[Samba] Problem to logon after join LDAP/SAMBA domain
Louis van Belle
louis at van-belle.nl
Mon Aug 1 14:54:50 GMT 2005
Hi Felipe,
First great you found it.
just type net on the console en see the output, there is
something like this:
net setlocalsid SID "to set the local domain SID"
This is how i fixed it, ( had simular problem here )
make a export of the ldap database.
I used ldapadmin and phpldapadmin, just pick one you like.
do a net getlocalsid, and set this in smbldap.conf
delete your database.
i used notepad++ (very cool editor) to change the incorrected entrys
import your database again.
i you use debian, you can also backup
/var/lib/ldap
/var/lib/samba
then if something goes wrong, just stop samba and ldap , copy these backuped
files
back and your back in 1ste state.
goodluck,
and my advice , make that backup of /var/lib/ldap and samba
i did need it. ;-)
Greetz
Louis
>-----Oorspronkelijk bericht-----
>Van: Felipe [mailto:felipe.piccirilo at gmail.com]
>Verzonden: maandag 1 augustus 2005 14:50
>Aan: Louis van Belle
>CC: Samba users-list
>Onderwerp: Re: [Samba] Problem to logon after join LDAP/SAMBA domain
>
>Hi Louis and all list..
>
>Thanks for all the tips, but I think I figured out what was
>the problem...
>I'm having some problems with the SID of the samba and LDAP, I try to
>set it manually but I'm not sure of how it works, I just know that
>when I perform "net getlocalsid", the SID I get was different of the
>one in the file smbldap.conf (from smbldap-tools) and when a
>workstation joined to a domain, it seems that it loose the trust
>relationship and you can't logon with this workstation.
>
>Do you or anyone in the list know if I can change this SID and then
>build my domain without any problem? If yes, where I should set the
>SID beyond the smbldap.conf and "net setlocalsid SID" before populate
>my domain?
>
>thanks in advance.
>
>regards
>Felipe.
>2005/7/29, Louis van Belle <louis at van-belle.nl>:
>> Have you tried this register hacks already.
>>
>> /snap cut here.
>> REGEDIT4
>>
>>
>;--------------------------------------------------------------
>-----------
>> ; do not roam the following folders
>>
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows
>NT\CurrentVersion\Winlogon]
>> "ExcludeProfileDirs"="Temporary Internet Files;History;Temp"
>>
>>
>;--------------------------------------------------------------
>-----------
>> ; force Windows XP Professional clients to accept Samba as a PDC
>>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
>Parameters]
>> "requiresignorseal"=dword:00000000
>> "signsecurechannel"=dword:00000000
>>
>>
>;--------------------------------------------------------------
>-----------
>> ; Do not check for user ownership of Roaming Profile Folders
>> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
>> "CompatibleRUPSecurity"=dword:00000001
>> /snap end.
>>
>>
>>
>> >-----Oorspronkelijk bericht-----
>> >Van: Felipe [mailto:felipe.piccirilo at gmail.com]
>> >Verzonden: vrijdag 29 juli 2005 15:14
>> >Aan: Louis van Belle
>> >Onderwerp: Re: [Samba] Problem to logon after join LDAP/SAMBA domain
>> >
>> >Thanks Louis, but unfortunately no... it didn't work.. it seems that
>> >the Samba isn't getting the user and pass or the windows XP isn't
>> >sending in the right way because in the log.workstation
>file the last
>> >line is:
>> >
>> >2005/07/29 10:01:39, 3]
>> >smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
>> > Doing spnego session setup
>> >[2005/07/29 10:01:39, 3]
>> >smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
>> > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows
>> >2002 5.1] PrimaryDomain=[]
>> >[2005/07/29 10:01:39, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
>> > Got user=[] domain=[] workstation=[TEC01] len1=1 len2=0
>> >
>> >other ideas?
>> >
>> >
>> >
>> >
>> >2005/7/29, Louis van Belle <louis at van-belle.nl>:
>> >> I think you have to do this on the console
>> >>
>> >> 1 set the password again for the user. => reset
>the password
>> >> 2 smbldap-usermod -J username =>
>> >enable the user
>> >>
>> >> somethimes users are disabled, you can check this with the
>> >usrmgr.exe from
>> >> the nt tools
>> >>
>> >>
>> >>
>> >> >-----Oorspronkelijk bericht-----
>> >> >Van: samba-bounces+louis=van-belle.nl at lists.samba.org
>> >> >[mailto:samba-bounces+louis=van-belle.nl at lists.samba.org]
>> >Namens Felipe
>> >> >Verzonden: vrijdag 29 juli 2005 14:22
>> >> >Aan: Samba users-list
>> >> >Onderwerp: [Samba] Problem to logon after join LDAP/SAMBA domain
>> >> >
>> >> >Hi all,
>> >> >
>> >> >I'm using SAMBA with LDAP as my PDC but after I join a
>workstations
>> >> >Windows XP to the domain, I can't authenticate any user with this
>> >> >workstation, It gives the fallowing error when I press
>ctrl+alt+del
>> >> >and try to logon:
>> >> >
>> >> >"The system can't authenticate the user. Check if the user and
>> >> >password is correct then retype them press ok" etc.....
>> >> >
>> >> >In the server, I can see the workstation in Ldap
>database, in getent
>> >> >passwd. The users I try to logon works when I authenticate
>> >in ftp, ssh
>> >> >and other several services when I use the same workstation
>> >as a local
>> >> >machine.
>> >> >
>> >> >I'm using:
>> >> >samba-3.0.14
>> >> >pam_ldap-178-1
>> >> >openldap-devel-2.2.17-1
>> >> >nss_ldap-238-1
>> >> >smbldap-tools-0.8.8-1
>> >> >openldap-2.2.17-1
>> >> >
>> >> >Someone know what is going on? Is there any problem with
>> >> >windows or with me?
>> >> >
>> >> >best regards,
>> >> >--
>> >> >To unsubscribe from this list go to the following URL
>and read the
>> >> >instructions: https://lists.samba.org/mailman/listinfo/samba
>> >> >
>> >>
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/listinfo/samba
>> >>
>> >
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>
More information about the samba
mailing list