[Samba] samba with ldap PDC cannot join my windows to domain?

Alberto Moreno portsbsd at gmail.com
Tue Aug 11 18:05:35 MDT 2009 

  Hi people.

  I have been working with samba+ldap = PDC in my test netwwork. I had
follow the good tutorial: Samba By Example, chapter 5, I had done all
the test the book say and no issues.

  I have 2 issues:

1; I cannot see my domain at my windows browser.
2; I cannot add my windows xp pro to my domain.

  I have been trying to see if I could find the solution but nothing
yet, there is the reason I send this email.

  My server is Centos 5.3 latest one all the packages are the current
from centos.

  Ldap looks that is working, because all my test from the book pass,
and the same with samba.

  Went I try to add one Winbox to the domain I receive this:

  "The following error occurred attempting to join the domain "MyDomain"
  "The network path as not found"

  My smb.conf is this:

[global]
        dos charset = 850
        unix charset = ISO8859-1
        display charset = ISO8859-1
        workgroup = RMAI
        netbios name = RMAIPDC
        server string = Samba Server on %L
        os level = 33
        remote announce = 192.168.50.255
        interfaces = eth0,lo
        bind interfaces only = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        allow hosts = 192.168.50.0/24 127.0.0.1
        admin users = Manager @"Domain Admins"
        passdb backend = ldapsam:ldap://127.0.0.1
        enable privileges = Yes
        username map = /etc/samba/smbusers
        log level = 6
        syslog = 1
        log file = /var/log/samba/%m.log
        max log size = 100
        smb ports = 139 445
        name resolve order = wins bcast hosts
        time server = No
        #printcap name = CUPS
        show add printer wizard = No
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        #logon script = scripts\logon.bat
        #logon path = \\%L\profiles\%U
        #logon drive = X:
        domain logons = Yes
        domain master = Yes
        preferred master = Yes
        wins support = Yes
        ##########LDAP###################
        ldap suffix = dc=rmai,dc=local
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Manager,dc=rmai,dc=local
        idmap backend = ldap:ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        #################################
        map acl inherit = Yes
        cups options = ""

[homes]
        comment = RMAI Home Directories
        browseable = No
        writeable = Yes
        read only = No
        create mask = 0664
        browseable = No
        valid users = %U

[profiles]
        path = /home/samba/profiles
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
        browseable = No
        writeable = Yes
        guest ok = No

The stuff I can see at the log files is this:

windows-box.log
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              004c uni_max_len: 0000000c
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0050 offset     : 00000000
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0054 uni_str_len: 0000000c
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              0058 buffer     : F.A.M.-.C.H.O.R.I.Z.O...
[2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000070 smb_io_chal
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0070 data: 03 a3 f4 30 4b c7 3c 90
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_auth
[2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_chal
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0000 data: 00 00 00 00 00 00 00 00
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      0008 status: NT_STATUS_ACCESS_DENIED
[2009/08/11 16:40:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
  api_rpcTNP: called NETLOGON successfully
[2009/08/11 16:40:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 70

I will increase the debug level and give u more info.

Thanks for your time!!!

-- 
LIving the dream...

More information about the samba mailing list