[Samba] Failed join a domain, root found ok, Administrator not found

Jason Baker jbaker at glastender.com
Mon Feb 5 13:35:29 GMT 2007 

Check the file /etc/samba/smbusers and make sure it contains the 
following entry:

    root = Administrator

This maps the administrator account when joining a domain to the root user.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>



On 2/2/2007 7:17 AM, jamurph wrote:
> I'm trying to join a Windows PC to a domain. I've got a root user set-up to
> add machines to the domain. When prompted by windows, I enter in root and
> the password. But I get a windows error dialog, indicating a user was not
> found. 
>
> However, in the samba log file for the machine I'm trying to connect to the
> domain, I can see that the root user was found in ldap, however, for some
> reason I can see samba is trying to find another user "Administrator" entry
> in LDAP. There is no entry in ldap for Administrator. Anyone know why it is
> looking for this "Administrator" user? I'm relatively comfortable with LDAP,
> but my samba knowledge isn't good to be honest.
>
> I've used smbldap-populate to create entries in LDAP.  The entry for the PC
> is added to LDAP ok on my attempt to join the domain.
>
> I did change /etc/samba/smbusers and added a mapping for Administrator =
> root, but this didn't help
>
> Following is more details and log file output
>
> Any help much appreciated
>
>
> Microsoft Windows Server 2003 Service Pack 1
> Samba installed on Centos 4.3
> smbd -V =>Version 3.0.22
> winbindd -V => Version 3.0.10-1.4E.9
>
> Running Openldap
>
> [2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722)
>   smbldap_open_connection: connection opened
> [2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>   init_sam_from_ldap: Entry found for user: root
> [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307)
>   check_ntlm_password:  authentication for user [root] -> [root] -> [root]
> succeeded
> [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317)
>   check_ntlm_password:  Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614)
>   Closing connections
> [2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722)
>   smbldap_open_connection: connection opened
> [2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>   init_sam_from_ldap: Entry found for user: root
> [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307)
>   check_ntlm_password:  authentication for user [root] -> [root] -> [root]
> succeeded
> [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317)
>   check_ntlm_password:  Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
>   Returning domain sid for domain XXXDEV ->
> S-1-5-21-3798003437-3932026004-3600456286
> [2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
>   _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd
> -t 1 -w "dev-prefect-1$"' gave 9
> [2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614)
>   Closing connections
>
>
>
> # Global parameters
> [global]
>    workgroup = XXXDEV
>         netbios name = XXXDEV-PDC
>    security = user
>         #enable privileges = yes
>         #interfaces = 10.192.3.21
>         #username map = /etc/samba/smbusers
>         server string = Samba Server
>         encrypt passwords = Yes
>         #pam password change = no
>         #obey pam restrictions = No
>         #ldap passwd sync = Yes
>         unix password sync = Yes
>         passwd program = /usr/sbin/ldap_userPassword_change %u
>         passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
> *Result**Success****
> # Settings to debug passwd chat
>         #passwd chat debug = Yes
>         #debug level = 103
>         #log level = passdb:5
> # Crackcheck settings to allow NT style password complexity checks
>         check password script = /sbin/crackcheck -c -d
> /usr/lib/cracklib_dict
>         log level = 2
>         syslog = 0
>         log file = /var/log/samba/%m.log
>         max log size = 100000
>         time server = Yes
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         mangling method = hash2
>         Dos charset = 850
>         Unix charset = ISO8859-1
> #       logon script = logon.bat
> #       logon drive = H:
>         logon home = ""
>         logon path = ""
>         domain logons = Yes
>         domain master = Yes
>         os level = 65
>         preferred master = Yes
>         wins support = yes
>         passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
>         ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk
>         ldap suffix = dc=blah,dc=co,dc=uk
>         ldap group suffix = ou=Groups
>         ldap user suffix = ou=Users
>         ldap machine suffix = ou=Computers
>         ldap idmap suffix = ou=Idmap
>         idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
>         add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>         #ldap delete dn = Yes
>         delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>         add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u"
>
>

More information about the samba mailing list