[Samba] Samba PDC with ldapsam - unable to join the domain
Marek Szuba
scriptkiddie at wp.pl
Sun Dec 4 02:17:59 GMT 2005
Hello everyone,
That's it, I give up - I've got no idea what's going on with the damn
thing... Maybe you will be able to help.
Here is the deal: I've got a Linux machine running Samba which is to
operate as a PDC for a bunch of W2k Pro and XP Pro machines. Since all
user data on that server is stored in LDAP, I figured it would be good
to have Samba use it as well. While setting things up I followed a
bunch of guides I found on the net and used smbldap-tools to handle
adding of machine accounts. There is one difference though - instead of
giving my domain administrator account UID 0, I enabled Windows
privileges in Samba and gave the account in question
SeMachineAccountPrivilege; if I use "net rights" I can see it has it.
Now, here is what happens when I want to test things by adding the same
machine to the domain:
# net join DOMAIN -U domadm
domadm's password:
[2005/12/04 03:08:30, 0] utils/net_ads.c:ads_startup(191)
ads_connect: No results returned
Unable to join domain DOMAIN.
#
The only thing the logs show (at level 1) is
samba is_any_privilege_assigned: no privileges in check_mask!
At first I thought I got the privileges wrong after all, but a quick
look inside the LDAP database shows the machine accound HAS been added
successfully. Moreover, having switched the log level to 255 I could
see that the aforementioned message appears long before the end of the
session, so it seems to be unrelated (or if it is, I don't know how).
On the other hand, even at 255 I could see nothing even remotely
resembling the message the client got - no mention of "ads" anywhere!
Please let me know if you need any more information about the system,
my Samba configuration, log snippets or anything. I would really like
to get this thing over with.
Regards,
--
MS
More information about the samba
mailing list