database ldbm
# The base of your directory in database #1
suffix "dc=alsace,dc=iufm,dc=fr"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
index uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attribute=userPassword
by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be ldbm too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
More information about the samba
mailing list