[Samba] Samba and LDAP: Trouble adding Win XP machines to the domain

mikelOn mikel.santos at idom.es
Fri Jun 29 07:23:43 GMT 2007 

Hi,

I have been trying different approaches to get it working and apparently I
do need nss installed to get it working (which I have not found as mandatory
in many tutorials). Once I installed nss-ldap and configured it still
failed, but then I removed the line "ldapsam:trusted = yes" and the machines
started to join the domain correctly.

Summing up, I needed nss-ldap and I did not need "ldapsam:trusted = yes".
Now I am trying to get the whole thing working with "ldapsam:trusted = yes"
uncommented.

Thank you all very much for your help. I expect to be able to help others
solve the problems I have had.


Edmundo Valle Neto wrote:
> 
> mikelOn escreveu:
>> The last few lines of the "pdbedit -v root" command show the following:
>>
>>
>> pm_process() returned Yes
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
>> smbldap_open_connection: connection opened
>> ldap_connect_system: succesful connection to the LDAP server
>> The LDAP server is succesfully connected
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
>> smbldap_open_connection: connection opened
>> ldap_connect_system: succesful connection to the LDAP server
>> The LDAP server is succesfully connected
>> init_sam_from_ldap: Entry found for user: root
>> Unix username:        root
>> NT username:          root
>> Account Flags:        [U          ]
>> User SID:             S-1-5-21-325600022-3777026502-3741709481-500
>> ldapsam_getgroup: Did not find group
>> Primary Group SID:    S-1-5-21-325600022-3777026502-3741709481-513
>> Full Name:            root
>> Home Directory:       \\SAMBA\root
>> HomeDir Drive:        H:
>> Logon Script:         LOGON.BAT
>> Profile Path:         \\SAMBA\profiles\root
>> Domain:               EREMU
>> Account desc:
>> Workstations:
>> Munged dial:
>> Logon time:           0
>> Logoff time:          mar, 19 ene 2038 04:14:07 CET
>> Kickoff time:         mar, 19 ene 2038 04:14:07 CET
>> Password last set:    mié, 27 jun 2007 20:35:52 CEST
>> Password can change:  0
>> Password must change: sáb, 11 ago 2007 20:35:52 CEST
>> Last bad password   : 0
>> Bad password count  : 0
>> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>
>>
>> As you can see, the same error shows up: GROUP NOT FOUND
>>
>> Do you know why?
>>
>> Thanks
>>
>>
>> Edmundo Valle Neto wrote:
>>   
>>> mikelOn escreveu:
>>>     
>>>> I have added the parameter "ldapsam:trusted = yes" and now the samba
>>>> error
>>>> has changed to NT_STATUS_UNSUCCESSFUL. The logs say the following:
>>>>
>>>>
>>>> [2007/06/27 22:41:11, 4] auth/auth_sam.c:sam_account_ok(138)
>>>>   sam_account_ok: Checking SMB password for user root
>>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>>>>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>>> [2007/06/27 22:41:11, 3] smbd/uid.c:push_conn_ctx(353)
>>>>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>>>>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>>> [2007/06/27 22:41:11, 3]
>>>> passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2663)
>>>>   primary group of [root] not found
>>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>>>>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>> [2007/06/27 22:41:11, 0] auth/auth_sam.c:check_sam_security(352)
>>>>   check_sam_security: make_server_info_sam() failed with
>>>> 'NT_STATUS_UNSUCCESSFUL'
>>>> [2007/06/27 22:41:11, 3] auth/auth_winbind.c:check_winbind_security(80)
>>>>   check_winbind_security: Not using winbind, requested domain [eremu]
>>>> was
>>>> for this SAM.
>>>> [2007/06/27 22:41:11, 2] auth/auth.c:check_ntlm_password(319)
>>>>   check_ntlm_password:  Authentication for user [root] -> [root] FAILED
>>>> with
>>>> error NT_STATUS_UNSUCCESSFUL
>>>> [2007/06/27 22:41:11, 3] smbd/error.c:error_packet(146)
>>>>   error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
>>>> NT_STATUS_UNSUCCESSFUL
>>>> [2007/06/27 22:41:11, 3] smbd/process.c:timeout_processing(1359)
>>>>   timeout_processing: End of file from client (client has
>>>> disconnected).
>>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>>>>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>> [2007/06/27 22:41:11, 3] smbd/connection.c:yield_connection(69)
>>>>   Yielding connection to
>>>> [2007/06/27 22:41:11, 3] smbd/server.c:exit_server_common(675)
>>>>   Server exit (normal exit)
>>>>
>>>>
>>>> Do you see anything familiar here?
>>>> Thanks
>>>>   
>>>>       
>>> What "pdbedit -v root" shows?
>>>
>>> Regards.
>>>
>>> Edmundo Valle Net
> 
> Whats the output of:
> 
> net groupmap list
> smbldap-usershow root
> smbldap-groupshow "Domain Admins"
> 
> ?
> 
> ps: Im not interested in your password hashes :)
> 
> You said that root belongs to Domain Admins group, but the RID 513 is 
> the known RID of the Domin Users group.
> 
> 
> Regards.
> 
> Edmundo Valle Neto
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 

-- 
View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11356183
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list