[Samba] Samba and LDAP: Trouble adding Win XP machines to the
domain
mikelOn
mikel.santos at idom.es
Wed Jun 27 08:42:45 GMT 2007
Hi all,
I finally found where the problem is. The samba attributes are not being
added when the workstation entry is created. The "sambaSamAccount"
objectclass is missing.
Why is it not being added if it is suppossed to be a windows workstation? Is
there a bug in the "smbldap-useradd" script when invoked with the "-w"
parameter?
mikelOn wrote:
>
> Hi all,
>
> I am doing some research on Samba+OpenLDAP (+DHCP+DNS) with the intention
> of getting rid of the Micro$oft licenses necessary to maintain the Server
> products from such company. One of the aims I have is to demonstrate other
> people in my company that an open source alternative can work as well as
> (or even better than) a propietary solution.
>
> At the moment, I am getting desperated trying to find out what is going
> wrong when I try to add a Win XP machine to the domain I have recently
> created.
>
> I have read about 6-7 tutorials to date and changed the *.conf files a
> hundred times and still the Win XP machine refuses to join the domain. I
> have already searched the samba forums and checked the bugs present in the
> version I am using and I have found nothing related to my problem.
>
> The technical details are the following:
>
> When I attempt to join the domain via the GUI, Win tells me "username
> could not be found" and so does when I try the same thing via CLI (the
> domain is called "eremu" and the user, password and machinename are ok):
>
> 8<--------------------------------------------------------------------------------------------
>
> C:\>netdom /domain:eremu /user:root /password:SECRETPASS member mikelvm
> /joindomain
> NetDom 1.8 @1997-98. Written by Christophe Robert - Microsoft.
>
> Searching PDC for domain EREMU ...
> Found PDC \\SAMBA
> Connecting to \\SAMBA with user account root ...
> Querying domain information on PDC \\SAMBA ...
> Querying domain information on computer \\MIKELVM ...
> Verifying if computer account exists on \\SAMBA ...
> Connecting to \\SAMBA with user account root ...
> Resetting secure channel ...
> Changing computer account on PDC \\SAMBA ...
> The username could not be found.
>
> 8<--------------------------------------------------------------------------------------------
>
> ¿Have you ever experienced such error? I have read about some people that
> have dealt with such error, but they have posted no solution at all.
>
> FYI, I can access samba shares using the same user (root) but the machine
> cannot join the domain. I have fixed all the machine policies and registry
> stuff (requiresignorseal and so on...) and still nothing.
>
> Also, the command:
> ldapsearch -x -h localhost -D 'cn=root,dc=eremu,dc=org' -W '(ou=Users)'
> works like a charm.
>
> The smb.conf is the following:
>
> 8<--------------------------------------------------------------------------------------------
>
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> netbios name = SAMBA
> workgroup = EREMU
> server string = Servidor centralizado
> security = user
> enable privileges = yes
> interfaces = lo eth0
> # bind interfaces = yes
> encrypt passwords = yes
> domain master = yes
> preferred master = yes
> null passwords = yes
> hide unreadable = yes
> hide dot files = yes
> browseable = yes
> domain logons = yes
> logon script = login.bat OR %U.bat
> logon path = \\%L\profiles\%U
> logon drive = Z:
> logon home = \\%L\%U\.9xprofile
> time server = yes
> printcap name = cups
> printing = cups
> show add printer wizard = no
> wins support = yes
> name resolve order = wins lmhosts host bcast
> dns proxy = no
> log file = /var/log/samba/log.%m
> log level = 1
> max log size = 10000
> unix charset = ISO8859-1
> dos charset = 850
> # LDAP
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel -r "%u"
> add group script = /usr/sbin/smbldap-groupadd "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> passdb backend = ldapsam:ldap://localhost:389/
> ldap delete dn = Yes
> ldap ssl = no
> ldap suffix = dc=eremu,dc=org
> ldap admin dn = cn=root,dc=eremu,dc=org
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> ldap passwd sync = yes
>
> [netlogon]
> path = /var/lib/samba/netlogon
> guest ok = Yes
> browseable = no
> write list = root
> [profiles]
> path = /var/lib/samba/profiles
> writable = yes
> browsable = no
> create mode = 0644
> directory mode = 0755
> guest ok = yes
> [homes]
> path = /home/%U
> browseable = no
> valid users = %S
> read only = no
> create mask = 0664
> directory mask = 0775
> 8<--------------------------------------------------------------------------------------------
>
> The slapd.conf is the following:
>
> 8<--------------------------------------------------------------------------------------------
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/samba.schema
>
> password-hash {md5}
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> loglevel 1024
>
> database bdb
> suffix "dc=eremu,dc=org"
> checkpoint 32 30 # <kbyte> <min>
> rootdn "cn=root,dc=eremu,dc=org"
> rootpw {MD5}HEREGOESTHEHASH
> directory /var/lib/openldap-data
>
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index objectClass,uid,uidNumber,gidNumber,memberUid eq
> index cn,mail,surname,givenname
> eq,subinitial
> index default eq
> index phpgwContactOwner
> pres,eq,sub
>
> access to attrs=userPassword
> by self write
> by anonymous auth
> by * none
>
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
> by self write
> by anonymous auth
> by * none
>
> access to *
> by self write
> by * read
>
> 8<--------------------------------------------------------------------------------------------
>
> The smbldap.conf is the following:
>
> 8<--------------------------------------------------------------------------------------------
>
> # Put your own SID. To obtain this number do: "net getlocalsid".
> # If not defined, parameter is taking from "net getlocalsid" return
> SID="S-1-5-21-3696253194-4255541209-1824430252"
>
> sambaDomain="eremu"
>
> slaveLDAP="localhost"
> slavePort="389"
> masterLDAP="localhost"
> masterPort="389"
>
> ldapTLS="0"
> verify="none"
> hash_encrypt="MD5"
>
> suffix="dc=eremu,dc=org"
> usersdn="ou=Users,${suffix}"
> computersdn="ou=Computers,${suffix}"
> groupsdn="ou=Groups,${suffix}"
> idmapdn="ou=Idmap,${suffix}"
> sambaUnixIdPooldn="sambaDomainName=eremu,${suffix}"
> scope="sub"
>
> crypt_salt_format="%s"
>
> userLoginShell="/bin/bash"
> userHome="/home/%U"
> userHomeDirectoryMode="700"
> userGecos="System User"
> defaultUserGid="513"
> defaultComputerGid="515"
> skeletonDir="/etc/skel"
> defaultMaxPasswordAge="45"
>
> userSmbHome="\\SAMBA\%U"
> userProfile="\\SAMBA\profiles\%U"
>
> userHomeDrive="Z:"
>
> mailDomain="eremu.org"
>
> with_smbpasswd="0"
> smbpasswd="/usr/bin/smbpasswd"
>
> with_slappasswd="0"
> slappasswd="/usr/sbin/slappasswd"
>
> 8<--------------------------------------------------------------------------------------------
>
>
> Should you need further details, please just let me know.
> Any help would be appreciated. Thanks a lot.
>
> P.S.: ¿Can it have anything to do with other stuff such as the DNS server?
>
--
View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11320579
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list