[Samba] Joining Windows XP client to Samba 3 domain: Access denied
Christian Geiger
c.geiger at lohrmann.de
Mon Nov 9 09:31:49 MST 2009
Hi all!
When I try to join a Windows XP client to a Samba 3 domain I get an
access denied error. Below's my configuration and a snippet from the log
file. Has someone an idea what I need to change / do in order to be able
to join the domain from Windows?
Thx in advance for your help!
Chris
snippet from log.smbd:
[2009/11/09 17:26:24, 0] lib/util_sock.c:get_peer_addr_internal(1676)
getpeername failed. Error was Transport endpoint is not connected
[2009/11/09 17:26:24, 2] smbd/reply.c:reply_special(487)
netbios connect: name1=DC name2=EMCO-TEST
[2009/11/09 17:26:24, 2] smbd/reply.c:reply_special(494)
netbios connect: local=dc remote=emco-test, name type = 0
[2009/11/09 17:26:24, 0] lib/util_sock.c:write_data(1136)
[2009/11/09 17:26:24, 0] lib/util_sock.c:get_peer_addr_internal(1676)
getpeername failed. Error was Transport endpoint is not connected
write_data: write failure in writing to client 0.0.0.0. Error
Connection reset
by peer
[2009/11/09 17:26:24, 0] smbd/process.c:srv_send_smb(74)
Error writing 4 bytes to client. -1. (Transport endpoint is not
connected)
[2009/11/09 17:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old
resources.
[2009/11/09 17:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old
resources.
[2009/11/09 17:26:24, 2] lib/smbldap.c:smbldap_open_connection(800)
smbldap_open_connection: connection opened
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: mg
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [mg] -> [mg] -> [mg]
succeeded
[2009/11/09 17:26:24, 0] groupdb/mapping.c:pdb_create_builtin_alias(802)
pdb_create_builtin_alias: Could not add group mapping entry for alias
544 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24, 2] auth/token_util.c:create_local_nt_token(450)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind
allocate
gids?
[2009/11/09 17:26:24, 0] groupdb/mapping.c:pdb_create_builtin_alias(802)
pdb_create_builtin_alias: Could not add group mapping entry for alias
545 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24, 2] auth/token_util.c:create_local_nt_token(474)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
Returning domain sid for domain LOHRMANN.DE ->
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
Returning domain sid for domain LOHRMANN.DE ->
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
init_group_from_ldap: Entry found for group: 10000
snippet from log.winbindd:
[2009/11/09 17:33:01, 3]
winbindd/winbindd_misc.c:winbindd_interface_version(75
4)
[19549]: request interface version
[2009/11/09 17:33:01, 3]
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(787)
[19549]: request location of privileged pipe
[2009/11/09 17:33:01, 2] winbindd/winbindd.c:remove_client(744)
final write to client failed: Broken pipe
[2009/11/09 17:33:01, 3] winbindd/winbindd_misc.c:winbindd_ping(733)
[19549]: ping
[2009/11/09 17:33:01, 3] winbindd/winbindd_misc.c:winbindd_ping(733)
[19549]: ping
[2009/11/09 17:33:01, 2] winbindd/winbindd.c:remove_client(744)
final write to client failed: Broken pipe
testparm:
root at domain-controller:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = LOHRMANN.DE
netbios name = DC
passdb backend = ldapsam
log level = 2
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=samba,dc=lohrmann,dc=de
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmaps
ldap machine suffix = ou=machines
ldap passwd sync = yes
ldap suffix = dc=lohrmann,dc=de
ldap ssl = no
ldap user suffix = ou=users
idmap backend = ldap
idmap alloc backend = ldap
idmap uid = 10000-20000
idmap gid = 10000-20000
ldapsam:editposix = yes
ldapsam:trusted = yes
idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
root at domain-controller:/var/log/samba#
More information about the samba
mailing list