[Samba] Cannot join Win XP SP2 client to domain

Thomas Ußmüller ussmueller at gmx.de
Sat May 12 20:45:08 GMT 2007 

Dear all,

I have created two virtual machines on my computer (With Vmware 5.5.3). 
One is running SuSE Linux Enterprise Server 10 with Samba 3.0.22. The 
other one is runnung a WinXP SP2 client (name: test01).

I can browse the shares of the Samba Server. Furthermore I can connect 
to them with different user names.

When trying to join the client to the domain I get an error message that 
the user does not exist (although connecting to the shares works with 
this username). Furthermore the user has the SeMachineAccountPrivilege set.

What might cause this error? I have added the log.test01, log.smbd and 
the smb.conf file.

Hope somebody can help me

Regards
Thomas


log.test01:
-----------

[2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724)
   smbldap_open_connection: connection opened
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
   init_sam_from_ldap: Entry found for user: root
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap(2222)
   init_group_from_ldap: Entry found for group: 512
[2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614)
   Closing connections
[2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307)
   check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2007/05/16 17:51:41, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
   Returning domain sid for domain LTE -> 
S-1-5-21-4205727931-4131263253-1851132061
[2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
   _samr_create_user: Running the command 
`/usr/local/sbin/smbldap-useradd -w "test01$"' gave 9
[2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614)
   Closing connections

the error message in smbldap-useradd script only means that the account 
has already been created in the LDAP directory (only unix attributes are 
set, no win or samba specific stuff). When deleting the user from the 
directory the message disappears, but nothing else changes.


log.smbd:
---------
[2007/05/16 17:51:36, 0] smbd/server.c:main(805)
   smbd version 3.0.22-13.16-SUSE-SLES10 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2006
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[homes]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[profiles]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[netlogon]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[intranet]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[literatur]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[projekte]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[software]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[transfer]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
   Processing section "[sekretariat]"
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
   Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
   Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81)
   added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
[2007/05/16 17:51:36, 2] lib/smbldap_util.c:smbldap_search_domain_info(228)
   Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LTE))]
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
   smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
   Registered MSG_REQ_POOL_USAGE
[2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
   smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
   init_sam_from_ldap: Entry found for user: root
[2007/05/16 17:51:36, 2] smbd/server.c:open_sockets_smbd(336)
   waiting for a connection

smb.conf:
---------

[global]
	workgroup = LTE
	netbios name = david
	enable privileges = yes
	server string = LTE Datei-Server
	security = user
	encrypt passwords = yes
	domain logons = Yes
	domain master = Yes
	local master = Yes
	preferred master = Yes
	os level = 65
	wins support = no

	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
#	hosts allow = 192.168.2.0/255.255.255.0, 127.0.0.1
#	interfaces = 192.168.2.240/255.255.255.0
#	vfs object = vscan-clamav
#	vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
	log level = 2
	syslog = 1
	log file = /var/log/samba/log.%m
	time server = yes
	Dos charset =  850
	Unix charset = UTF8
#	Unix charset = ISO8859-1
	username map = /etc/samba/smbusers

#	logon path = \\%L\profiles\.msprofile	# falsch?
	logon path = \\%L\profiles\%U
#	logon home = \\%L\%U\.9xprofile
	logon drive = H:
	logon script = logon.bat

	ldap passwd sync = yes
	ldap ssl = Off
	passdb backend = ldapsam:ldap://127.0.0.1
	idmap backend = ldap:ldap://127.0.0.1
	idmap uid = 14000-20000
	idmap gid = 14000-20000
	ldap admin dn = cn=manager,dc=lte,dc=local,dc=net
#	sollte noch geaendert werden
#	ldap admin dn = cn=samba,ou=Users,dc=lte,dc=local,dc=net
	ldap suffix = dc=lte,dc=local,dc=net
	ldap user suffix = ou=Users
	ldap group suffix = ou=Groups
	ldap machine suffix = ou=Computers
	ldap idmap suffix = ou=Users
	add user script = /usr/local/sbin/smbldap-useradd -m "%u"
	ldap delete dn = yes
	delete user script = /usr/local/sbin/smbldap-userdel "%u"
	add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#	add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
	add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
	delete group script = /usr/local/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
	set primary group script = /sr/local/sbin/smbldap-usermod -g "%g" "%u"


	printing = none
#	printing = cups
#	printcap name = cups
#	printcap cache time = 750
#	cups options = raw
	map to guest = Bad User
[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes
	create mask = 600
	directory mask = 700
	guest ok = No
[profiles]
	comment = Network Profiles Service
#	path = %H
	path = /home/samba/profiles
	read only = No
	browseable = No
	guest ok = Yes
	profile acls = Yes
	store dos attributes = Yes
	create mask = 0600
	directory mask = 0700
	force user = %U
	valid users = %U @"Domain Admins"
[netlogon]
	comment = Network Logon Service
	path = /home/samba/netlogon
	read only = yes
	write list = root
	browseable = no
... (I have omitted the definition of the further shares)

More information about the samba mailing list