[Samba] Samba+ldap : can't join to domain

info.neufchatel at easyconnect.fr info.neufchatel at easyconnect.fr
Wed Aug 31 13:45:04 GMT 2005 

Hello,

I'm using Samba3.0.14a and openldap from Debian/Sarge.

I used some doc to make it work and this one in particular :
http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html

I am using root with uidnumber=O, samba.conf from idealx samba3-ldap howto and
everything looks too work fine except that :

I can't join the domain (even if the computer account is created by
smbldap-useradd).

# net rpc join -S SAMBA -Uroot
Password:
Creation of workstation account failed
Unable to join domain MYDOMAIN.

Here is part of the log :

[2005/08/31 14:49:16, 5] auth/auth_util.c:make_user_info_map(224)
  make_user_info_map: Mapping user [MYDOMAIN]\[root] from workstation [SAMBA]
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 5] auth/auth_util.c:is_trusted_domain(1560)
  is_trusted_domain: Checking for domain trust with [MYDOMAIN]
[2005/08/31 14:49:16, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(333)
  secrets_fetch failed!

(...cut...)

[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[LANGLOIS]\[root]@[SAMBA] with the new password interface
[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MYDOMAIN]\[root]@[SAMBA]

(...cut...)

[2005/08/31 14:49:16, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/08/31 14:49:16, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root

(...cut...)

[2005/08/31 14:49:16, 4] auth/auth_sam.c:sam_account_ok(119)
  sam_account_ok: Checking SMB password for user root
[2005/08/31 14:49:16, 5] auth/auth_sam.c:logon_hours_ok(101)
  logon_hours_ok: user root allowed to logon at this time (Wed Aug 31 14:49:16
2005
  )

(...cut...)

[2005/08/31 14:49:16, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106)
  ldapsam_getgroup: Did not find group

(...cut...)

[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512

(...cut...)

[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID
[S-1-5-21-4266488876-1271085325-2099595662-1001]
[2005/08/31 14:49:16, 10] auth/auth_util.c:debug_nt_user_token(490)
  NT user token of user S-1-5-21-4266488876-1271085325-2099595662-1000
  contains 6 SIDs
  SID[  0]: S-1-5-21-4266488876-1271085325-2099595662-1000
  SID[  1]: S-1-5-21-4266488876-1271085325-2099595662-512
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-5-21-4266488876-1271085325-2099595662-1001
  SE_PRIV  0x1f0 0x0 0x0 0x0
[2005/08/31 14:49:16, 5] auth/auth_util.c:make_server_info_sam(862)
  make_server_info_sam: made server info for user root -> root
[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)

Very long log, sorry ....
etc.

Workstation accounts are stored in ou=computers on my DIT as I used
smbldap-tools.

I tried to google your ML for a while but could not find an answer.

Any idea ?

Many thanks !

Eric

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the samba mailing list