[Samba] Samba 3.0.10 join domain

Daniel Davidson danield at igb.uiuc.edu
Wed Feb 28 18:51:19 GMT 2007


Apologies for the nast of the accompanied text, but I thought it best to
include everying from the ldap log in relation to a request to join a
domain.  It all looks fine to me, except for the text= string never
being populated, but please let me know if you can find anything of if
that is a problem.  The idmap suffix did not resolve the issue.  I do
not need to set this account up locally, right?

thanks,

Dan


Feb 28 12:20:53 auth slapd[6527]: conn=636 fd=40 ACCEPT from
IP=128.174.124.12:54545 (IP=0.0.0.0:389) 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 BIND
dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" method=128 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 BIND
dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" mech=SIMPLE ssf=0 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 RESULT tag=97 err=0
text= 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(uid=administrator)(objectClass=sambaSamAccount))" 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp 
Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:53 auth slapd[6527]: conn=637 fd=41 ACCEPT from
IP=128.174.124.12:54546 (IP=0.0.0.0:389) 
Feb 28 12:20:53 auth slapd[6527]: conn=637 op=0 BIND dn="" method=128 
Feb 28 12:20:53 auth slapd[6527]: conn=637 op=0 RESULT tag=97 err=0
text= 
Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=2 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=igb,dc=uiuc,dc=edu)))" 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SRCH attr=gidNumber 
Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates:
(memberUid) index_param failed (18) 
Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18) 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SEARCH RESULT tag=101
err=0 nentries=2 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixGroup)(uniqueMember=cn=domain
admins,ou=group,dc=igb,dc=uiuc,dc=edu))" 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SRCH attr=gidNumber 
Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18) 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SRCH
base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn
objectClass 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SRCH
base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))" 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn
objectClass 
Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=administrator))" 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:54 auth slapd[6527]: conn=636 fd=40 closed 
Feb 28 12:20:54 auth slapd[6527]: conn=637 fd=41 closed 
Feb 28 12:20:55 auth slapd[6527]: conn=638 fd=28 ACCEPT from
IP=128.174.124.12:54547 (IP=0.0.0.0:389) 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 BIND
dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" method=128 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 BIND
dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" mech=SIMPLE ssf=0 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 RESULT tag=97 err=0
text= 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(uid=administrator)(objectClass=sambaSamAccount))" 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 fd=40 ACCEPT from
IP=128.174.124.12:54548 (IP=0.0.0.0:389) 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=0 BIND dn="" method=128 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=0 RESULT tag=97 err=0
text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=2 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=igb,dc=uiuc,dc=edu)))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SRCH attr=gidNumber 
Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates:
(memberUid) index_param failed (18) 
Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18) 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SEARCH RESULT tag=101
err=0 nentries=2 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixGroup)(uniqueMember=cn=domain
admins,ou=group,dc=igb,dc=uiuc,dc=edu))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SRCH attr=gidNumber 
Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18) 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SRCH
base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn
objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SRCH
base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))" 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn
objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=Administrator))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=administrator))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(uid=sammy
$)(objectClass=sambaSamAccount))" 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp 
Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=sammy$))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=SAMMY$))" 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=sammy$))" 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SRCH
base="dc=igb,dc=uiuc,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=SAMMY$))" 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass 
Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SEARCH RESULT tag=101
err=0 nentries=0 text=

On Wed, 2007-02-28 at 17:35 +0000, Andrew Watkins wrote: 
> Daniel,
> 
> Try adding "ldap idmap suffix = ou=People"
> 
> Since I noticed that "ldap user suffix" and "ldap group suffix" do not 
> seem to be used.
> 
> Also, check you LDAP log files to see if you can spot the samba search 
> string!
> 
> Andrew
> 
> > This is really getting frustrating.  The exact message when joining the
> > domain is "user name could not be found", however I have the
> > Administrator account set up with the proper data.  And i have tried
> > administrator with and without the A in caps.  I can take this username,
> > log into the server, and the files I create show up as owned by root.
> > 
> > # Administrator, People, igb.uiuc.edu
> > dn: uid=Administrator,ou=People,dc=igb,dc=uiuc,dc=edu
> > uid: Administrator
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: shadowAccount
> > objectClass: sambaSamAccount
> > cn: Administrator
> > sn: Administrator
> > mail: Administrator at igb.uiuc.edu
> > loginShell: /bin/bash
> > homeDirectory: /home/a-m/Administrator
> > gecos: Administrator
> > sambaSID: S-1-5-21-3679620730-2824407525-958489067-500
> > sambaPrimaryGroupSID: S-1-5-21-3679620730-2824407525-958489067-512
> > sambaAcctFlags: UX
> > gidNumber: 0
> > uidNumber: 0
> > sambaLMPassword: somethingremoved
> > sambaNTPassword: somethingremoved
> > 
> > My Sid matches up:
> > 
> > [root at file-server samba]# net getlocalsid
> > SID for domain IGB-FILE-SERVER is:
> > S-1-5-21-3679620730-2824407525-958489067
> > 
> > The server should be the master browser:
> > 
> >   *****
> > [2007/02/28 10:20:43, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
> >   become_domain_master_browser_bcast:
> >   Attempting to become domain master browser on workgroup IGB on subnet
> > 128.174.124.12
> > [2007/02/28 10:20:43, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
> >   become_domain_master_browser_bcast: querying subnet 128.174.124.12 for
> > domain master browser on workgroup IGB
> > [2007/02/28 10:20:47, 0]
> > nmbd/nmbd_logonnames.c:become_logon_server_success(124)
> >   become_logon_server_success: Samba is now a logon server for workgroup
> > IGB on subnet 128.174.124.12
> > [2007/02/28 10:20:51, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
> >   *****
> > 
> >   Samba server IGB-FILE-SERVER is now a domain master browser for
> > workgroup IGB on subnet 128.174.124.12
> > 
> >   *****
> > 
> > 
> > If I look at the log for doing the add, it appears as if this might be
> > where the error is if I look at the tail end of the smb log for the
> > client trying to add with a loglevel of 5:
> > 
> > 
> > [2007/02/28 10:31:12, 5] auth/auth_util.c:debug_unix_user_token(505)
> >   UNIX token of user 0
> >   Primary group is 0 and contains 0 supplementary groups
> > [2007/02/28 10:31:12, 5] smbd/uid.c:change_to_root_user(296)
> >   change_to_root_user: now uid=(0,0) gid=(0,0)
> > [2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
> >   wct=12 flg2=0xc807
> > [2007/02/28 10:31:12, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> >   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> > all old resources.
> > [2007/02/28 10:31:12, 3]
> > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
> >   Doing spnego session setup
> > [2007/02/28 10:31:12, 3]
> > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
> >   NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> > 5.1] PrimaryDomain=[]
> > [2007/02/28 10:31:12, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
> >   Got user=[administrator] domain=[igb] workstation=[SAMMY] len1=24
> > len2=24
> > [2007/02/28 10:31:12, 5]
> > auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
> >   auth_context challenge set by NTLMSSP callback (NTLM2)
> > [2007/02/28 10:31:12, 5]
> > auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
> >   challenge is: 
> > [2007/02/28 10:31:12, 5] lib/util.c:dump_data(1999)
> >   [000] 81 8F 46 13 26 F9 07 3E                           ..F.&..> 
> > 
> > 
> > For info, my globals from smb.conf are
> > 
> > 
> > [global]
> > 	workgroup = igb
> > 	netbios name = IGB-FILE-SERVER
> > 	server string = Samba Server
> > 	passdb backend = ldapsam:ldap://auth.igb.uiuc.edu
> > 	log file = /var/log/samba/%m.log
> > 	max log size = 50
> > 	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > 	domain logons = Yes
> > 	dns proxy = No
> > 	wins support = Yes
> > 	ldap admin dn = cn=someonespecial,dc=igb,dc=uiuc,dc=edu
> > 	ldap group suffix = ou=group
> > 	ldap suffix = dc=igb,dc=uiuc,dc=edu
> > 	ldap ssl = on
> > 	ldap user suffix = ou=People
> > 	ldap machine suffix =  ou=computer
> > 	cups options = raw
> >         log level = 10
> > 
> > 	add machine script
> > = /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd.pl -w
> > 	preferred master = Yes
> > 	domain master = Yes
> > 	os level = 65
> > 	password server = None
> > 	idmap uid = 1000-33554431
> > 	idmap gid = 1000-33554431
> > 	template shell = /bin/false
> > 	username map = /etc/samba/smbusers
> > 	winbind use default domain = no
> > 
> > 
> > Any help still very much appreciated,
> > 
> > Dan
> > 
> > On Tue, 2007-02-27 at 12:57 -0600, Daniel Davidson wrote:
> >> I have found a fixed my previous problems (two typos that were hard to
> >> find) and now the smbldap-tools all work as expected if I run them as
> >> root.  However when I try to join a domain from a windows machine, the
> >> scripts never run and get an "Access is denied message".  Since I am
> >> using 0.10 I do not think I can use net rpc rights, so do I need to add
> >> that into ldap manually?  Or do I have to use a specific user other than
> >> just someone in domain admins?
> >>
> >> thanks,
> >>
> >> Dan
> >>
> > 



More information about the samba mailing list