[Samba] Cannot join Win XP SP2 client to domain
Jason Baker
jbaker at glastender.com
Mon May 14 12:25:22 GMT 2007
> When trying to join the client to the domain I get an error message
> that the user does not exist (although connecting to the shares works
> with this username). Furthermore the user has the
> SeMachineAccountPrivilege set.
I had this same problem. I ended up creating the machine accounts via
the LDAP Account Manager. I never did figure out why I cannot add a
machine to the domain through the Windows Network ID Wizard. Have you
tried to create the machine account manually on the server, and then
join the machine to the domain?
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Thomas Ußmüller wrote:
> Dear all,
>
> I have created two virtual machines on my computer (With Vmware
> 5.5.3). One is running SuSE Linux Enterprise Server 10 with Samba
> 3.0.22. The other one is runnung a WinXP SP2 client (name: test01).
>
> I can browse the shares of the Samba Server. Furthermore I can connect
> to them with different user names.
>
> When trying to join the client to the domain I get an error message
> that the user does not exist (although connecting to the shares works
> with this username). Furthermore the user has the
> SeMachineAccountPrivilege set.
>
> What might cause this error? I have added the log.test01, log.smbd and
> the smb.conf file.
>
> Hope somebody can help me
>
> Regards
> Thomas
>
>
> log.test01:
> -----------
>
> [2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap(2222)
> init_group_from_ldap: Entry found for group: 512
> [2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614)
> Closing connections
> [2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307)
> check_ntlm_password: authentication for user [root] -> [root] ->
> [root] succeeded
> [2007/05/16 17:51:41, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
> Returning domain sid for domain LTE ->
> S-1-5-21-4205727931-4131263253-1851132061
> [2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
> _samr_create_user: Running the command
> `/usr/local/sbin/smbldap-useradd -w "test01$"' gave 9
> [2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614)
> Closing connections
>
> the error message in smbldap-useradd script only means that the
> account has already been created in the LDAP directory (only unix
> attributes are set, no win or samba specific stuff). When deleting the
> user from the directory the message disappears, but nothing else changes.
>
>
> log.smbd:
> ---------
> [2007/05/16 17:51:36, 0] smbd/server.c:main(805)
> smbd version 3.0.22-13.16-SUSE-SLES10 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2006
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[homes]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[profiles]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[netlogon]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[intranet]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[literatur]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[projekte]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[software]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[transfer]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[sekretariat]"
> [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
> Unable to connect to CUPS server localhost - Connection refused
> [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
> Unable to connect to CUPS server localhost - Connection refused
> [2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81)
> added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
> [2007/05/16 17:51:36, 2]
> lib/smbldap_util.c:smbldap_search_domain_info(228)
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LTE))]
> [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> Registered MSG_REQ_POOL_USAGE
> [2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/05/16 17:51:36, 2] smbd/server.c:open_sockets_smbd(336)
> waiting for a connection
>
> smb.conf:
> ---------
>
> [global]
> workgroup = LTE
> netbios name = david
> enable privileges = yes
> server string = LTE Datei-Server
> security = user
> encrypt passwords = yes
> domain logons = Yes
> domain master = Yes
> local master = Yes
> preferred master = Yes
> os level = 65
> wins support = no
>
> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> # hosts allow = 192.168.2.0/255.255.255.0, 127.0.0.1
> # interfaces = 192.168.2.240/255.255.255.0
> # vfs object = vscan-clamav
> # vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
> log level = 2
> syslog = 1
> log file = /var/log/samba/log.%m
> time server = yes
> Dos charset = 850
> Unix charset = UTF8
> # Unix charset = ISO8859-1
> username map = /etc/samba/smbusers
>
> # logon path = \\%L\profiles\.msprofile # falsch?
> logon path = \\%L\profiles\%U
> # logon home = \\%L\%U\.9xprofile
> logon drive = H:
> logon script = logon.bat
>
> ldap passwd sync = yes
> ldap ssl = Off
> passdb backend = ldapsam:ldap://127.0.0.1
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 14000-20000
> idmap gid = 14000-20000
> ldap admin dn = cn=manager,dc=lte,dc=local,dc=net
> # sollte noch geaendert werden
> # ldap admin dn = cn=samba,ou=Users,dc=lte,dc=local,dc=net
> ldap suffix = dc=lte,dc=local,dc=net
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> ldap delete dn = yes
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> # add machine script = /sbin/yast
> /usr/share/YaST2/data/add_machine.ycp %m$
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
> "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod
> -x "%u" "%g"
> set primary group script = /sr/local/sbin/smbldap-usermod -g "%g"
> "%u"
>
>
> printing = none
> # printing = cups
> # printcap name = cups
> # printcap cache time = 750
> # cups options = raw
> map to guest = Bad User
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
> create mask = 600
> directory mask = 700
> guest ok = No
> [profiles]
> comment = Network Profiles Service
> # path = %H
> path = /home/samba/profiles
> read only = No
> browseable = No
> guest ok = Yes
> profile acls = Yes
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> force user = %U
> valid users = %U @"Domain Admins"
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> read only = yes
> write list = root
> browseable = no
> ... (I have omitted the definition of the further shares)
More information about the samba
mailing list