[Samba] Samba 3.0.10 join domain
Daniel Davidson
danield at igb.uiuc.edu
Wed Feb 28 17:28:27 GMT 2007
This is really getting frustrating. The exact message when joining the
domain is "user name could not be found", however I have the
Administrator account set up with the proper data. And i have tried
administrator with and without the A in caps. I can take this username,
log into the server, and the files I create show up as owned by root.
# Administrator, People, igb.uiuc.edu
dn: uid=Administrator,ou=People,dc=igb,dc=uiuc,dc=edu
uid: Administrator
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: Administrator
sn: Administrator
mail: Administrator at igb.uiuc.edu
loginShell: /bin/bash
homeDirectory: /home/a-m/Administrator
gecos: Administrator
sambaSID: S-1-5-21-3679620730-2824407525-958489067-500
sambaPrimaryGroupSID: S-1-5-21-3679620730-2824407525-958489067-512
sambaAcctFlags: UX
gidNumber: 0
uidNumber: 0
sambaLMPassword: somethingremoved
sambaNTPassword: somethingremoved
My Sid matches up:
[root at file-server samba]# net getlocalsid
SID for domain IGB-FILE-SERVER is:
S-1-5-21-3679620730-2824407525-958489067
The server should be the master browser:
*****
[2007/02/28 10:20:43, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup IGB on subnet
128.174.124.12
[2007/02/28 10:20:43, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
become_domain_master_browser_bcast: querying subnet 128.174.124.12 for
domain master browser on workgroup IGB
[2007/02/28 10:20:47, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for workgroup
IGB on subnet 128.174.124.12
[2007/02/28 10:20:51, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
*****
Samba server IGB-FILE-SERVER is now a domain master browser for
workgroup IGB on subnet 128.174.124.12
*****
If I look at the log for doing the add, it appears as if this might be
where the error is if I look at the tail end of the smb log for the
client trying to add with a loglevel of 5:
[2007/02/28 10:31:12, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2007/02/28 10:31:12, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2007/02/28 10:31:12, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2007/02/28 10:31:12, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2007/02/28 10:31:12, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/02/28 10:31:12, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
Got user=[administrator] domain=[igb] workstation=[SAMMY] len1=24
len2=24
[2007/02/28 10:31:12, 5]
auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2007/02/28 10:31:12, 5]
auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2007/02/28 10:31:12, 5] lib/util.c:dump_data(1999)
[000] 81 8F 46 13 26 F9 07 3E ..F.&..>
For info, my globals from smb.conf are
[global]
workgroup = igb
netbios name = IGB-FILE-SERVER
server string = Samba Server
passdb backend = ldapsam:ldap://auth.igb.uiuc.edu
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=someonespecial,dc=igb,dc=uiuc,dc=edu
ldap group suffix = ou=group
ldap suffix = dc=igb,dc=uiuc,dc=edu
ldap ssl = on
ldap user suffix = ou=People
ldap machine suffix = ou=computer
cups options = raw
log level = 10
add machine script
= /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd.pl -w
preferred master = Yes
domain master = Yes
os level = 65
password server = None
idmap uid = 1000-33554431
idmap gid = 1000-33554431
template shell = /bin/false
username map = /etc/samba/smbusers
winbind use default domain = no
Any help still very much appreciated,
Dan
On Tue, 2007-02-27 at 12:57 -0600, Daniel Davidson wrote:
> I have found a fixed my previous problems (two typos that were hard to
> find) and now the smbldap-tools all work as expected if I run them as
> root. However when I try to join a domain from a windows machine, the
> scripts never run and get an "Access is denied message". Since I am
> using 0.10 I do not think I can use net rpc rights, so do I need to add
> that into ldap manually? Or do I have to use a specific user other than
> just someone in domain admins?
>
> thanks,
>
> Dan
>
More information about the samba
mailing list