[Samba] Samba and LDAP: Trouble adding Win XP machines to the
domain
Edmundo Valle Neto
edmundo.valle at terra.com.br
Thu Jun 28 14:56:38 GMT 2007
mikelOn escreveu:
> The last few lines of the "pdbedit -v root" command show the following:
>
>
> pm_process() returned Yes
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesfully connected
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesfully connected
> init_sam_from_ldap: Entry found for user: root
> Unix username: root
> NT username: root
> Account Flags: [U ]
> User SID: S-1-5-21-325600022-3777026502-3741709481-500
> ldapsam_getgroup: Did not find group
> Primary Group SID: S-1-5-21-325600022-3777026502-3741709481-513
> Full Name: root
> Home Directory: \\SAMBA\root
> HomeDir Drive: H:
> Logon Script: LOGON.BAT
> Profile Path: \\SAMBA\profiles\root
> Domain: EREMU
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: mar, 19 ene 2038 04:14:07 CET
> Kickoff time: mar, 19 ene 2038 04:14:07 CET
> Password last set: mié, 27 jun 2007 20:35:52 CEST
> Password can change: 0
> Password must change: sáb, 11 ago 2007 20:35:52 CEST
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>
> As you can see, the same error shows up: GROUP NOT FOUND
>
> Do you know why?
>
> Thanks
>
>
> Edmundo Valle Neto wrote:
>
>> mikelOn escreveu:
>>
>>> I have added the parameter "ldapsam:trusted = yes" and now the samba
>>> error
>>> has changed to NT_STATUS_UNSUCCESSFUL. The logs say the following:
>>>
>>>
>>> [2007/06/27 22:41:11, 4] auth/auth_sam.c:sam_account_ok(138)
>>> sam_account_ok: Checking SMB password for user root
>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2007/06/27 22:41:11, 3] smbd/uid.c:push_conn_ctx(353)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2007/06/27 22:41:11, 3]
>>> passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2663)
>>> primary group of [root] not found
>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2007/06/27 22:41:11, 0] auth/auth_sam.c:check_sam_security(352)
>>> check_sam_security: make_server_info_sam() failed with
>>> 'NT_STATUS_UNSUCCESSFUL'
>>> [2007/06/27 22:41:11, 3] auth/auth_winbind.c:check_winbind_security(80)
>>> check_winbind_security: Not using winbind, requested domain [eremu] was
>>> for this SAM.
>>> [2007/06/27 22:41:11, 2] auth/auth.c:check_ntlm_password(319)
>>> check_ntlm_password: Authentication for user [root] -> [root] FAILED
>>> with
>>> error NT_STATUS_UNSUCCESSFUL
>>> [2007/06/27 22:41:11, 3] smbd/error.c:error_packet(146)
>>> error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
>>> NT_STATUS_UNSUCCESSFUL
>>> [2007/06/27 22:41:11, 3] smbd/process.c:timeout_processing(1359)
>>> timeout_processing: End of file from client (client has disconnected).
>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2007/06/27 22:41:11, 3] smbd/connection.c:yield_connection(69)
>>> Yielding connection to
>>> [2007/06/27 22:41:11, 3] smbd/server.c:exit_server_common(675)
>>> Server exit (normal exit)
>>>
>>>
>>> Do you see anything familiar here?
>>> Thanks
>>>
>>>
>> What "pdbedit -v root" shows?
>>
>> Regards.
>>
>> Edmundo Valle Net
Whats the output of:
net groupmap list
smbldap-usershow root
smbldap-groupshow "Domain Admins"
?
ps: Im not interested in your password hashes :)
You said that root belongs to Domain Admins group, but the RID 513 is
the known RID of the Domin Users group.
Regards.
Edmundo Valle Neto
More information about the samba
mailing list