[Samba] joining domain fails because of no samba entries with
3.0.23c
Dan
samba at the-rusty-nail.com
Wed Sep 20 16:02:08 GMT 2006
It adds the computer just fine but still doesn't have any samba
attributes like sambaSID etc. I thought I read the computer or the smbd
daemon is supposed to populate the samba attributes now instead of the
scripts. Is this not the case? Thanks.
ryan punt wrote:
> What happens when you run "smbldap-useradd -w MYCOMPUTER$" from the command line? I've found that useful for debugging machine-account-creation problems.
>
> Ryan
>
>
>>>> Dan <samba at the-rusty-nail.com> 9/18/2006 5:41:21 PM >>>
>>>>
> Hello All,
> I am having a very strange problem with samba 3.0.23c. I upgraded
> everything from 3.0.9 and I am able to smbclient to the samba 3.0.23c
> PDC with the administrator user just fine. When I go to add a machine
> to the domain, it adds the unix machine account to the ou=computers like
> it is supposed to but none of the samba entries are added. I get an
> error on the windows side of "The user name can not be found." but I
> know the administrator user is there. The group mappings are correct
> for both the windows and unix groups, both on the PDC machine and in my
> openldap backend. I am using the idealx scripts with 'smbldap-useradd
> -w '%u' . It was my understanding that the scripts are not supposed
> to add the samba stuff anymore but either samba itself or the machine
> does that, I am not sure. Is this correct? Has anyone else seen things
> like this? I searched and found a bunch of simular things but no real
> solutions. I see in the logs where it is searching for the name of the
> machine and the sambaSamAccount objectclass and failing because it is
> not there, but I can't figure out why it is not getting created. I have
> put the relevant log section below and can supply more if needed. I
> suspect I am missing something simple. Any help would be greatly
> appreciated.
>
> [2006/09/18 18:30:05, 4]
> rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
> Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 ED 1D
> 0F 45 ........ ....í..E
> [010] 8B 7A 00 00 .z..
> [2006/09/18 18:30:05, 5]
> rpc_server/srv_samr_nt.c:access_check_samr_function(222)
> _samr_create_user: access check ((granted: 0x000d067b; required:
> 0x00000010)
> [2006/09/18 18:30:05, 10] rpc_server/srv_samr_nt.c:can_create(2389)
> Checking whether [MYCOMPUTER$] can be created
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 10] passdb/lookup_sid.c:lookup_name(64)
> lookup_name: MYCOMPUTER$ => (domain), MYCOMPUTER$ (name)
> [2006/09/18 18:30:05, 10] passdb/util_wellknown.c:lookup_wellknown_name(154)
> map_name_to_wellknown_sid: looking up MYCOMPUTER$
> [2006/09/18 18:30:05, 5]
> passdb/secrets.c:secrets_fetch_trusted_domain_password(340)
> secrets_fetch failed!
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(101) : conn_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
> smbldap_search_ext: base => [o=my.domain.com], filter =>
> [(&(uid=MYCOMPUTER$)(objectclass=sambaSamAccount))], scope => [2]
> [2006/09/18 18:30:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396)
> ldapsam_getsampwnam: Unable to locate user [MYCOMPUTER$] count=0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(101) : conn_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
> smbldap_search_ext: base => [ou=groups,o=my.domain.com], filter =>
> [(&(objectClass=sambaGroupMapping)(|(displayName=MYCOMPUTER$)(cn=MYCOMPUTER$)))],
> scope => [2]
> [2006/09/18 18:30:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
> ldapsam_getgroup: Did not find group
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 10] rpc_server/srv_samr_nt.c:can_create(2399)
> MYCOMPUTER$ does not exist, can create it
> [2006/09/18 18:30:05, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2501)
> _samr_create_user: can add this account : True
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_alloc(131)
> Finding user MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(75)
> Trying _Get_Pwnam(), username as lowercase is MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(83)
> Trying _Get_Pwnam(), username as given is MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(102)
> Checking combinations of 0 uppercase letters in MYCOMPUTER$
> [2006/09/18 18:30:05, 5] lib/username.c:Get_Pwnam_internals(108)
> Get_Pwnam_internals didn't find user [MYCOMPUTER$]!
> [2006/09/18 18:30:08, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
> _samr_create_user: Running the command
> `/usr/local/sbin/smbldap-useradd -w 'MYCOMPUTER$'' gave 0
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_alloc(131)
> Finding user MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(75)
> Trying _Get_Pwnam(), username as lowercase is MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(83)
> Trying _Get_Pwnam(), username as given is MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(102)
> Checking combinations of 0 uppercase letters in MYCOMPUTER$
> [2006/09/18 18:30:08, 5] lib/username.c:Get_Pwnam_internals(108)
> Get_Pwnam_internals didn't find user [MYCOMPUTER$]!
> [2006/09/18 18:30:08, 3] passdb/pdb_interface.c:pdb_default_create_user(381)
> pdb_default_create_user: failed to create a new user structure:
> NT_STATUS_NO_SUCH_USER
> [2006/09/18 18:30:08, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 samr_io_r_create_user
> [2006/09/18 18:30:08, 6] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_pol_hnd user_pol
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
> 0000 data1: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
> 0004 data2: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint16(675)
> 0008 data3: 0000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint16(675)
> 000a data4: 0000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
> 000c data5: 00 00 00 00 00 00 00 00
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
> 0014 access_granted: 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_uint32(704)
> 0018 user_rid : 00000000
> [2006/09/18 18:30:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
> 001c status: NT_STATUS_NO_SUCH_USER
> [2006/09/18 18:30:08, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
> api_rpcTNP: called samr successfully
> [2006/09/18 18:30:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
> free_pipe_context: destroying talloc pool of size 302
> [2006/09/18 18:30:08, 10]
> rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
> write_to_pipe: data_used = 76
> [2006/09/18 18:30:08, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
> read_from_pipe: 7763 name: samr len: 1024
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------
>
> This email transmission and any documents, files or previous
>
> email messages attached to it may contain information that is
>
> confidential or legally privileged. If you are not the intended
>
> recipient, you are hereby notified that any disclosure, copying,
>
> printing, distributing or use of this transmission is strictly
>
> prohibited. If you have received this transmission in error,
>
> please immediately notify the sender by telephone or return
>
> email and delete the original transmission and its attachments
>
> without reading or saving in any manner.
>
>
>
> The Evangelical Lutheran Good Samaritan Society.
>
> ---------------------------------------------------------
>
More information about the samba
mailing list