[Samba] Joining Windows XP client to Samba 3 domain: Access denied

Christian Geiger c.geiger at lohrmann.de
Mon Nov 9 09:31:49 MST 2009 

Hi all!

When I try to join a Windows XP client to a Samba 3 domain I get an 
access denied error. Below's my configuration and a snippet from the log 
file. Has someone an idea what I need to change / do in order to be able 
to join the domain from Windows?

Thx in advance for your help!

Chris


snippet from log.smbd:

[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(487)
   netbios connect: name1=DC              name2=EMCO-TEST
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(494)
   netbios connect: local=dc remote=emco-test, name type = 0
[2009/11/09 17:26:24,  0] lib/util_sock.c:write_data(1136)
[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
   write_data: write failure in writing to client 0.0.0.0. Error 
Connection reset
  by peer
[2009/11/09 17:26:24,  0] smbd/process.c:srv_send_smb(74)
   Error writing 4 bytes to client. -1. (Transport endpoint is not 
connected)
[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2009/11/09 17:26:24,  2] lib/smbldap.c:smbldap_open_connection(800)
   smbldap_open_connection: connection opened
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: mg
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] auth/auth.c:check_ntlm_password(308)
   check_ntlm_password:  authentication for user [mg] -> [mg] -> [mg] 
succeeded
[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)
   pdb_create_builtin_alias: Could not add group mapping entry for alias 
544 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(450)
   WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind 
allocate
gids?
[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)
   pdb_create_builtin_alias: Could not add group mapping entry for alias 
545 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(474)
   WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
   Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
   Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000


snippet from log.winbindd:

[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_interface_version(75
4)
   [19549]: request interface version
[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(787)
   [19549]: request location of privileged pipe
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
   final write to client failed: Broken pipe
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
   [19549]: ping
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
   [19549]: ping
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
   final write to client failed: Broken pipe


testparm:

root at domain-controller:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
         workgroup = LOHRMANN.DE
         netbios name = DC
         passdb backend = ldapsam
         log level = 2
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         ldap admin dn = cn=samba,dc=lohrmann,dc=de
         ldap group suffix = ou=groups
         ldap idmap suffix = ou=idmaps
         ldap machine suffix = ou=machines
         ldap passwd sync = yes
         ldap suffix = dc=lohrmann,dc=de
         ldap ssl = no
         ldap user suffix = ou=users
         idmap backend = ldap
         idmap alloc backend = ldap
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         ldapsam:editposix = yes
         ldapsam:trusted = yes
         idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
         idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
         idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
root at domain-controller:/var/log/samba#

More information about the samba mailing list