[Samba] Cannot join Win XP SP2 client to domain
Thomas Ußmüller
ussmueller at gmx.de
Sat May 12 20:45:08 GMT 2007
Dear all,
I have created two virtual machines on my computer (With Vmware 5.5.3).
One is running SuSE Linux Enterprise Server 10 with Samba 3.0.22. The
other one is runnung a WinXP SP2 client (name: test01).
I can browse the shares of the Samba Server. Furthermore I can connect
to them with different user names.
When trying to join the client to the domain I get an error message that
the user does not exist (although connecting to the shares works with
this username). Furthermore the user has the SeMachineAccountPrivilege set.
What might cause this error? I have added the log.test01, log.smbd and
the smb.conf file.
Hope somebody can help me
Regards
Thomas
log.test01:
-----------
[2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724)
smbldap_open_connection: connection opened
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap(2222)
init_group_from_ldap: Entry found for group: 512
[2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2007/05/16 17:51:41, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
Returning domain sid for domain LTE ->
S-1-5-21-4205727931-4131263253-1851132061
[2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
_samr_create_user: Running the command
`/usr/local/sbin/smbldap-useradd -w "test01$"' gave 9
[2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614)
Closing connections
the error message in smbldap-useradd script only means that the account
has already been created in the LDAP directory (only unix attributes are
set, no win or samba specific stuff). When deleting the user from the
directory the message disappears, but nothing else changes.
log.smbd:
---------
[2007/05/16 17:51:36, 0] smbd/server.c:main(805)
smbd version 3.0.22-13.16-SUSE-SLES10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[homes]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[profiles]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[netlogon]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[intranet]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[literatur]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[projekte]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[software]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[transfer]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
Processing section "[sekretariat]"
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
[2007/05/16 17:51:36, 2] lib/smbldap_util.c:smbldap_search_domain_info(228)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LTE))]
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
Registered MSG_REQ_POOL_USAGE
[2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2007/05/16 17:51:36, 2] smbd/server.c:open_sockets_smbd(336)
waiting for a connection
smb.conf:
---------
[global]
workgroup = LTE
netbios name = david
enable privileges = yes
server string = LTE Datei-Server
security = user
encrypt passwords = yes
domain logons = Yes
domain master = Yes
local master = Yes
preferred master = Yes
os level = 65
wins support = no
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
# hosts allow = 192.168.2.0/255.255.255.0, 127.0.0.1
# interfaces = 192.168.2.240/255.255.255.0
# vfs object = vscan-clamav
# vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
log level = 2
syslog = 1
log file = /var/log/samba/log.%m
time server = yes
Dos charset = 850
Unix charset = UTF8
# Unix charset = ISO8859-1
username map = /etc/samba/smbusers
# logon path = \\%L\profiles\.msprofile # falsch?
logon path = \\%L\profiles\%U
# logon home = \\%L\%U\.9xprofile
logon drive = H:
logon script = logon.bat
ldap passwd sync = yes
ldap ssl = Off
passdb backend = ldapsam:ldap://127.0.0.1
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 14000-20000
idmap gid = 14000-20000
ldap admin dn = cn=manager,dc=lte,dc=local,dc=net
# sollte noch geaendert werden
# ldap admin dn = cn=samba,ou=Users,dc=lte,dc=local,dc=net
ldap suffix = dc=lte,dc=local,dc=net
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
# add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /sr/local/sbin/smbldap-usermod -g "%g" "%u"
printing = none
# printing = cups
# printcap name = cups
# printcap cache time = 750
# cups options = raw
map to guest = Bad User
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
create mask = 600
directory mask = 700
guest ok = No
[profiles]
comment = Network Profiles Service
# path = %H
path = /home/samba/profiles
read only = No
browseable = No
guest ok = Yes
profile acls = Yes
store dos attributes = Yes
create mask = 0600
directory mask = 0700
force user = %U
valid users = %U @"Domain Admins"
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
read only = yes
write list = root
browseable = no
... (I have omitted the definition of the further shares)
More information about the samba
mailing list