[Samba] SAMBA3 + LDAP = PDC => ROUND 3!

Bruno Guerreiro bruno.guerreiro at ine.pt
Mon Mar 21 15:55:47 GMT 2005 

Yes it does allow ...
You must have in your smb.conf
add machine script = /path/to/smbldap-tools/smbldap-useradd -w "%u"

Best regards,
Bruno Guerreiro

-----Original Message-----
From: Mandar Kulkarni/PUN/IN/STTL [mailto:mkulkarni at softcell.co.in]
Sent: segunda-feira, 21 de Março de 2005 15:40
To: benjamin.dupuis at armorarena-fr.com
Cc: Bruno Guerreiro; samba at lists.samba.org;
samba-bounces+mkulkarni=softcell.co.in at lists.samba.org
Subject: Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!



hi, 

I think you will have to create computer account in ldap using
smbldap-useradd.pl -w option before joining the system to domain. 
As far as i know, Samba does not allow to create the computer account on the
fly, i.e. when your joining the system to domain. 

If you have any idea about this then do let me know.

Thanks & Regards,
Mandar Kulkarni
Systems Administrator
Softcell Technologies Ltd. 


"benjamin.dupuis at armorarena-fr.com" <benjamin.dupuis at armorarena-fr.com> 
Sent by: samba-bounces+mkulkarni=softcell.co.in at lists.samba.org 
21/03/2005 08:44 PM ToBruno Guerreiro <bruno.guerreiro at ine.pt> 
ccsamba at lists.samba.org 
SubjectRe: [Samba] SAMBA3 + LDAP  = PDC => ROUND 3!







Thanks ...

Done,
Now When my windows XP try to join the domain, Accès refusé (Access Deny)
So my log :
#################### /var/lob/samba/log.poil-barebone
[2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: Administrator
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 512
[2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [Administrator] -> 
[Administrator] -> [Administrator] succeeded
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required: 
0x00000010)
[2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575)
 Closing connections
############################

Any Idea?

>Hi,
>Just my 2 cents.
>You're mapping administrator to root in your smbusers file.
>Try commenting the "root = Administrator admin "   line.
>
>Best regards,
>Bruno Guerreiro
>
>-----Original Message-----
>From: benjamin.dupuis at armorarena-fr.com
>[mailto:benjamin.dupuis at armorarena-fr.com]
>Sent: segunda-feira, 21 de Março de 2005 14:56
>To: samba at lists.samba.org
>Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
>
>
>Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
>So I delete all in /var/lib/ldap and in /var/lib/samba
>Redo smb-populate blablabla (from the howto 
>http://samba.idealx.org/smbldap-howto.en.html)
>
>So now when i would like to join my Samba domain :
>
>[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
>  check_ntlm_password:  Authentication for user [Administrator] -> 
>[root] FAILED with error NT_STATUS_NO_SUCH_USER
>
>When I SSH my box with login Administrator, it's okay! (no bash 
>/sbin/nologin)
>
>I go to cry !
>
>################
>getent passwd :
>mastok:/etc/samba # getent passwd
>root:x:0:0:root:/root:/bin/bash
>...
>Administrator:x:998:512:Netbios Domain 
>Administrator:/home/data1/samba/Administrator:/sbin/nologin
>nobody:x:999:514:nobody:/dev/null:/sbin/nologin
>################
>vi /etc/samba/smbusers :
>root = administrator
>################
>
>
>
>  
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list