[Samba] SAMBA with LDAP - net join fails

Sat Apr 23 16:05:00 GMT 2005

Folks,

Steven Henry's problem has been solved and as a result chapter 5 of the 
"Samba-3 by Example" process that he was following has been updated to help 
others to avoid the same hick-ups.

Chapter 5 (was chapter 6 in the first edition) has been considerably expanded 
to include specific diagnostic steps that will help to solve problems such as 
those encountered here. I strongly advise that the diagnostic and validation 
steps should be followed at every step during the first-time implementation
of a Samba+LDAP server as it will make it possible to detect configuration 
errors before they are compounded.

In short: /etc/ldap.conf had some glitches in it that caused NSS account 
lookup to fail. There were a few miscellaneous typos in slapd.conf and 
smb.conf that added up to broken behavior.

I very much appreciate Steven Henry's assistance in helping to improve the 
quality and usefulness of the new documentation update.

- John T.

On Saturday 23 April 2005 09:26, Michael Gasch wrote:
> i had the same problem (except of your winbind problem) only with
>
> smbldap-tools 0.8.8 and samba v3.0.13
>
> i could not add the account with a uid=0 account
> if i tried as a member of "admin users = " (in smb.conf) group, then i
> could add the account
>
> may be you could try that first
>
> Matthias Eichler wrote:
> > Hi,
> >
> > I would not specify the password in the commandline, but when
> > prompted for it. I had some problems with special signs (maybe
> > like your % in the password...)
> >
> > Matthias
> >
> > Am Donnerstag, den 21.04.2005, 08:25 -0500 schrieb Steven C. Henry:
> >>Hi,
> >>
> >>I have performed all the steps from John Tepstra's "Samba-3 by Example"
> >> 20 April 2005 to Chapter 5, step 21, pg 146.
> >>(My goal is to have SAMBA with LDAP and no MS Windows servers.)
> >>
> >>Everything appears to work properly to this point.
> >>
> >>When I perform the command: (amd is the name of this test server)
> >>
> >>net rpc join -S AMD -U root%not24get
> >>
> >>I get the error:
> >>
> >>Could not connect to server AMD
> >>The username or password was not correct.
> >>
> >>Adding debug -d 1, I get the following additional information:
> >>[2005/04/20 17:00:23, 1] utils/net_rpc.c:run_rpc_command(139)
> >>  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> >>[2005/04/20 17:00:23, 1] libsmb/cliconnect.c:cli_full_connection(1494)
> >>  failed session setup with NT_STATUS_LOGON_FAILURE
> >>Could not connect to server AMD
> >>The username or password was not correct.
> >>
> >>When restarting winbindd before trying to join the domain, I get the
> >>following in the windbindd error log:
> >>
> >>[2005/04/20 16:36:54, 0] lib/smbldap.c:smbldap_open_connection(599)
> >>  ldap_initialize: Bad parameter to an ldap routine
> >>[2005/04/20 16:36:54, 1] lib/smbldap.c:another_ldap_try(1011)
> >>  Connection to LDAP server failed for the 1 try!
> >>...
> >>[2005/04/20 16:37:09, 0] sam/idmap.c:idmap_init(138)
> >>  idmap_init: failed to initialize remote backend!
> >>[2005/04/20 16:37:09, 1] nsswitch/winbindd.c:main(897)
> >>  Could not init idmap -- netlogon proxy only
> >>
> >>The following occurs in samba IP (machine) log, which I would expect.
> >>
> >>[2005/04/20 16:29:04, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
> >>  get_md4pw: Workstation AMD$: no account in domain
> >>
> >>the /etc/nsswitch.conf file has the following:
> >>
> >>passwd: compat ldap
> >>shadow: files ldap
> >>group:  compat ldap
> >>
> >>hosts:  files dns wins
> >>
> >>System is running SuSE 9.2 with Samba 3.0.14a-.1-SUSE
> >>
> >>Any assistance would be greatly appreciated. Thank you.
> >>
> >>
> >>--
> >>Steven C. Henry
> >>stevench at xnet.comstevenchh@xnet.com
> >>Steven C. Henry
>
> --
> Michael Gasch
> Max Planck Institute for Evolutionary Anthropology
> Department of Human Evolution
> Deutscher Platz 6
> D-04103 Leipzig
> Germany
>
> Phone: 49 (0)341 - 3550 137

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.