[Samba] Re: NT Workstation and Samba PDC
Marcelo Terres
mhterres at gmail.com
Thu Oct 5 17:54:32 GMT 2006
SOLVED !!!
I found in a closed samba bug that NT workstations need the gid=513,
but I in my smbldap.conf the defaultComputerGid=515.
I think it's strange, to have a machine account in the Domain Users,
not in Domain Computers, but anyway...
And for W2K and XP it does not matter if the gid is 513 or 515.
I send an e-mail to Mr. Carter suggesting to put it the Samba3-Howto.
I hope my "tip" help others too, cause It takes me 3 or 4 days to be solved.
Bye.
On 10/5/06, Marcelo Terres <mhterres at gmail.com> wrote:
> Hi again.
>
> I found my error in Samba3-HOWTO:
>
> "
> The Machine Trust Account Is Not Accessible
>
> "When I try to join the domain I get the message, "The machine
> account for this computer either does not exist or is not
> accessible." What's wrong?"
>
> This problem is caused by the PDC not having a suitable Machine Trust
> Account. If you are using the add machine script method to create
> accounts, then this would indicate that it has not worked. Ensure the
> domain admin user system is working.
> "
>
> The problem is that is not working just in NT workstations. W2K e XP
> works great. So, it's not a problem with the smbldap-tools scripts.
> Looks like a samba bug.
>
> I tried again with 3.0.22 and 3.0.23c.
>
> Any ideas ?
>
> Thanks,
>
> On 10/4/06, Marcelo Terres <mhterres at gmail.com> wrote:
> > Hi.
> >
> > I'm having a big trouble.
> >
> > We migrate a NT PDC to a Samba PDC. No problems in migration. Everything works fine.
> >
> > The problem is: I can't add a NT machine to Domain. Simply does not work. XP and W2K works great.
> >
> > I started using Debian Sarge Package 3.0.14. In this version I could not manage groups using the Domain User Manager from NT. So I updated to 3.0.23c packages from samba.org. Same problem with adding a NT machine, but the User Manager now works.
> >
> > I tried the 3.0.22 from backports.org but with the same problem.
> >
> > The behaviour changes depending of the version of Samba. I'm using smbldap-useradd (0.9.2) in the add machine script.
> >
> > In 3.0.14 I saw in logs this error:
> > 2006/10/04 13:03:42, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
> > ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
> >
> >
> > In 3.0.22 the error is similar, but because the LDAP timed out, looks like the account is created and NT thinks that it joined in the domain, but when I tried to login does not work. Look the logs:
> >
> > 2006/10/04 14:28:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
> > ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
> > [2006/10/04 14:28:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> > pop_sec_ctx (12384, 513) - sec_ctx_stack_ndx = 0
> > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
> > free_pipe_context: destroying talloc pool of size 924
> > [2006/10/04 14:28:38, 3] smbd/process.c:process_smb(1194)
> > Transaction 21 of length 132
> > [2006/10/04 14:28:38, 3] smbd/process.c:switch_message(993)
> > switch message SMBtrans (pid 3026) conn 0x83cd180
> > [2006/10/04 14:28:38, 3] smbd/ipc.c:reply_trans(539)
> > trans <\PIPE\> data=44 params=0 setup=2
> > [2006/10/04 14:28:38, 3] smbd/ipc.c:named_pipe(334)
> > named pipe command on <> name
> > [2006/10/04 14:28:38, 3] smbd/ipc.c:api_fd_reply(294)
> > Got API command 0x26 on pipe "samr" (pnum 7494)
> > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
> > free_pipe_context: destroying talloc pool of size 0
> > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(2237)
> > api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER
> > [2006/10/04 14:28:38, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:38, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 1 try!
> > [2006/10/04 14:28:39, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:39, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 2 try!
> > [2006/10/04 14:28:40, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:40, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 3 try!
> > [2006/10/04 14:28:41, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:41, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 4 try!
> > [2006/10/04 14:28:42, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:42, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 5 try!
> > [2006/10/04 14:28:43, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:43, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 6 try!
> > [2006/10/04 14:28:44, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:44, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 7 try!
> > [2006/10/04 14:28:45, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:45, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 8 try!
> > [2006/10/04 14:28:46, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:46, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 9 try!
> > [2006/10/04 14:28:47, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:47, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 10 try!
> > [2006/10/04 14:28:48, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:48, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 11 try!
> > [2006/10/04 14:28:49, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:49, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 12 try!
> > [2006/10/04 14:28:50, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:50, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 13 try!
> > [2006/10/04 14:28:51, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:51, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 14 try!
> > [2006/10/04 14:28:52, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:52, 1] lib/smbldap.c:another_ldap_try(1051)
> > Connection to LDAP server failed for the 15 try!
> > [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_open(922)
> > smbldap_open: cannot access LDAP when not root..
> > [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_search_suffix(1346)
> > smbldap_search_suffix: Problem during the LDAP search: modify/delete: sambaPrimaryGroupSID: no such value (Time limit exceeded)
> > [2006/10/04 14:28:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
> > free_pipe_context: destroying talloc pool of size 0
>
>
>
> --
> Marcelo H. Terres
> mhterres at gmail.com
>
--
Marcelo H. Terres
mhterres at gmail.com
More information about the samba
mailing list