samba - Aug 2002 - LDAP Domain Trust

I have a small problem.  I'm an LDAP newbie, and am having trouble getting
Samba to authenticate.  What I have is an LDAP tree, with the samba.schema
loaded in out LDAP configuration.  I already tested smb.conf without
ldap-sam compiled in, and it authenticates just fine to smbpasswd and
locally added machine trust accounts.

Submitted for your assistance:

Prelim:

1. WSName = workstation name
2. TESTDOM = domain name
3. myuser = User in LDAP database
   a. authenticated via smbpasswd
4. Joined domain as configured with LDAP with smbpasswd


On Server:

1. User accounts added
2. run:  smbldap-useradd.pl -w WSName
   a. Not sure where the perl script came from
   b. LDAP was set up for my by my boss
3. Added "root" user to LDAP


On XP: First Run

1. Edit registry to zero out requiresignorseal
2. Reboot
3. right click on My Computer, to to properties
4. Go to Computer Name, click on Change
5. Make sure name is:  WSName
6. Click on Domain, add "TESTDOM" to domain field
7. Asks for user allowed access, enter "root" user and pass
8. After long wait, it says "Welcom to domain...." blah blah
9. Reboot, try to authenticate as "myuser"
   a. Says something about not being able to find the domain
10. Log in as administrator local, says that I am joined to the
    domain.

On XP, second run:

1. right click on My Computer, go to properties
2. go to computer name, go to Network ID
3. Follow directions in Wizard
4. When I get to the final window, where it asks to
   add a user, it tells me that it cant establish a
   "Trust Account" with the server.  WTF?

Like I said, when I manually add all the info in Samba's smbpasswd with
Samba compiled without LDAP, everything goes smooth.  I can auth as
different users, etc.

Any help out there?  We are a commercial company and would be willing to
pay someone.  I have a feeling this has something to do with Samba and
LDAP not playing well together.  My LDAP samba.schema is located here:

http://arthur.linuxbox.nu/samba.schema

-- 

Arthur H. Johnson II
Senior Systems Engineer

The Linux Box
206 S. Fifth Ave. Suite 150
Ann Arbor, MI  48104

tel.  734-761-4689
fax.  734-769-8938
pgr.  734-882-0323

Have you created a machine account for the computer?

If not this is your problem.

You do it by creating a blank user with the name WSName$ in /etc/passwd and
then creating a SMB entry using

smbpasswd -a -m WSName

this will create the trust account.

If you have any problems check the samba-pdc-howto
http://www.mirror.ac.uk/sites/ftp.samba.org/docs/htmldocs/samba-pdc-howto.ht
ml

Regards,

Simon

----- Original Message -----
From: "Arthur H. Johnson II" <arthur@linuxbox.nu>
To: <samba@lists.samba.org>
Cc: "Matt Benjamin" <matt@linuxbox.nu>;
<elizabeth@linuxbox.nu>
Sent: Thursday, August 08, 2002 9:27 PM
Subject: [Samba] LDAP Domain Trust

>
> I have a small problem.  I'm an LDAP newbie, and am having trouble
getting
> Samba to authenticate.  What I have is an LDAP tree, with the samba.schema
> loaded in out LDAP configuration.  I already tested smb.conf without
> ldap-sam compiled in, and it authenticates just fine to smbpasswd and
> locally added machine trust accounts.
>
> Submitted for your assistance:
>
> Prelim:
>
> 1. WSName = workstation name
> 2. TESTDOM = domain name
> 3. myuser = User in LDAP database
>    a. authenticated via smbpasswd
> 4. Joined domain as configured with LDAP with smbpasswd
>
>
> On Server:
>
> 1. User accounts added
> 2. run:  smbldap-useradd.pl -w WSName
>    a. Not sure where the perl script came from
>    b. LDAP was set up for my by my boss
> 3. Added "root" user to LDAP
>
>
> On XP: First Run
>
> 1. Edit registry to zero out requiresignorseal
> 2. Reboot
> 3. right click on My Computer, to to properties
> 4. Go to Computer Name, click on Change
> 5. Make sure name is:  WSName
> 6. Click on Domain, add "TESTDOM" to domain field
> 7. Asks for user allowed access, enter "root" user and pass
> 8. After long wait, it says "Welcom to domain...." blah blah
> 9. Reboot, try to authenticate as "myuser"
>    a. Says something about not being able to find the domain
> 10. Log in as administrator local, says that I am joined to the
>     domain.
>
> On XP, second run:
>
> 1. right click on My Computer, go to properties
> 2. go to computer name, go to Network ID
> 3. Follow directions in Wizard
> 4. When I get to the final window, where it asks to
>    add a user, it tells me that it cant establish a
>    "Trust Account" with the server.  WTF?
>
> Like I said, when I manually add all the info in Samba's smbpasswd with
> Samba compiled without LDAP, everything goes smooth.  I can auth as
> different users, etc.
>
> Any help out there?  We are a commercial company and would be willing to
> pay someone.  I have a feeling this has something to do with Samba and
> LDAP not playing well together.  My LDAP samba.schema is located here:
>
> http://arthur.linuxbox.nu/samba.schema
>
> --
>
> Arthur H. Johnson II
> Senior Systems Engineer
>
> The Linux Box
> 206 S. Fifth Ave. Suite 150
> Ann Arbor, MI  48104
>
> tel.  734-761-4689
> fax.  734-769-8938
> pgr.  734-882-0323
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>