[Samba] The user name could not be found when joining a samba domain

Mike A. Leonetti mleonetti at evolutionce.com
Mon May 10 14:45:06 MDT 2010 

Actually, what was my ldap.conf had

nss_base_passwd        ou=Computers,dc=directory,dc=server?sub
nss_base_passwd ou=People,dc=directory,dc=server?sub

But SAMBA was creating posix users for each computer it registered to
the domain and the uids were getting mixed with the system users.  So
for example user1 and machine1 would have the same uid.  Horrible things
happened.

So I commented the first line and then machines couldn't join the domain
anymore.

So my question is, can I now move or rename the uids of the machines
that were created by /usr/sbin/smbldap-useradd -w script without
dejoining the workstations from the domain?

Above all, what is the best practice for managing both computers and
domain users in LDAP?  I think I got confused somewhere.

Mike A. Leonetti
As warm as green tea

On 05/01/10 13:09, Damien Dye wrote:
> humm
>
> cn:  workstation75$
>  description:  Computer
>  gecos:  Computer
>  gidNumber:  515
>  homeDirectory:  /dev/null
>  loginShell:  /bin/false
>  objectClass:  top, account, posixAccount
>  uid:  workstation75$
>  uidNumber:  1068
>
> looks like the samba account has not been created only the unix account.
>
> does the join work if you have a samba account for the machine defined first ?
>
>
> --
> Damien Dye BSC(hon)
>
>
>
>
> On 30 April 2010 01:10, Michael Leonetti <mleonetti at evolutionce.com> wrote:
>   
>> Using LDAP and the smbldap-tools.  When attempting to join the domain with an administrative user, the computer gets added to the Computers list in LDAP with the following attributes:
>>
>>
>>  cn:  workstation75$
>>  description:  Computer
>>  gecos:  Computer
>>  gidNumber:  515
>>  homeDirectory:  /dev/null
>>  loginShell:  /bin/false
>>  objectClass:  top, account, posixAccount
>>  uid:  workstation75$
>>  uidNumber:  1068
>>
>> Then the workstation displays this message:
>>
>> "the following error occurred attempting to join the domain "falm"
>>
>> the user name could not be found"
>>
>> Then the workstation log outputs this at log level 3
>>
>> [2010/04/29 19:52:33.724539,  3] smbd/process.c:1485(process_smb)
>>  Transaction 0 of length 137 (0 toread)
>> [2010/04/29 19:52:33.724570,  3] smbd/process.c:1294(switch_message)
>>  switch message SMBnegprot (pid 1986) conn 0x0
>> [2010/04/29 19:52:33.724593,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.724661,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [PC NETWORK PROGRAM 1.0]
>> [2010/04/29 19:52:33.724679,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [LANMAN1.0]
>> [2010/04/29 19:52:33.724692,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [Windows for Workgroups 3.1a]
>> [2010/04/29 19:52:33.724706,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [LM1.2X002]
>> [2010/04/29 19:52:33.724724,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [LANMAN2.1]
>> [2010/04/29 19:52:33.724742,  3] smbd/negprot.c:586(reply_negprot)
>>  Requested protocol [NT LM 0.12]
>> [2010/04/29 19:52:33.724846,  3] smbd/negprot.c:404(reply_nt1)
>>  using SPNEGO
>> [2010/04/29 19:52:33.724862,  3] smbd/negprot.c:691(reply_negprot)
>>  Selected protocol NT LM 0.12
>> [2010/04/29 19:52:33.736749,  3] smbd/process.c:1485(process_smb)
>>  Transaction 1 of length 240 (0 toread)
>> [2010/04/29 19:52:33.736799,  3] smbd/process.c:1294(switch_message)
>>  switch message SMBsesssetupX (pid 1986) conn 0x0
>> [2010/04/29 19:52:33.736880,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.736930,  3] smbd/sesssetup.c:1435(reply_sesssetup_and_X)
>>  wct=12 flg2=0xc807
>> [2010/04/29 19:52:33.736952,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
>> [2010/04/29 19:52:33.737021,  3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
>>  Doing spnego session setup
>> [2010/04/29 19:52:33.737086,  3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
>>  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
>> [2010/04/29 19:52:33.737157,  3] smbd/sesssetup.c:805(reply_spnego_negotiate)
>>  reply_spnego_negotiate: Got secblob of size 40
>> [2010/04/29 19:52:33.737254,  3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>  Got NTLMSSP neg_flags=0xa2088207
>> [2010/04/29 19:52:33.738057,  3] smbd/process.c:1485(process_smb)
>>  Transaction 2 of length 358 (0 toread)
>> [2010/04/29 19:52:33.738121,  3] smbd/process.c:1294(switch_message)
>>  switch message SMBsesssetupX (pid 1986) conn 0x0
>> [2010/04/29 19:52:33.738185,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.738244,  3] smbd/sesssetup.c:1435(reply_sesssetup_and_X)
>>  wct=12 flg2=0xc807
>> [2010/04/29 19:52:33.738285,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
>> [2010/04/29 19:52:33.738337,  3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
>>  Doing spnego session setup
>> [2010/04/29 19:52:33.738396,  3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
>>  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
>> [2010/04/29 19:52:33.738471,  3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
>>  Got user=[administrator] domain=[falm] workstation=[WORKSTATION75] len1=24 len2=24
>> [2010/04/29 19:52:33.738557,  3] auth/auth.c:216(check_ntlm_password)
>>  check_ntlm_password:  Checking password for unmapped user [falm]\[administrator]@[WORKSTATION75] with the new password interface
>> [2010/04/29 19:52:33.738622,  3] auth/auth.c:219(check_ntlm_password)
>>  check_ntlm_password:  mapped user is: [falm]\[administrator]@[WORKSTATION75]
>> [2010/04/29 19:52:33.738687,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.738728,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.738771,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.738960,  2] lib/smbldap.c:950(smbldap_open_connection)
>>  smbldap_open_connection: connection opened
>> [2010/04/29 19:52:33.739601,  3] lib/smbldap.c:1166(smbldap_connect_system)
>>  ldap_connect_system: successful connection to the LDAP server
>> [2010/04/29 19:52:33.740038,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
>>  init_sam_from_ldap: Entry found for user: administrator
>> [2010/04/29 19:52:33.740168,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.740211,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.740252,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.740344,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.740469,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.740508,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.740548,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.740809,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.741718,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.741765,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.741803,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.742113,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
>>  init_group_from_ldap: Entry found for group: 500
>> [2010/04/29 19:52:33.742196,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.742255,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.742299,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.742347,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.742393,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
>> [2010/04/29 19:52:33.742434,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.742480,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
>> [2010/04/29 19:52:33.743163,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
>>  init_group_from_ldap: Entry found for group: 500
>> [2010/04/29 19:52:33.743221,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.743269,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743309,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.743347,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743395,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.743444,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743512,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.743550,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743590,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.743649,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743708,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.743830,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743868,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.743907,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.743968,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.744004,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.744044,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2010/04/29 19:52:33.744079,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.746497,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.746517,  3] smbd/uid.c:429(push_conn_ctx)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>> [2010/04/29 19:52:33.746538,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>> [2010/04/29 19:52:33.747055,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
>>  init_group_from_ldap: Entry found for group: 512
>>
>> The problem is the log doesn't give me any information on what's going on and this happened out of nowhere.  Any help would really be appreciated.
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

More information about the samba mailing list