[Samba] Coule really use some help (Samba PDC)

Craig White craigwhite at azapple.com
Wed Mar 23 00:18:03 GMT 2005 

On Tue, 2005-03-22 at 12:41 -0500, John Zakhar wrote:
> Tony Earnshaw wrote:
> 
> >John Zakhar:
> >
> >  
> >
> >>First email was rejected due to size so the log files are inline in the
> >>msg now..
> >>
> >>I have NEVER had so much trouble with a
> >>samba PDC before. I need to turn in my unix admin license, this is
> >>pathetic...
> >>    
> >>
> >
> >Hey wait a minute, we all get fits like that now and again. Have to admit
> >that mine mostly come with Windows, I can always get Unix/Linux to work ;)
> >
> >This could take some time, I live in Europe, it's near my bedtime, I'm
> >licked for today and I need sleep. What's more, I'm a modem person at home
> >and am only connected a couple of times a day.
> >
> >Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP
> >2.2.23. on RHAS3, so ...
> >
> >  
> >
> >>Anyway, I am here. When trying to join a domain with the administrator
> >>account I get "no mapping between account name and security ID's was done"
> >> And the joining fails...
> >>
> >>
> >>All the needed files are attached, from the ldap log. to the samba.conf
> >>to the ldifs of the machine, root and admin account. Trying with the root
> >>account nets me the same error
> >>    
> >>
> >
> >There's too much shit there. You're getting hung up in the details. And I
> >didn't see any LDAP log, even if I had, it probably would have been
> >useless. You need to do a 'tail -f' on it (-d 256) while things are
> >happening to get any sense from it.
> >
> >Your local SIDs are all messed up for a start. You have:
> >
> >S-1-5-21-1391849139-953726148-1374988380
> >and
> >S-1-5-21-3107161993-1039155829-3332455197
> >
> >all mixed up together.
> >
> >And the following SIDs can surely not be right:
> >
> >Administrators (S-1-5-32-544) -> Administrators
> >Print Operators (S-1-5-32-550) -> Print Operators
> >Backup Operators (S-1-5-32-551) -> Backup Operators
> >Replicators (S-1-5-32-552) -> Replicators
> >
> >Get all that sorted out before you go on.
> >
> >Your smb.conf looks more or less o.k. (didn't dwell on it)
> >
> >You're using the Idealx crap without understanding LDAP or what you're
> >doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look
> >at the alternative Appendix A method of using LDAP in Samba in the Samba
> >HOWTO. Here are my mappings up to now at my production site (sorry about
> >the wrapping, I decided to use SquirrelMail for this mail and it always
> >breaks at 76 chars):
> >
> >Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin
> >Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest
> >Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser
> >Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) ->
> >personeel
> >Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) ->
> >docenten
> >Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) ->
> >leerlingen
> >Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) ->
> >directie
> >Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) ->
> >administratie
> >
> >Never mind that you don't know what the Dutch words mean. See that I map
> >from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the
> >domain SIDs are all the same?
> >
> >The secrets are in Appendix A of the Samba HOWTO and in getting things
> >working with GQ.
> >
> >Get those right, and I'll see if I can come back tomorrow ;)
> >
> >Best,
> >
> >--Tonni
> >
> >--
> >mail: tonye at billy.demon.nl
> >http://www.billy.demon.nl
> >
> >  
> >
> Tony Earnshaw wrote:
> 
> > John Zakhar:
> >
> >  
> >
> >> First email was rejected due to size so the log files are inline in the
> >> msg now..
> >>
> >> I have NEVER had so much trouble with a
> >> samba PDC before. I need to turn in my unix admin license, this is
> >> pathetic...
> >>   
> >
> >
> > Hey wait a minute, we all get fits like that now and again. Have to admit
> > that mine mostly come with Windows, I can always get Unix/Linux to 
> > work ;)
> >
> > This could take some time, I live in Europe, it's near my bedtime, I'm
> > licked for today and I need sleep. What's more, I'm a modem person at 
> > home
> > and am only connected a couple of times a day.
> >
> > Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and 
> > OpenLDAP
> > 2.2.23. on RHAS3, so ...
> >
> >  
> >
> >> Anyway, I am here. When trying to join a domain with the administrator
> >> account I get "no mapping between account name and security ID's was 
> >> done"
> >> And the joining fails...
> >>
> >>
> >> All the needed files are attached, from the ldap log. to the samba.conf
> >> to the ldifs of the machine, root and admin account. Trying with the 
> >> root
> >> account nets me the same error
> >>   
> >
> >
> > There's too much shit there. You're getting hung up in the details. And I
> > didn't see any LDAP log, even if I had, it probably would have been
> > useless. You need to do a 'tail -f' on it (-d 256) while things are
> > happening to get any sense from it.
> >
> > Your local SIDs are all messed up for a start. You have:
> >
> > S-1-5-21-1391849139-953726148-1374988380
> > and
> > S-1-5-21-3107161993-1039155829-3332455197
> >
> > all mixed up together.
> >
> > And the following SIDs can surely not be right:
> >
> > Administrators (S-1-5-32-544) -> Administrators
> > Print Operators (S-1-5-32-550) -> Print Operators
> > Backup Operators (S-1-5-32-551) -> Backup Operators
> > Replicators (S-1-5-32-552) -> Replicators
> >
> > Get all that sorted out before you go on.
> >
> > Your smb.conf looks more or less o.k. (didn't dwell on it)
> >
> > You're using the Idealx crap without understanding LDAP or what you're
> > doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. 
> > Look
> > at the alternative Appendix A method of using LDAP in Samba in the Samba
> > HOWTO. Here are my mappings up to now at my production site (sorry about
> > the wrapping, I decided to use SquirrelMail for this mail and it always
> > breaks at 76 chars):
> >
> > Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin
> > Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest
> > Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser
> > Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) ->
> > personeel
> > Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) ->
> > docenten
> > Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) ->
> > leerlingen
> > Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) ->
> > directie
> > Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) ->
> > administratie
> >
> > Never mind that you don't know what the Dutch words mean. See that I map
> > from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the
> > domain SIDs are all the same?
> >
> > The secrets are in Appendix A of the Samba HOWTO and in getting things
> > working with GQ.
> >
> > Get those right, and I'll see if I can come back tomorrow ;)
> >
> > Best,
> >
> > --Tonni
> >
> > -- 
> > mail: tonye at billy.demon.nl
> > http://www.billy.demon.nl
> >
> >  
> >
> 
> >Your local SIDs are all messed up for a start. You have:
> 
> >S-1-5-21-1391849139-953726148-1374988380
> >and
> >S-1-5-21-3107161993-1039155829-3332455197
> 
> >all mixed up together.
> 
> >And the following SIDs can surely not be right:
> 
> >Administrators (S-1-5-32-544) -> Administrators
> >Print Operators (S-1-5-32-550) -> Print Operators
> >Backup Operators (S-1-5-32-551) -> Backup Operators
> >Replicators (S-1-5-32-552) -> Replicators
> 
> >Get all that sorted out before you go on.
> 
> >Your smb.conf looks more or less o.k. (didn't dwell on it)
> 
> >You're using the Idealx crap without understanding LDAP or what you're
> >doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look
> >at the alternative Appendix A method of using LDAP in Samba in the Samba
> >HOWTO. Here are my mappings up to now at my production site (sorry about
> >the wrapping, I decided to use SquirrelMail for this mail and it always
> 
> I have been working with LDAP for many many years, while I may not have 
> a complete understanding on the IDEALX tools, I fully understand LDAP 
> and all it's innerworkings to the "t" =)
> I also use ldapbrowser from time to time if i need a GUI utility.
> I will work on fixing the SID's right now. Seems like a good place to 
> start, I am going to respond in this one email to all the questions 
> posed so far..
> 
> > Also, I am a newbie to LDAP too but shouldn't your suffixes be the 
> > full DN.
> > For example, instead of
> 
> 
> Yes, you are correct. however it is just a "best practices" thing. I 
> have 38 unix servers using that directory for system/ftp/ssh logins and 
> so on. The former admin had no concept of LDAP and just winged it, And a 
> year later after he was fired and I was hired on here we are. I cannot 
> at this time make any major modifications to our directory structure as 
> we have clients who use this for various things and the paths are hard 
> coded (this happened before I got here and I threw a fit when I found out.)
> 
> > No - I think that ldap machine suffix = ou=Computers
> > is sufficient and proper for the above
> > the ldap filter should probably be commented out though - but it should
> > work.
> > Craig
> 
> 
> Yeah the machine accounts are found during an ldap query
> 
> ldap log of the join
> 
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 fd=13 ACCEPT from 
> IP=172.28.0.46:34015 (IP=0.0.0.0:389)
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(&(uid=administrator)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))" 
> 
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=2 SRCH attr=uid 
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
> sambaLogonHours modifyTimestamp
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3335 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:50 vnldap02 slapd[20690]: conn=3336 fd=23 ACCEPT from 
> IP=172.28.0.46:34016 (IP=0.0.0.0:389)
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=0 BIND dn="" method=128
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=1 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid=administrator))"
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=1 SRCH attr=uid 
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
> description objectClass
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid=administrator))"
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=3 SRCH 
> base="ou=Groups,o=ventusnetworks.com,dc=na" scope=1 deref=0 
> filter="(&(objectClass=posixGroup)(|(memberUid=administrator)(uniqueMember=uid=administrator,ou=staff,o=ventusnetworks.com,dc=na)))" 
> 
> Mar 22 10:27:51 vnldap02 slapd[20690]: conn=3336 op=3 SRCH attr=gidNumber
> Mar 22 10:27:51 vnldap02 slapd[20690]: <= bdb_equality_candidates: 
> (uniqueMember) index_param failed (18)
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3336 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3335 op=3 UNBIND
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3335 fd=13 closed
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 fd=13 ACCEPT from 
> IP=172.28.0.46:34017 (IP=0.0.0.0:389)
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:27:52 vnldap02 slapd[20690]: conn=3337 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:53 vnldap02 slapd[20690]: conn=3337 op=2 SRCH 
> base="ou=Groups,o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
> Mar 22 10:27:53 vnldap02 slapd[20690]: conn=3337 op=2 SRCH 
> attr=gidNumber sambaSID sambaGroupType sambaSIDList description 
> displayName cn objectClass
> Mar 22 10:27:53 vnldap02 slapd[20690]: <= bdb_equality_candidates: 
> (gidNumber) index_param failed (18)
> Mar 22 10:27:54 vnldap02 slapd[20690]: conn=3337 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:54 vnldap02 slapd[20690]: conn=3337 fd=13 closed
> Mar 22 10:27:54 vnldap02 slapd[20690]: conn=3336 fd=23 closed
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 fd=13 ACCEPT from 
> IP=172.28.0.46:34018 (IP=0.0.0.0:389)
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(&(uid=administrator)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))" 
> 
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=2 SRCH attr=uid 
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
> sambaLogonHours modifyTimestamp
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3338 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 fd=23 ACCEPT from 
> IP=172.28.0.46:34019 (IP=0.0.0.0:389)
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=0 BIND dn="" method=128
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=1 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid=administrator))"
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=1 SRCH attr=uid 
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
> description objectClass
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid=administrator))"
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=3 SRCH 
> base="ou=Groups,o=ventusnetworks.com,dc=na" scope=1 deref=0 
> filter="(&(objectClass=posixGroup)(|(memberUid=administrator)(uniqueMember=uid=administrator,ou=staff,o=ventusnetworks.com,dc=na)))" 
> 
> Mar 22 10:27:55 vnldap02 slapd[20690]: conn=3339 op=3 SRCH attr=gidNumber
> Mar 22 10:27:55 vnldap02 slapd[20690]: <= bdb_equality_candidates: 
> (uniqueMember) index_param failed (18)
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3339 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3338 op=3 UNBIND
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3338 fd=13 closed
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 fd=13 ACCEPT from 
> IP=172.28.0.46:34020 (IP=0.0.0.0:389)
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=2 SRCH 
> base="ou=Groups,o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
> Mar 22 10:27:57 vnldap02 slapd[20690]: conn=3340 op=2 SRCH 
> attr=gidNumber sambaSID sambaGroupType sambaSIDList description 
> displayName cn objectClass
> Mar 22 10:27:57 vnldap02 slapd[20690]: <= bdb_equality_candidates: 
> (gidNumber) index_param failed (18)
> Mar 22 10:27:58 vnldap02 slapd[20690]: conn=3340 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3340 op=3 UNBIND
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3340 fd=13 closed
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 fd=13 ACCEPT from 
> IP=172.28.0.46:34021 (IP=0.0.0.0:389)
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(&(uid=ibm-zus90725eca$)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))" 
> 
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=2 SRCH attr=uid 
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
> sambaLogonHours modifyTimestamp
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 op=3 UNBIND
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3341 fd=13 closed
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3342 fd=13 ACCEPT from 
> IP=172.28.0.46:34022 (IP=0.0.0.0:389)
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3342 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3342 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:27:59 vnldap02 slapd[20690]: conn=3342 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=2 SRCH 
> base="o=ventusnetworks.com,dc=na" scope=2 deref=0 
> filter="(&(&(uid=ibm-zus90725eca$)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))" 
> 
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=2 SRCH attr=uid 
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
> displayName sambaHomeDrive sambaHomePath sambaLogonScript 
> sambaProfilePath description sambaUserWorkstations sambaSID 
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
> sambaLogonHours modifyTimestamp
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 fd=24 ACCEPT from 
> IP=127.0.0.1:35926 (IP=0.0.0.0:389)
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3342 fd=13 closed
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3339 fd=23 closed
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=1 BIND dn="" method=128
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=3 SRCH attr=gidNumber
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:28:00 vnldap02 slapd[20690]: conn=3343 fd=24 closed
> Mar 22 10:28:59 vnldap02 slapd[20690]: conn=3344 fd=13 ACCEPT from 
> IP=127.0.0.1:35927 (IP=0.0.0.0:389)
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=1 BIND dn="" method=128
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=3 SRCH attr=gidNumber
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:29:00 vnldap02 slapd[20690]: conn=3344 fd=13 closed
> Mar 22 10:29:30 vnldap02 slapd[20690]: conn=3345 fd=13 ACCEPT from 
> IP=192.168.1.120:55825 (IP=0.0.0.0:389)
> Mar 22 10:29:30 vnldap02 slapd[20690]: conn=3346 fd=23 ACCEPT from 
> IP=192.168.1.120:59984 (IP=0.0.0.0:389)
> Mar 22 10:29:30 vnldap02 slapd[20690]: conn=3345 fd=13 closed
> Mar 22 10:29:30 vnldap02 slapd[20690]: do_search: invalid dn (base)
> Mar 22 10:29:30 vnldap02 slapd[20690]: conn=3346 op=0 SEARCH RESULT 
> tag=101 err=34 nentries=0 text=invalid DN
> Mar 22 10:29:30 vnldap02 slapd[20690]: conn=3346 fd=23 closed
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3347 fd=13 ACCEPT from 
> IP=127.0.0.1:35928 (IP=0.0.0.0:389)
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3348 fd=23 ACCEPT from 
> IP=127.0.0.1:35929 (IP=0.0.0.0:389)
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3349 fd=24 ACCEPT from 
> IP=127.0.0.1:35930 (IP=0.0.0.0:389)
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3350 fd=25 ACCEPT from 
> IP=127.0.0.1:35931 (IP=0.0.0.0:389)
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3347 op=1 BIND dn="" method=128
> Mar 22 10:30:00 vnldap02 slapd[20690]: conn=3347 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=1 BIND dn="" method=128
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 op=3 SRCH attr=gidNumber
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=1 BIND dn="" method=128
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3347 fd=13 closed
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=3 SRCH attr=gidNumber
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3350 op=1 BIND dn="" method=128
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3350 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3348 fd=23 closed
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:30:01 vnldap02 slapd[20690]: conn=3349 op=3 SRCH attr=gidNumber
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=mailman))"
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3349 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3349 fd=24 closed
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=mailman))"
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 op=3 SRCH attr=gidNumber
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:30:02 vnldap02 slapd[20690]: conn=3350 fd=25 closed
> Mar 22 10:31:00 vnldap02 slapd[20690]: conn=3351 fd=13 ACCEPT from 
> IP=127.0.0.1:35932 (IP=0.0.0.0:389)
> Mar 22 10:31:00 vnldap02 slapd[20690]: conn=3351 op=1 BIND dn="" method=128
> Mar 22 10:31:00 vnldap02 slapd[20690]: conn=3351 op=1 RESULT tag=97 
> err=0 text=
> Mar 22 10:31:00 vnldap02 slapd[20690]: conn=3351 op=2 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
> Mar 22 10:31:01 vnldap02 slapd[20690]: conn=3351 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:31:01 vnldap02 slapd[20690]: conn=3351 op=3 SRCH base="dc=na" 
> scope=0 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Mar 22 10:31:01 vnldap02 slapd[20690]: conn=3351 op=3 SRCH attr=gidNumber
> Mar 22 10:31:01 vnldap02 slapd[20690]: conn=3351 op=3 SEARCH RESULT 
> tag=101 err=0 nentries=0 text=
> Mar 22 10:31:01 vnldap02 slapd[20690]: conn=3351 fd=13 closed
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 fd=13 ACCEPT from 
> IP=172.28.0.46:34023 (IP=0.0.0.0:389)
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=0 BIND 
> dn="cn=Manager,dc=na" method=128
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=0 BIND 
> dn="cn=Manager,dc=na" mech=SIMPLE ssf=0
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=0 RESULT tag=97 
> err=0 text=
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=1 SRCH base="" 
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=1 SRCH 
> attr=supportedControl
> Mar 22 10:31:08 vnldap02 slapd[20690]: conn=3352 op=1 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
----
besides an exhaustive slapd log - was there a question somewhere - if
there was, I missed it.

There is a kiss principle - keep it short and precise

Craig

More information about the samba mailing list