[Samba] Samba+ldap : can't join to domain
info.neufchatel at easyconnect.fr
info.neufchatel at easyconnect.fr
Wed Aug 31 13:45:04 GMT 2005
Hello,
I'm using Samba3.0.14a and openldap from Debian/Sarge.
I used some doc to make it work and this one in particular :
http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html
I am using root with uidnumber=O, samba.conf from idealx samba3-ldap howto and
everything looks too work fine except that :
I can't join the domain (even if the computer account is created by
smbldap-useradd).
# net rpc join -S SAMBA -Uroot
Password:
Creation of workstation account failed
Unable to join domain MYDOMAIN.
Here is part of the log :
[2005/08/31 14:49:16, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user [MYDOMAIN]\[root] from workstation [SAMBA]
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 5] auth/auth_util.c:is_trusted_domain(1560)
is_trusted_domain: Checking for domain trust with [MYDOMAIN]
[2005/08/31 14:49:16, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(333)
secrets_fetch failed!
(...cut...)
[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[LANGLOIS]\[root]@[SAMBA] with the new password interface
[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [MYDOMAIN]\[root]@[SAMBA]
(...cut...)
[2005/08/31 14:49:16, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/08/31 14:49:16, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: root
(...cut...)
[2005/08/31 14:49:16, 4] auth/auth_sam.c:sam_account_ok(119)
sam_account_ok: Checking SMB password for user root
[2005/08/31 14:49:16, 5] auth/auth_sam.c:logon_hours_ok(101)
logon_hours_ok: user root allowed to logon at this time (Wed Aug 31 14:49:16
2005
)
(...cut...)
[2005/08/31 14:49:16, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2106)
ldapsam_getgroup: Did not find group
(...cut...)
[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
(...cut...)
[2005/08/31 14:49:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/31 14:49:16, 3] lib/privileges.c:get_privileges(249)
get_privileges: No privileges assigned to SID
[S-1-5-21-4266488876-1271085325-2099595662-1001]
[2005/08/31 14:49:16, 10] auth/auth_util.c:debug_nt_user_token(490)
NT user token of user S-1-5-21-4266488876-1271085325-2099595662-1000
contains 6 SIDs
SID[ 0]: S-1-5-21-4266488876-1271085325-2099595662-1000
SID[ 1]: S-1-5-21-4266488876-1271085325-2099595662-512
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-4266488876-1271085325-2099595662-1001
SE_PRIV 0x1f0 0x0 0x0 0x0
[2005/08/31 14:49:16, 5] auth/auth_util.c:make_server_info_sam(862)
make_server_info_sam: made server info for user root -> root
[2005/08/31 14:49:16, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/31 14:49:16, 3] smbd/sec_ctx.c:push_sec_ctx(256)
Very long log, sorry ....
etc.
Workstation accounts are stored in ou=computers on my DIT as I used
smbldap-tools.
I tried to google your ML for a while but could not find an answer.
Any idea ?
Many thanks !
Eric
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the samba
mailing list