[Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
mikelOn
mikel.santos at idom.es
Tue Jun 26 08:23:31 GMT 2007
Hi all,
I am doing some research on Samba+OpenLDAP (+DHCP+DNS) with the intention of
getting rid of the Micro$oft licenses necessary to maintain the Server
products from such company. One of the aims I have is to demonstrate other
people in my company that an open source alternative can work as well as (or
even better than) a propietary solution.
At the moment, I am getting desperated trying to find out what is going
wrong when I try to add a Win XP machine to the domain I have recently
created.
I have read about 6-7 tutorials to date and changed the *.conf files a
hundred times and still the Win XP machine refuses to join the domain. I
have already searched the samba forums and checked the bugs present in the
version I am using and I have found nothing related to my problem.
The technical details are the following:
When I attempt to join the domain via the GUI, Win tells me "username could
not be found" and so does when I try the same thing via CLI (the domain is
called "eremu" and the user, password and machinename are ok):
8<--------------------------------------------------------------------------------------------
C:\>netdom /domain:eremu /user:root /password:SECRETPASS member mikelvm
/joindomain
NetDom 1.8 @1997-98. Written by Christophe Robert - Microsoft.
Searching PDC for domain EREMU ...
Found PDC \\SAMBA
Connecting to \\SAMBA with user account root ...
Querying domain information on PDC \\SAMBA ...
Querying domain information on computer \\MIKELVM ...
Verifying if computer account exists on \\SAMBA ...
Connecting to \\SAMBA with user account root ...
Resetting secure channel ...
Changing computer account on PDC \\SAMBA ...
The username could not be found.
8<--------------------------------------------------------------------------------------------
¿Have you ever experienced such error? I have read about some people that
have dealt with such error, but they have posted no solution at all.
FYI, I can access samba shares using the same user (root) but the machine
cannot join the domain. I have fixed all the machine policies and registry
stuff (requiresignorseal and so on...) and still nothing.
Also, the command:
ldapsearch -x -h localhost -D 'cn=root,dc=eremu,dc=org' -W '(ou=Users)'
works like a charm.
The smb.conf is the following:
8<--------------------------------------------------------------------------------------------
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
netbios name = SAMBA
workgroup = EREMU
server string = Servidor centralizado
security = user
enable privileges = yes
interfaces = lo eth0
# bind interfaces = yes
encrypt passwords = yes
domain master = yes
preferred master = yes
null passwords = yes
hide unreadable = yes
hide dot files = yes
browseable = yes
domain logons = yes
logon script = login.bat OR %U.bat
logon path = \\%L\profiles\%U
logon drive = Z:
logon home = \\%L\%U\.9xprofile
time server = yes
printcap name = cups
printing = cups
show add printer wizard = no
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
log file = /var/log/samba/log.%m
log level = 1
max log size = 10000
unix charset = ISO8859-1
dos charset = 850
# LDAP
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel -r "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
passdb backend = ldapsam:ldap://localhost:389/
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=eremu,dc=org
ldap admin dn = cn=root,dc=eremu,dc=org
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = no
write list = root
[profiles]
path = /var/lib/samba/profiles
writable = yes
browsable = no
create mode = 0644
directory mode = 0755
guest ok = yes
[homes]
path = /home/%U
browseable = no
valid users = %S
read only = no
create mask = 0664
directory mask = 0775
8<--------------------------------------------------------------------------------------------
The slapd.conf is the following:
8<--------------------------------------------------------------------------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
password-hash {md5}
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel 1024
database bdb
suffix "dc=eremu,dc=org"
checkpoint 32 30 # <kbyte> <min>
rootdn "cn=root,dc=eremu,dc=org"
rootpw {MD5}HEREGOESTHEHASH
directory /var/lib/openldap-data
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname
eq,subinitial
index default eq
index phpgwContactOwner pres,eq,sub
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * read
8<--------------------------------------------------------------------------------------------
The smbldap.conf is the following:
8<--------------------------------------------------------------------------------------------
# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-3696253194-4255541209-1824430252"
sambaDomain="eremu"
slaveLDAP="localhost"
slavePort="389"
masterLDAP="localhost"
masterPort="389"
ldapTLS="0"
verify="none"
hash_encrypt="MD5"
suffix="dc=eremu,dc=org"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=eremu,${suffix}"
scope="sub"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\SAMBA\%U"
userProfile="\\SAMBA\profiles\%U"
userHomeDrive="Z:"
mailDomain="eremu.org"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
8<--------------------------------------------------------------------------------------------
Should you need further details, please just let me know.
Any help would be appreciated. Thanks a lot.
P.S.: ¿Can it have anything to do with other stuff such as the DNS server?
--
View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11301709
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list