[Samba] Trouble with PDC setup using Samba 3.0.23 and OpenLDAP
Jonathan Poon
poonj at hotmail.com
Sun Jul 30 06:40:32 GMT 2006
Hi everyone,
I am trying to setup a PDC using Samba and OpenLDAP. For some reason, I've
used both the examples provided in the Official Howto and also the
smbldap-tools howto developed by IDEALX. I am able to get the directory up
and running. I am able to get the following working:
1. LDAP Directory server and successful Queries through Samba
2. Add user and machine accounts.
3. Login using the user account to access shares
However, after adding my machine to the domain and rebooting my Windows 2000
Professional workstation, I am UNABLE to login to the domain using the same
User account that I was able to use to access shares on the Samba server.
Here is what I am getting in the logs for both OpenLDAP and Samba
I'm getting the error bdb_equality_candidates: (uniqueMember) index_param
failed (18) when its trying to obtain the attribute gidNumber from the LDAP
logs. In the samba logs, Its getting a Rejecting auth request from client
DELL machine account DELL$
Also when I do a net rpc info, I don't see any users or groups added...
net rpc info
Domain Name: POON
Domain SID: S-1-5-21-2419779023-3102034070-987042703
Sequence number: 1154241602
Num users: 0
Num domain groups: 0
Num local groups: 0
I don't know where to start...Please let me know if you have had a similar
experience and found a solution. I appreciate your help very much!
-Jonathan P.
OPENLDAP.LOG
Jul 29 23:32:41 poontv slapd[6138]: conn=215 fd=10 ACCEPT from
IP=127.0.0.1:38290 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 BIND
dn="cn=samba,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 BIND
dn="cn=samba,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SRCH attr=supportedControl
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SRCH
base="dc=jonathanpoon" scope=2 deref=0
filter="(&(uid=dell$)(objectClass=sambaSamAccount))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SRCH
base="dc=jonathanpoon" scope=2 deref=0
filter="(&(uid=jonathan)(objectClass=sambaSamAccount))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=216 fd=18 ACCEPT from
IP=127.0.0.1:38291 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 BIND
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 BIND
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SRCH
base="ou=Users,dc=jonathanpoon" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=jonathan))"
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description
objectClass
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 fd=23 ACCEPT from
IP=127.0.0.1:38292 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=2 UNBIND
Jul 29 23:32:41 poontv slapd[6138]: conn=216 fd=18 closed
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 BIND
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 BIND
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=1 SRCH
base="ou=Users,dc=jonathanpoon" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=jonathan))"
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SRCH
base="ou=Groups,dc=jonathanpoon" scope=1 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=jonathan)(uniqueMember=uid=jonathan,ou=users,dc=jonathanpoon)))"
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SRCH attr=gidNumber
Jul 29 23:32:41 poontv slapd[6138]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SRCH
base="ou=Groups,dc=jonathanpoon" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
SAMBA LOGS
[2006/07/29 23:35:39, 2] libsmb/credentials.c:creds_server_check(159)
creds_server_check: credentials check failed.
[2006/07/29 23:35:39, 2] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
_net_sam_logon: creds_server_step failed. Rejecting auth request from
client DELL machine account DELL$
[2006/07/29 23:35:50, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/07/29 23:35:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: dell$
[2006/07/29 23:35:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: jonathan
[2006/07/29 23:35:50, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [jonathan] -> [jonathan] ->
[jonathan] succeeded
SMB.conf
[global]
ldap admin dn = "cn=samba,ou=DSA,dc=jonathanpoon"
ldap ssl = no
passdb backend = ldapsam:ldap://127.0.0.1
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=jonathanpoon
ldap passwd sync = yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
workgroup = POON
netbios name = PDC
enable privileges = yes
comment = Linux Debian Samba Server
security = user
null passwords = No
encrypt passwords = yes
logon drive = U:
logon path = \\%L\profiles\%g
logon script = STARTUP.BAT
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 255
wins support = yes
time offset = 60
time server = True
log file = /var/log/samba/log.samba
log level = 5
public = No
browseable = No
writable = No
[netlogon]
path = /usr/local/samba/netlogon
locking = no
writeable = no
guest ok = no
browseable = no
[profiles]
path = /usr/local/samba/profiles
writeable = yes
guest ok = yes
browseable = yes
create mask = 0777
directory mask = 0777
#profile acls = yes
#csc policy = disable
#force user = %U
#valid users = %U @"Domain Admins"
More information about the samba
mailing list