[Samba] Problem with Samba - Openldap and domain autentication of Windows XP

Claudio Prono claudio.prono at atpss.net
Mon Sep 27 07:59:28 MDT 2010


Hello all,

I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

Here is my testparm:

[global]
        workgroup = MEDIADC
        netbios name = MEDIADC
        map to guest = Bad User
        passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
        log level = 2
        printcap name = cups
        add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
        logon path = \\%L\profiles\.msprofile
        logon drive = P:
        logon home = \\%L\%U\.9xprofile
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
        ldap group suffix = ou=group
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Machines
        ldap passwd sync = yes
        ldap suffix = dc=mediaservice-test,dc=pri
        ldap ssl = no
        ldap user suffix = ou=people
        usershare allow guests = Yes
        idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
        idmap uid = 1000-60000
        idmap gid = 1000-60000
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        read only = No
        inherit acls = Yes
        browseable = No

[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        create mask = 0600
        directory mask = 0700
        store dos attributes = Yes

[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/

[groups]
        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        create mask = 0600
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin, root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

If i try to join a windows xp into the domain i have this results:

[2010/09/27 14:58:52.229946,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
[2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
  netbios connect: name1=MEDIADC        0x20 name2=TESTAFS        0x0
[2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
  netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/27 14:58:52.234068,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
[2010/09/27 14:58:52.234876,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/09/27 14:58:52.236855,  0] smbd/process.c:79(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/09/27 14:58:52.238615,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.239888,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2010/09/27 14:58:52.242954,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:52.295749,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:52.780610,  0]
rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate: no challenge sent to client TESTAFS
[2010/09/27 14:58:53.337111,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.338938,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.339808,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2010/09/27 14:58:53.342371,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:53.347683,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:53.812728,  2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
  Returning domain sid for domain MEDIADC ->
S-1-5-21-1949818787-1514111066-129980733
[2010/09/27 14:58:53.814002,  2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
  Returning domain sid for domain MEDIADC ->
S-1-5-21-1949818787-1514111066-129980733

As it seems all works fine, but windows give an error like "Access
Denied" and the computer is not added to the domain.

What can be the problem? How to debug it?

Any hint is welcome...

Cordially,

Claudio Prono.


-- 
--------------------------------------------------------------------------------
Claudio Prono                         OPST
System Developer               
                                      Gsm: +39-349-54.33.258
@PSS Srl                              Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc






More information about the samba mailing list