[Samba] Problem with Samba - Openldap and domain autentication of Windows XP
Claudio Prono
claudio.prono at atpss.net
Mon Sep 27 07:59:28 MDT 2010
Hello all,
I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.
Here is my testparm:
[global]
workgroup = MEDIADC
netbios name = MEDIADC
map to guest = Bad User
passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
log level = 2
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = yes
ldap suffix = dc=mediaservice-test,dc=pri
ldap ssl = no
ldap user suffix = ou=people
usershare allow guests = Yes
idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
idmap uid = 1000-60000
idmap gid = 1000-60000
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
If i try to join a windows xp into the domain i have this results:
[2010/09/27 14:58:52.229946, 0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
[2010/09/27 14:58:52.233371, 2] smbd/reply.c:536(reply_special)
netbios connect: name1=MEDIADC 0x20 name2=TESTAFS 0x0
[2010/09/27 14:58:52.233498, 2] smbd/reply.c:547(reply_special)
netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/27 14:58:52.234068, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.233647, 0] lib/util_sock.c:675(write_data)
[2010/09/27 14:58:52.234876, 0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/09/27 14:58:52.236855, 0] smbd/process.c:79(srv_send_smb)
Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/09/27 14:58:52.238615, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.239888, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2010/09/27 14:58:52.242954, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:52.295749, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:52.780610, 0]
rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate: no challenge sent to client TESTAFS
[2010/09/27 14:58:53.337111, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.338938, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.339808, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2010/09/27 14:58:53.342371, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:53.347683, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:53.812728, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Returning domain sid for domain MEDIADC ->
S-1-5-21-1949818787-1514111066-129980733
[2010/09/27 14:58:53.814002, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Returning domain sid for domain MEDIADC ->
S-1-5-21-1949818787-1514111066-129980733
As it seems all works fine, but windows give an error like "Access
Denied" and the computer is not added to the domain.
What can be the problem? How to debug it?
Any hint is welcome...
Cordially,
Claudio Prono.
--
--------------------------------------------------------------------------------
Claudio Prono OPST
System Developer
Gsm: +39-349-54.33.258
@PSS Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc
More information about the samba
mailing list