[Samba] PDC problem

Wed Aug 2 11:48:34 GMT 2006

Marian Neagul wrote:
> Hello,
> 
>     I have a problem with a LDAP backed based Samba PDC.
>     Last week, due an hardware problem, I lost my primary LDAP server
> and PDC. I reinstalled the LDAP server and populated it with the old
> data, I also reinstalled Samba.
>     The problem is that I can't log in to samba as root
> (cn=root,dc=info,dc=uvt,dc=ro). All others user accounts ar working 
> except root.
>      Eg.:
>        `smbclient -U root //blue/` says: "session setup failed:
> NT_STATUS_UNSUCCESSFUL"
>    
>     The machine accounts and the other user accounts are working
> correctly but I can't join new machines using the root account.
>     I want to mention that my Samba server is a production server with
> ~100 simultaneous users (2000 User accounts in LDAP).
> 
>     We use Samba 3.0.22 and openldap 2.3.
> 
>     My smb.conf file is (the comments are in romanian :) ):
>    
>     #==================== Setari globale ===================
> [global]
>         ; Numele domeniului
>         workgroup = Terra
>         ; Numele serverului vizibil din retea
>         netbios name = BLUE
>         ; Descrierea serverului:  NT Description
>         server string = Free Windows V1.2a
> 
> 
>         ;===== Setari legate de jurnal!
>         ; Tin un log separat pentru fiecare masina in parte
>         log file = /var/log/samba/log.%m
>         ; Dimensiunea maxima a fisierului de jurnal (in Kilo)
>         max log size = 2048
>         ; Nivelul de jurnalizare
>         log level = 6
> 
> 
>         ;===== Securitate
>         ; Clientii care au voie sa se conecteze
>         hosts allow = 194.102.62. 10.10.10. 127.
>         ; Modelul de securitate
>         security = user
>         ; Daca criptez sau nu parolele
>         encrypt passwords = yes
>         ; Chestiuni legate de socketuri
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         ; Interfetele pe care asculta samba
>         interfaces = lo eth0 eth0:1 eth0:2
>         ; Ne limitam doar la aceste interfete si ignoram restul
>         bind interfaces only = yes
>         ; Chestiuni referitoare la parole
>         ;password level = 12
>         ;username level = 12
>         ; Incercam sa sincronizam parola de windows cu cea de UNIX
>         unix password sync = Yes
>         pam password change = yes
> 
>         ; Fisierele de configurare per masina
>         ; Decomenteaza daca ai nevoie
>         # include = /etc/samba/smb.conf.%m
> ; Cum procedam cu parolele :
>         ; Parole vide
>         null passwords = no
>         ; Fisierele ascunse.
>         hide unreadable = yes
>         hide dot files = yes
>         ; Contul `oaspete'. Momentan nu i-am setat parola ci doar shell
> ca /bin/false
>         guest account = pdcguest
> 
>         ;======= PDC
>         ; Samba este master browser in domeniu
>         local master = yes
>         ; Precedenta serverului in alegeri
>         os level = 65
>         ; Samba este master de domeniu
>         domain master = yes
>         ; Samba forteaza alegerile si aproape sigur le castiga
>         preferred master = yes
>         ; Il face pe samba PDC
>         domain logons = yes
> 
>         ; Drive-ul de logon
>         logon drive = H:
> 
> 
>         ;======== WINS - Rezolutia de nume
>         ; Activez suportul pentru WINS
>         wins support = yes
>         ; Ordinea in care rezolv numele
>         name resolve order = wins lmhosts host bcast
>         ; Samba nu se comporta ca un proxy DNS
>         dns proxy = no
> 
> 
>         ;======== TIME - Server de timp
>         ; Samba se comporta ca un server de `timp`
>         time server = yes
> 
> 
>         ;======== USER Management - Foloseste scripturile de la IDEALX
>         add user script = /usr/sbin/smbldap-useradd -m "%u"        set
> primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> 
>         ;========LDAP
>         ; Serverul de LDAP
>         passdb backend = ldapsam:ldap://127.0.0.1/
>         ; Daca sterg DN-ul sterg tot (Yes) sau doar atributele lui Samba
> (No)
>         ldap delete dn = Yes
>         ; Toate informatiile sunt tinute in LDAP - Atnetie trebuie testat
>         ldapsam:trusted = yes
>         ; Conectarea la director nu se face criptat
>         ldap ssl = no
>         ; Sufixul nostru
>         ldap suffix = dc=info,dc=uvt,dc=ro
>         ; Administratorul
>         ldap admin dn = cn=root,dc=info,dc=uvt,dc=ro
>         ; Sufixul pentru grupuri
>         ldap group suffix = ou=Groups
>         ; Sufixul pentry utilizatori
>         ldap user suffix = ou=Users
>         ; Sufixul pentru Masini
>         ldap machine suffix = ou=Computers
>         ; Sufixul pentru Idmap
>         ldap idmap suffix = ou=Idmap
> 
>         ; Mapare de id-uri
>         idmap gid = 40000-50000
>         idmap uid = 40000-50000
> 
> ;=========================== SHARE
> 
> ; In acest share se gaseste profilul implicit si scriptul de logon
> [netlogon]
>         path = /var/lib/samba/netlogon
>         guest ok = Yes
>         browseable = no
>         write list = root
> 
> ; In acest share se gasesc profilele
> [profiles]
>         ; Atentie trebuie modificata calea
>         path = /home/%U
>         browseable = no
>         valid users = %S
>         read only = no
>         create mask = 0664
>         directory mask = 0775
> 
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x
> "%u" "%g"
> 
> 
> 
> 
> Do you have a sugestion related to this problem?
> 
> Marian Neagul
> 

Hi,

Did you had the ldap root password in the samba config with the command 
smbpasswd -w 'ldap root passwd' ???

It should be the problem...

Regards
Guillaume

-- 
Guillaume
E-mail: silencer_<at>_free-4ever_<dot>_net
Blog: http://guillaume.free-4ever.net
----
Site: http://www.free-4ever.net