[Samba] join ldap pdc domain "Access is denied."
John Stile
john at stilen.com
Tue Sep 21 23:58:19 GMT 2004
I am trying to join a W2k Workstation to a samba PDC (SuSE9.1
samba-3.0.4, openldap2-2.2.6, samba-winbind-3.0.4) following the book
Samba-3 By Example, by John H. Terpstra.
The error is "Access is denied." on the Windows, when trying to join the
domain from My Computer->Properties->Identification->Member
of->Domain->WASTE2.
Administrator is mapped to a uid=0:
getent passwd |grep Admin
Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false
From the workstation I can map a share with user=Administrator and
passwd=not24get
This is the slapd log for the transaction (I did not see the logs in
/var/log/samba/log.* grow):
Sep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 ACCEPT from IP=127.0.0.2:34839 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 ACCEPT from IP=127.0.0.2:34840 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: connection_input: conn=2 deferring operation: binding
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 ACCEPT from IP=127.0.0.1:34841 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 ACCEPT from IP=127.0.0.2:34842 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 ACCEPT from IP=127.0.0.2:34843 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 ACCEPT from IP=127.0.0.1:34844 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH base="dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3407451059-1907285946-1511391544-501)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH base="ou=People,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=nobody))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=546))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 closed
--
._____________________.
| \0/ John Stile |
| UniX Administration |
| / \ 510-305-3800 |
| john at stilen.com |
.---------------------.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040921/45b7dd1d/attachment.bin
More information about the samba
mailing list