[Samba] joining domain fails because of no samba entries with 3.0.23c

Dan samba at the-rusty-nail.com
Wed Sep 20 16:02:08 GMT 2006 

It adds the computer just fine but still doesn't have any samba 
attributes like sambaSID etc.  I thought I read the computer or the smbd 
daemon is supposed to populate the samba attributes now instead of the 
scripts.  Is this not the case?  Thanks.
ryan punt wrote:
> What happens when you run "smbldap-useradd -w MYCOMPUTER$" from the command line? I've found that useful for debugging machine-account-creation problems.
>
> Ryan
>
>   
>>>> Dan <samba at the-rusty-nail.com> 9/18/2006 5:41:21 PM >>>
>>>>         
> Hello All,
>     I am having a very strange problem with samba 3.0.23c.  I upgraded 
> everything from 3.0.9 and I am able to smbclient to the samba 3.0.23c 
> PDC  with the administrator user just fine.  When I go to add a machine 
> to the domain, it adds the unix machine account to the ou=computers like 
> it is supposed to but none of the samba entries are added.  I get an 
> error on the windows side of "The user name can not be found."  but I 
> know the administrator user is there.  The group mappings are correct 
> for both the windows and unix groups, both on the PDC machine and in my 
> openldap backend.  I am using the idealx scripts with 'smbldap-useradd 
> -w '%u' .    It was my understanding that the scripts are not supposed 
> to add the samba stuff anymore but either samba itself or the machine 
> does that, I am not sure.  Is this correct?  Has anyone else seen things 
> like this?  I searched and found a bunch of simular things but no real 
> solutions.  I see in the logs where it is searching for the name of the 
> machine and the sambaSamAccount objectclass and failing because it is 
> not there, but I can't figure out why it is not getting created.  I have 
> put the relevant log section below and can supply more if needed.  I 
> suspect I am missing something simple.  Any help would be greatly 
> appreciated.
>
> [2006/09/18 18:30:05, 4] 
> rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
>   Found policy hnd[0] [000] 00 00 00 00 05 00 00 00  00 00 00 00 ED 1D 
> 0F 45  ........ ....í..E
>   [010] 8B 7A 00 00                                       .z..
> [2006/09/18 18:30:05, 5] 
> rpc_server/srv_samr_nt.c:access_check_samr_function(222)
>   _samr_create_user: access check ((granted: 0x000d067b;  required: 
> 0x00000010)
> [2006/09/18 18:30:05, 10] rpc_server/srv_samr_nt.c:can_create(2389)
>   Checking whether [MYCOMPUTER$] can be created
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: MYCOMPUTER$ =>  (domain), MYCOMPUTER$ (name)
> [2006/09/18 18:30:05, 10] passdb/util_wellknown.c:lookup_wellknown_name(154)
>   map_name_to_wellknown_sid: looking up MYCOMPUTER$
> [2006/09/18 18:30:05, 5] 
> passdb/secrets.c:secrets_fetch_trusted_domain_password(340)
>   secrets_fetch failed!
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(101) : conn_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
>   smbldap_search_ext: base => [o=my.domain.com], filter => 
> [(&(uid=MYCOMPUTER$)(objectclass=sambaSamAccount))], scope => [2]
> [2006/09/18 18:30:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396)
>   ldapsam_getsampwnam: Unable to locate user [MYCOMPUTER$] count=0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(101) : conn_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
>   smbldap_search_ext: base => [ou=groups,o=my.domain.com], filter => 
> [(&(objectClass=sambaGroupMapping)(|(displayName=MYCOMPUTER$)(cn=MYCOMPUTER$)))], 
> scope => [2]
> [2006/09/18 18:30:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
>   ldapsam_getgroup: Did not find group
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 10] rpc_server/srv_samr_nt.c:can_create(2399)
>   MYCOMPUTER$ does not exist, can create it
> [2006/09/18 18:30:05, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2501)
>   _samr_create_user:  can add this account : True
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_alloc(131)
>   Finding user MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(75)
>   Trying _Get_Pwnam(), username as lowercase is MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(83)
>   Trying _Get_Pwnam(), username as given is MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(102)
>   Checking combinations of 0 uppercase letters in MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [MYCOMPUTER$]!
> [2006/09/18 18:30:08, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
>   _samr_create_user: Running the command 
> `/usr/local/sbin/smbldap-useradd -w 'MYCOMPUTER$'' gave 0
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_alloc(131)
>   Finding user MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(75)
>   Trying _Get_Pwnam(), username as lowercase is MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(83)
>   Trying _Get_Pwnam(), username as given is MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(102)
>   Checking combinations of 0 uppercase letters in MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [MYCOMPUTER$]!
> [2006/09/18 18:30:08, 3] passdb/pdb_interface.c:pdb_default_create_user(381)
>   pdb_default_create_user: failed to create a new user structure: 
> NT_STATUS_NO_SUCH_USER
> [2006/09/18 18:30:08, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 samr_io_r_create_user
> [2006/09/18 18:30:08, 6] rpc_parse/parse_prs.c:prs_debug(84)
>       000000 smb_io_pol_hnd user_pol
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>           0000 data1: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>           0004 data2: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint16(675)
>           0008 data3: 0000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint16(675)
>           000a data4: 0000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
>           000c data5: 00 00 00 00 00 00 00 00
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>       0014 access_granted: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>       0018 user_rid : 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
>       001c status: NT_STATUS_NO_SUCH_USER
> [2006/09/18 18:30:08, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
>   api_rpcTNP: called samr successfully
> [2006/09/18 18:30:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
>   free_pipe_context: destroying talloc pool of size 302
> [2006/09/18 18:30:08, 10] 
> rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
>   write_to_pipe: data_used = 76
> [2006/09/18 18:30:08, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
>   read_from_pipe: 7763 name: samr len: 1024
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba 
>   
> ------------------------------------------------------------------------
>
> -------------------------------------------------
>
> This email transmission and any documents, files or previous
>
> email messages attached to it may contain information that is
>
> confidential or legally privileged. If you are not the intended
>
> recipient, you are hereby notified that any disclosure, copying,
>
> printing, distributing or use of this transmission is strictly
>
> prohibited. If you have received this transmission in error,
>
> please immediately notify the sender by telephone or return
>
> email and delete the original transmission and its attachments
>
> without reading or saving in any manner.
>
>
>
> The Evangelical Lutheran Good Samaritan Society.
>
> ---------------------------------------------------------
>

More information about the samba mailing list