samba - Feb 2002 - Samba 2.2.3a + LDAP Domain Logons

Hi all

After 6 odd hours of trying to get this to work I thought I'd email the
list incase someone can point out my mistake.

I have a setup at home with samba (2.2.3a), LDAP, nss-ldap and domain
logons work fine from 95/98/W2K/XP

I then go to a brand new server in another location. Do the exact same
setup (i even copied smb.conf and changed the netbios name, etc)

I can do domain logons from Win95/98 but W2K/XP report "Access Denied"
(once I type in the login/password for the admin user to join the
domain)
My user is called ntadmin and is part of the 'sysadmin' group. If I do a
'id ntadmin' it shows that the user is part of the group sysadmin.
In my smb.conf I have 'domain admin group = @sysadmin'
I have even exported the machine account I have on my home LDAP tree and
imported it on this new machine (of course, changing the dn, uid,
uidNumber, rid, etc) and it simply does not work. It always says Access
Denied

The only error that I can see in the log file is:

ldap_open_connection: Cannot use LDAP when not root

followed by the all-around-famous "NT_STATUS_ACCESS_DENIED" message in
the logs.

I would reaaaaaaally appreciate it if anyone had any ideas/suggestions
to throw my way on this problem. I'm going bald here!

Thanks in advance!

Gonzalo.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20020216/63b7e5bf/attachment.bin

On 17 Feb 2002, Gonzalo Servat wrote:
> My user is called ntadmin and is part of the 'sysadmin' group. If I
do a
> 'id ntadmin' it shows that the user is part of the group sysadmin.
> In my smb.conf I have 'domain admin group = @sysadmin'
> I have even exported the machine account I have on my home LDAP tree and
> imported it on this new machine (of course, changing the dn, uid,
> uidNumber, rid, etc) and it simply does not work. It always says Access
> Denied
> 
> The only error that I can see in the log file is:
> 
> ldap_open_connection: Cannot use LDAP when not root
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You have to join to the domain as root.












chau, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN
0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--