[Samba] Can't join pc to domain with smbldap-tools but can with
smbpasswd
Ryan Braun
ryan.braun at ec.gc.ca
Wed Jun 15 18:18:52 GMT 2005
On June 15, 2005 05:49 pm, Ryan Braun wrote:
> I have samba with ldap setup and seems to be running, just I am having
> trouble having pc's join the domain.
>
> The samba/ldap server is running debian sarge (when it was testing,
> haven't updated since) so samba 3.0.14a-13 and slapd 2.2.23-5. Client pc
> is windows 2000, and various linux's. smbldap-tools 0.9.1
>
Replying to myself here, but after I sent the message off I noticed I had an
older debian package for smbldap-tools installed and the latest tarball
installed. I removed the debian package and made sure the configs were setup
for the proper paths to the .9.1 scripts. Now when I try to join a machine
to the domain samba logs look like it works but windows still says bad
username. note. changed hostname to win2k
first try, creates ldap entry w/o sambaSAMAccount and windows complains about
bad username when adding to domain
[2005/06/15 18:17:19, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/06/15 18:17:19, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/06/15 18:17:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: root
[2005/06/15 18:17:20, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
[2005/06/15 18:17:20, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2005/06/15 18:17:20, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain LDAPDOMAIN ->
S-1-5-21-3007768992-1764342258-1846594437
[2005/06/15 18:17:20, 2] smbd/server.c:exit_server(609)
Closing connections
If I try to join the domain again I get (and leave the ldap entry that was
created from above)
[2005/06/15 18:18:30, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: root
[2005/06/15 18:18:30, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
[2005/06/15 18:18:30, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2005/06/15 18:18:30, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain LDAPDOMAIN ->
S-1-5-21-3007768992-1764342258-1846594437
[2005/06/15 18:18:31, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w
"win2k$"' gave 9
[2005/06/15 18:18:31, 2] smbd/server.c:exit_server(609)
Closing connections
So I guess that gave 9 message is reported because the entry already exists,
but why is the sambaSAMAccount object class not being added?
> If I run "smbldap-adduser -w ldap-test$" (after removing the existing
> ldap-test$ entry) it will create the entry but it doesn't have a
> sambaSAMAcount objectclass. And it won't join the domain.
>
> If I create a local user in /etc/passwd and then user smbpasswd -m -a it
> will create the ldap entry in Computers but it has no posix objectclass.
> BUT it will allow me to join the pc to the domain.
>
> The only problem then (not sure if it's related or not), is that the only
> user that can login is the root user used to join the pc to the domain,
> any other users created with smbldap-adduser -a won't authenticate. Any
> users created with the smbldap scripts can authenticate against any of the
> linux boxes setup to authenticate against ldap.
>
> [2005/06/14 21:36:27, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
> [2005/06/14 21:36:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: ldap-test$
> [2005/06/14 21:37:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: windowsguy
> [2005/06/14 21:37:08, 1] auth/auth_util.c:make_server_info_sam(840)
> User windowsguy in passdb, but getpwnam() fails!
> [2005/06/14 21:37:08, 0] auth/auth_sam.c:check_sam_security(324)
> check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> [2005/06/14 21:37:08, 2] auth/auth.c:check_ntlm_password(312)
> check_ntlm_password: Authentication for user [windowsguy] ->
> [windowsguy] FAILED with error NT_STATUS_NO_SUCH_USER
>
> then as root
>
> [2005/06/14 21:38:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
> init_group_from_ldap: Entry found for group: 512
> [2005/06/14 21:38:22, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
> succeeded
> [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:25, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
> succeeded
> [2005/06/14 21:38:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: root
> [2005/06/14 21:38:25, 1] smbd/service.c:make_connection_snum(642)
> ldap-test (192.16.240.141) connect to service profiles initially as user
> root (uid=0, gid=0) (pid 14108)
More information about the samba
mailing list