[Samba] Can't join pc to domain with smbldap-tools but can with smbpasswd

Ryan Braun ryan.braun at ec.gc.ca
Wed Jun 15 18:18:52 GMT 2005


On June 15, 2005 05:49 pm, Ryan Braun wrote:
> I have samba with ldap setup and seems to be running,  just I am having
> trouble having pc's join the domain.
>
> The samba/ldap server is running debian sarge (when it was testing, 
> haven't updated since) so samba 3.0.14a-13 and slapd 2.2.23-5.  Client pc
> is windows 2000, and various linux's. smbldap-tools 0.9.1
>

Replying to myself here,  but after I sent the message off I noticed I had an 
older debian package for smbldap-tools installed and the latest tarball 
installed.  I removed the debian package and made sure the configs were setup 
for the proper paths to the .9.1 scripts.  Now when I try to join a machine 
to the domain samba logs look like it works but windows still says bad 
username.  note.  changed hostname to win2k

first try,  creates ldap entry w/o sambaSAMAccount and windows complains about 
bad username when adding to domain

[2005/06/15 18:17:19, 2] smbd/server.c:exit_server(609)
  Closing connections
[2005/06/15 18:17:19, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/06/15 18:17:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/06/15 18:17:20, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512
[2005/06/15 18:17:20, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
[2005/06/15 18:17:20, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
  Returning domain sid for domain LDAPDOMAIN -> 
S-1-5-21-3007768992-1764342258-1846594437
[2005/06/15 18:17:20, 2] smbd/server.c:exit_server(609)
  Closing connections


If I try to join the domain again I get (and leave the ldap entry that was 
created from above)

[2005/06/15 18:18:30, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512
[2005/06/15 18:18:30, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
[2005/06/15 18:18:30, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
  Returning domain sid for domain LDAPDOMAIN -> 
S-1-5-21-3007768992-1764342258-1846594437
[2005/06/15 18:18:31, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
  _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w 
"win2k$"' gave 9
[2005/06/15 18:18:31, 2] smbd/server.c:exit_server(609)
  Closing connections


So I guess that gave 9 message is reported because the entry already exists,  
but why is the sambaSAMAccount object class not being added?



> If I run "smbldap-adduser -w ldap-test$"  (after removing the existing
> ldap-test$ entry)  it will create the entry but it doesn't have a
> sambaSAMAcount objectclass.  And it won't join the domain.
>
> If I create a local user in /etc/passwd and then user smbpasswd -m -a it
> will create the ldap entry in Computers but it has no posix objectclass. 
> BUT it will allow me to join the pc to the domain.
>
> The only problem then (not  sure if it's related or not),  is that the only
> user that can login is the root user used to join the pc to the domain, 
> any other users created with smbldap-adduser -a won't authenticate.  Any
> users created with the smbldap scripts can authenticate against any of the
> linux boxes setup to authenticate against ldap.
>
> [2005/06/14 21:36:27, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/06/14 21:36:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: ldap-test$
> [2005/06/14 21:37:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: windowsguy
> [2005/06/14 21:37:08, 1] auth/auth_util.c:make_server_info_sam(840)
>   User windowsguy in passdb, but getpwnam() fails!
> [2005/06/14 21:37:08, 0] auth/auth_sam.c:check_sam_security(324)
>   check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> [2005/06/14 21:37:08, 2] auth/auth.c:check_ntlm_password(312)
>   check_ntlm_password:  Authentication for user [windowsguy] ->
> [windowsguy] FAILED with error NT_STATUS_NO_SUCH_USER
>
> then as root
>
> [2005/06/14 21:38:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
>   init_group_from_ldap: Entry found for group: 512
> [2005/06/14 21:38:22, 2] auth/auth.c:check_ntlm_password(305)
>   check_ntlm_password:  authentication for user [root] -> [root] -> [root]
> succeeded
> [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:25, 2] auth/auth.c:check_ntlm_password(305)
>   check_ntlm_password:  authentication for user [root] -> [root] -> [root]
> succeeded
> [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:25, 1] smbd/service.c:make_connection_snum(642)
>   ldap-test (192.16.240.141) connect to service profiles initially as user
> root (uid=0, gid=0) (pid 14108)


More information about the samba mailing list