[Samba] Samba(PDC)+LDAP+XPpro cannot join domain /w XP pro machine
Steven Jacobs
jstevenjacobs at yahoo.com
Tue Mar 15 03:38:52 GMT 2005
I receive an "Access is Denied" error after provide the Administrator
username and password when trying to join my Samba domain. Has anyone
run into this??
---log.smbd---------------------------------------------
[2005/03/14 19:37:19, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.2.4 bcast=192.168.2.255 nmask=255.255.255.0
[2005/03/14 19:37:19, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
Registered MSG_REQ_POOL_USAGE
[2005/03/14 19:37:19, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/03/14 19:37:19, 2] smbd/server.c:open_sockets_smbd(324)
waiting for a connection
[2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
[2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/03/14 19:38:05, 1] lib/smbldap.c:add_new_domain_info(1343)
failed to add domain dn=
sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists
[2005/03/14 19:38:05, 0] lib/smbldap.c:smbldap_search_domain_info(1392)
Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL
[2005/03/14 19:38:05, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
new users/groups, and will risk BDCs having inconsistant SIDs
[2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
[2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
[2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343)
failed to add domain dn=
sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists
[2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392)
Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL
[2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
new users/groups, and will risk BDCs having inconsistant SIDs
[2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343)
failed to add domain dn=
sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists
[2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392)
Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL
[2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
new users/groups, and will risk BDCs having inconsistant SIDs
------------------------------------------------------------------
---smb.conf--------------------------------------------------------
[global]
workgroup = SRSCORP
netbios name = mail1
enable privileges = yes
interfaces = 192.168.2.4
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /usr/local/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
ldap passwd sync = Yes
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.srsmanagement.com"
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=samba,ou=DSA,dc=srsmanagement,dc=com
ldap suffix = dc=srsmanagement,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
# ldap ssl = start tls
ldap ssl = no
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%
g" "%u"
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
comment = Repertoire public
path = /home/public
browseable = Yes
guest ok = Yes
read only = No
directory mask = 0775
create mask = 0664
--------------------------------------------------------------------------
---LDAP DATA------------------------------------------------------------
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# srsmanagement.com
dn: dc=srsmanagement,dc=com
objectClass: dcObject
objectClass: organization
o: srsmanagement
dc: srsmanagement
# Users, srsmanagement.com
dn: ou=Users,dc=srsmanagement,dc=com
objectClass: organizationalUnit
ou: Users
# Groups, srsmanagement.com
dn: ou=Groups,dc=srsmanagement,dc=com
objectClass: organizationalUnit
ou: Groups
# Computers, srsmanagement.com
dn: ou=Computers,dc=srsmanagement,dc=com
objectClass: organizationalUnit
ou: Computers
# Idmap, srsmanagement.com
dn: ou=Idmap,dc=srsmanagement,dc=com
objectClass: organizationalUnit
ou: Idmap
# SRSCORP, srsmanagement.com
dn: sambaDomainName=SRSCORP,dc=srsmanagement,dc=com
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: SRSCORP
sambaSID: S-1-5-21-3789725346-2910097175-2107068922
uidNumber: 1000
gidNumber: 1000
# Administrator, Users, srsmanagement.com
dn: uid=Administrator,ou=Users,dc=srsmanagement,dc=com
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 998
homeDirectory: /tmp
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\mail1\homes\Administrator
sambaHomeDrive: H:
sambaProfilePath: \\mail1\profiles\Administrator\
sambaPrimaryGroupSID: S-1-5-21-3789725346-2910097175-2107068922-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
# nobody, Users, srsmanagement.com
dn: uid=nobody,ou=Users,dc=srsmanagement,dc=com
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\mail1\homes\nobody
sambaHomeDrive: H:
sambaProfilePath: \\mail1\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-3789725346-2910097175-2107068922-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-2998
loginShell: /bin/false
# Domain Admins, Groups, srsmanagement.com
dn: cn=Domain Admins,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, Groups, srsmanagement.com
dn: cn=Domain Users,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-513
sambaGroupType: 2
displayName: Domain Users
# Domain Guests, Groups, srsmanagement.com
dn: cn=Domain Guests,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-514
sambaGroupType: 2
displayName: Domain Guests
# Domain Computers, Groups, srsmanagement.com
dn: cn=Domain Computers,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-3789725346-2910097175-2107068922-515
sambaGroupType: 2
displayName: Domain Computers
# Administrators, Groups, srsmanagement.com
dn: cn=Administrators,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
# Print Operators, Groups, srsmanagement.com
dn: cn=Print Operators,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
# Backup Operators, Groups, srsmanagement.com
dn: cn=Backup Operators,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
# Replicators, Groups, srsmanagement.com
dn: cn=Replicators,ou=Groups,dc=srsmanagement,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a
sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
# DSA, srsmanagement.com
dn: ou=DSA,dc=srsmanagement,dc=com
objectClass: top
objectClass: organizationalUnit
ou: DSA
description: security accounts for LDAP clients
# samba, DSA, srsmanagement.com
dn: cn=samba,ou=DSA,dc=srsmanagement,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: samba
userPassword:: e1NNRDV9SjJMbHNJcituY1V4RzFST0ZTS3pNdWpveFd3PQ==
# nssldap, DSA, srsmanagement.com
dn: cn=nssldap,ou=DSA,dc=srsmanagement,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: nssldap
userPassword:: e1NNRDV9TzgxZEN6TWlyMC95Yy9SbDRHMkQ5bHZiOTc0PQ==
# smbldap-tools, DSA, srsmanagement.com
dn: cn=smbldap-tools,ou=DSA,dc=srsmanagement,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
cn: smbldap-tools
userPassword:: e1NNRDV9TmNDczdJUFgzVGpENXJNS0J4N1YwZSsweGV3PQ==
# search result
search: 2
result: 0 Success
# numResponses: 21
# numEntries: 20
-------------------------------------------------------------------------
More information about the samba
mailing list