[Samba] Samba PDC (3.0.14a) with LDAP cannot add machines
Jan Evert van Grootheest
j.e.van.grootheest at hccnet.nl
Tue Sep 6 11:49:19 GMT 2005
Hi,
I am setting up a Samba PDC which uses LDAP for account information.
It is a debian installation with samba 3.0.14a and slapd 2.2.23 (I'm
also using ldap-account-manager, but I don't think that has anything to
do with this).
I have checked the release notes whether it might have been fixed in a
new release, but there's nothing I recognize that seems related to this.
The problem is that when I attempt to join a w2k machine (the first one,
actually) to the domain it reports 'Logon failure: unknown user name or
password'.
Samba, at the same time, reports in the logfile for that machine:
[2005/09/06 13:12:58, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2005/09/06 13:12:58, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3077)
_samr_set_userinfo: does not possess sufficient rights
[2005/09/06 13:12:58, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2961)
Attempting administrator password change for user krauq$
[2005/09/06 13:12:58, 10] lib/account_pol.c:account_policy_get(210)
account_policy_get: maximum password age:-1
[2005/09/06 13:12:58, 10] lib/account_pol.c:account_policy_get(210)
account_policy_get: minimum password age:0
[2005/09/06 13:12:58, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2981)
Changing trust account or non-unix-user password, not updating /etc/passwd
[2005/09/06 13:12:58, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2999)
set_user_info_pw: pdb_update_pwd()
[2005/09/06 13:12:58, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=XXX,dc=XXX,dc=org], filter =>
[(&(uid=krauq$)(objectclass=sambaSamAccount))], scope => [2]
[2005/09/06 13:12:58, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/09/06 13:12:58, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
These last two are repeasted 15 times and then gives up.
[2005/09/06 13:13:13, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/09/06 13:13:13, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (Timed out)
[2005/09/06 13:13:13, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_set_userinfo
[2005/09/06 13:13:13, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
0000 status: NT_STATUS_ACCESS_DENIED
[2005/09/06 13:13:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578)
api_rpcTNP: called samr successfully
[2005/09/06 13:13:13, 10] rpc_server/srv_pipe.c:api_rpcTNP(1587)
api_rpcTNP: rpc input buffer underflow (parse error?)
[2005/09/06 13:13:13, 5] rpc_parse/parse_prs.c:prs_uint8s(729)
021c : 00
I don't understand this as smbd and nmbd are running as root, so why is
it complaining about not being root?
I am sure that there is no problem with the LDAP connection itself. It
is already used for unix authentication (using pam_ldap) and also on
this w2k machine I can browse (windows explorer) the shares on the PDC
using the same username/password used to join the machine to the domain.
So I guess that samba is getting information from LDAP just fine (the
logfile also shows this in other places).
I have a logfile with loglevel 10. I will not publish it on this list (I
think it is too much), but I can share sections with interested developers.
If there is other information that is useful, please just ask.
Has this been fixed already and did I miss it in the releasenotes?
Is there a work-around that I can use?
This has been filed as 3064 with the samba bugzilla.
Thanks,
Jan Evert van Grootheest
More information about the samba
mailing list