[Samba] Failed join a domain, root found ok, Administrator not found

jamurph tony_murphy at yahoo.com
Fri Feb 2 12:17:58 GMT 2007 

I'm trying to join a Windows PC to a domain. I've got a root user set-up to
add machines to the domain. When prompted by windows, I enter in root and
the password. But I get a windows error dialog, indicating a user was not
found. 

However, in the samba log file for the machine I'm trying to connect to the
domain, I can see that the root user was found in ldap, however, for some
reason I can see samba is trying to find another user "Administrator" entry
in LDAP. There is no entry in ldap for Administrator. Anyone know why it is
looking for this "Administrator" user? I'm relatively comfortable with LDAP,
but my samba knowledge isn't good to be honest.

I've used smbldap-populate to create entries in LDAP.  The entry for the PC
is added to LDAP ok on my attempt to join the domain.

I did change /etc/samba/smbusers and added a mapping for Administrator =
root, but this didn't help

Following is more details and log file output

Any help much appreciated


Microsoft Windows Server 2003 Service Pack 1
Samba installed on Centos 4.3
smbd -V =>Version 3.0.22
winbindd -V => Version 3.0.10-1.4E.9

Running Openldap

[2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614)
  Closing connections
[2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
  Returning domain sid for domain XXXDEV ->
S-1-5-21-3798003437-3932026004-3600456286
[2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
  _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd
-t 1 -w "dev-prefect-1$"' gave 9
[2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614)
  Closing connections



# Global parameters
[global]
   workgroup = XXXDEV
        netbios name = XXXDEV-PDC
   security = user
        #enable privileges = yes
        #interfaces = 10.192.3.21
        #username map = /etc/samba/smbusers
        server string = Samba Server
        encrypt passwords = Yes
        #pam password change = no
        #obey pam restrictions = No
        #ldap passwd sync = Yes
        unix password sync = Yes
        passwd program = /usr/sbin/ldap_userPassword_change %u
        passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*Result**Success****
# Settings to debug passwd chat
        #passwd chat debug = Yes
        #debug level = 103
        #log level = passdb:5
# Crackcheck settings to allow NT style password complexity checks
        check password script = /sbin/crackcheck -c -d
/usr/lib/cracklib_dict
        log level = 2
        syslog = 0
        log file = /var/log/samba/%m.log
        max log size = 100000
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        mangling method = hash2
        Dos charset = 850
        Unix charset = ISO8859-1
#       logon script = logon.bat
#       logon drive = H:
        logon home = ""
        logon path = ""
        domain logons = Yes
        domain master = Yes
        os level = 65
        preferred master = Yes
        wins support = yes
        passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
        ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk
        ldap suffix = dc=blah,dc=co,dc=uk
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
        add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
        #ldap delete dn = Yes
        delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
        add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u"

-- 
View this message in context: http://www.nabble.com/Failed-join-a-domain%2C-root-found-ok%2C-Administrator-not-found-tf3160558.html#a8766016
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list