[Samba] Trouble with PDC setup using Samba 3.0.23 and OpenLDAP

Jonathan Poon poonj at hotmail.com
Sun Jul 30 06:40:32 GMT 2006


Hi everyone,

I am trying to setup a PDC using Samba and OpenLDAP.  For some reason, I've 
used both the examples provided in the Official Howto and also the 
smbldap-tools howto developed by IDEALX.  I am able to get the directory up 
and running.  I am able to get the following working:

1.  LDAP Directory server and successful Queries through Samba
2.  Add user and machine accounts.
3.  Login using the user account to access shares

However, after adding my machine to the domain and rebooting my Windows 2000 
Professional workstation, I am UNABLE to login to the domain using the same 
User account that I was able to use to access shares on the Samba server.  
Here is what I am getting in the logs for both OpenLDAP and Samba

I'm getting the error bdb_equality_candidates: (uniqueMember) index_param 
failed (18) when its trying to obtain the attribute gidNumber from the LDAP 
logs.  In the samba logs, Its getting a Rejecting auth request from client 
DELL machine account DELL$

Also when I do a net rpc info, I don't see any users or groups added...

net rpc info
Domain Name: POON
Domain SID: S-1-5-21-2419779023-3102034070-987042703
Sequence number: 1154241602
Num users: 0
Num domain groups: 0
Num local groups: 0

I don't know where to start...Please let me know if you have had a similar 
experience and found a solution.  I appreciate your help very much!

-Jonathan P.



OPENLDAP.LOG
Jul 29 23:32:41 poontv slapd[6138]: conn=215 fd=10 ACCEPT from 
IP=127.0.0.1:38290 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 BIND 
dn="cn=samba,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 BIND 
dn="cn=samba,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SRCH base="" scope=0 
deref=0 filter="(objectClass=*)"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SRCH attr=supportedControl
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SRCH 
base="dc=jonathanpoon" scope=2 deref=0 
filter="(&(uid=dell$)(objectClass=sambaSamAccount))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName 
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SRCH 
base="dc=jonathanpoon" scope=2 deref=0 
filter="(&(uid=jonathan)(objectClass=sambaSamAccount))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName 
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=216 fd=18 ACCEPT from 
IP=127.0.0.1:38291 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 BIND 
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 BIND 
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SRCH 
base="ou=Users,dc=jonathanpoon" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=jonathan))"
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SRCH attr=uid userPassword 
uidNumber gidNumber cn homeDirectory loginShell gecos description 
objectClass
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 fd=23 ACCEPT from 
IP=127.0.0.1:38292 (IP=0.0.0.0:389)
Jul 29 23:32:41 poontv slapd[6138]: conn=216 op=2 UNBIND
Jul 29 23:32:41 poontv slapd[6138]: conn=216 fd=18 closed
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 BIND 
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" method=128
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 BIND 
dn="cn=nssldap,ou=DSA,dc=jonathanpoon" mech=SIMPLE ssf=0
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=0 RESULT tag=97 err=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=1 SRCH 
base="ou=Users,dc=jonathanpoon" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=jonathan))"
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SRCH 
base="ou=Groups,dc=jonathanpoon" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=jonathan)(uniqueMember=uid=jonathan,ou=users,dc=jonathanpoon)))"
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SRCH attr=gidNumber
Jul 29 23:32:41 poontv slapd[6138]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jul 29 23:32:41 poontv slapd[6138]: conn=217 op=2 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SRCH 
base="ou=Groups,dc=jonathanpoon" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SRCH attr=gidNumber 
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 29 23:32:41 poontv slapd[6138]: conn=215 op=4 SEARCH RESULT tag=101 
err=0 nentries=1 text=

SAMBA LOGS
[2006/07/29 23:35:39, 2] libsmb/credentials.c:creds_server_check(159)
  creds_server_check: credentials check failed.
[2006/07/29 23:35:39, 2] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
  _net_sam_logon: creds_server_step failed. Rejecting auth request from 
client DELL machine account DELL$
[2006/07/29 23:35:50, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/07/29 23:35:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: dell$
[2006/07/29 23:35:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: jonathan
[2006/07/29 23:35:50, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [jonathan] -> [jonathan] -> 
[jonathan] succeeded



SMB.conf
[global]

ldap admin dn = "cn=samba,ou=DSA,dc=jonathanpoon"
ldap ssl = no
passdb backend = ldapsam:ldap://127.0.0.1
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=jonathanpoon
ldap passwd sync = yes

add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

workgroup = POON
netbios name = PDC
enable privileges = yes
comment = Linux Debian Samba Server

security = user
null passwords = No
encrypt passwords = yes

logon drive = U:
logon path = \\%L\profiles\%g
logon script = STARTUP.BAT
domain logons = yes

domain master = yes
local master = yes
preferred master = yes
os level = 255

wins support = yes

time offset = 60
time server = True

log file = /var/log/samba/log.samba
log level = 5
public = No
browseable = No
writable = No

[netlogon]
path = /usr/local/samba/netlogon
locking = no
writeable = no
guest ok = no
browseable = no

[profiles]
path = /usr/local/samba/profiles
writeable = yes
guest ok = yes
browseable = yes
create mask = 0777
directory mask = 0777
#profile acls = yes
#csc policy = disable
#force user = %U
#valid users = %U @"Domain Admins"




More information about the samba mailing list