I was having a problem with my Samba PDC with LDAP backend.
Some of my workstations (W2kSP4) couln't log into the domain. I
removed the machines from the domain, changed the name, created a
new
machine-account, but I still can't add the machine to the domain.
smbclient -L localhost
Enter root's password:
Anonymous login successful
Domain=[DCHOMO] OS=[Unix] Server=[Samba 3.2.11-0.28]
S.O.=Red Hat Enterprise Linux Server (2.6.18-164.6.1.el5)
Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
public Disk Public Stuff
IPC$ IPC IPC Service (Samba Server Domain Homo)
Anonymous login successful
Domain=[DCHOMO] OS=[Unix] Server=[Samba 3.2.11-0.28]
Server Comment
--------- -------
DCHOMO Samba Server Domain Homo
Workgroup Master
--------- -------
DCHOMO DCHOMO
api_rpcTNP: rpc command: SAMR_CONNECT4
[2009/12/18 17:27:53, 3] lib/util_seaccess.c:se_access_check(249)
[2009/12/18 17:27:53, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2188918441-1838679514-704389668-512
se_access_check: also S-1-22-2-11752
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-1-11752
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 984
[2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550)
Transaction 20 of length 140 (0 toread)
[2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans (pid 28881) conn 0x9698f70
[2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=52 params=0 setup=2
[2009/12/18 17:27:53, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2009/12/18 17:27:53, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 751a)
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308)
api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2009/12/18 17:27:53, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(246)
_samr_EnumDomains: ACCESS DENIED (granted: 0x00000002; required: 0x00000010)
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550)
Transaction 21 of length 140 (0 toread)
[2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans (pid 28881) conn 0x9698f70
[2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=52 params=0 setup=2
[2009/12/18 17:27:53, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2009/12/18 17:27:53, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 751a)
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308)
api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2009/12/18 17:27:53, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(246)
_samr_EnumDomains: ACCESS DENIED (granted: 0x00000002; required: 0x00000010)
[2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550)
Transaction 22 of length 132 (0 toread)
[2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans (pid 28881) conn 0x9698f70
[2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436)
[2009/12/18 17:27:54, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [u40003] succeeded
[2009/12/18 17:27:54, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/12/18 17:27:54, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/12/18 17:27:54, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088215
[2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(320)
register_existing_vuid: User name: u40003 Real name: PEREZ, JUAN JAVIER
[2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(332)
register_existing_vuid: UNIX uid 11752 is UNIX user u40003, and will be vuid
100
[2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(353)
Adding homes service for user 'u40003' using home directory:
'/home/u40003'
[2009/12/18 17:27:54, 3] smbd/process.c:process_smb(1550)
Transaction 3 of length 90 (0 toread)
[2009/12/18 17:27:54, 3] smbd/process.c:switch_message(1
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[Profiles]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = DCHOMO
netbios name = DCHOMO
server string = Samba Server Domain Afip
interfaces = eth0, 10.0.0.10/24
passdb backend = ldapsam:ldap://ldaphomo
client lanman auth = Yes
log level = 3
log file = /var/log/samba/log.%m
max log size = 500
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon path domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=domain,o=afip,c=ar
ldap group suffix = ou=domain,ou=Groups
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = o=afip,c=ar
ldap user suffix = ou=personas
hosts allow = 10.0.0.0/8, 127.
[Profiles]
path = /home/domain/profiles
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/domain/netlogon
write list = @domainadmins
guest ok = Yes
share modes = No
[public]
comment = Public Stuff
path = /home/samba
write list = +staff
guest only = Yes
guest ok = Yes
2009/12/21 Diego Vera <divera at afip.gov.ar>:> [global] > ? ? ? ?workgroup = DCHOMO > ? ? ? ?netbios name = DCHOMOChange your workgroup name or your netbios name. Both can't be the same.
I tried changing the netbios name and does the same thing. with WinXP machines have no problem. somebody has any other ideas! Thank you very much De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Zoolook Enviado el: Lunes, 21 de Diciembre de 2009 14:46 Para: Diego Vera CC: samba at lists.samba.org Asunto: Re: [Samba] Fw: W2KSP4 Problem 2009/12/21 Diego Vera <divera at afip.gov.ar>:> [global] > workgroup = DCHOMO > netbios name = DCHOMOChange your workgroup name or your netbios name. Both can't be the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba _____ De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Diego Vera Enviado el: Lunes, 21 de Diciembre de 2009 13:32 Para: samba at lists.samba.org Asunto: [Samba] Fw: W2KSP4 Problem I was having a problem with my Samba PDC with LDAP backend. Some of my workstations (W2kSP4) couln't log into the domain. I removed the machines from the domain, changed the name, created a new machine-account, but I still can't add the machine to the domain. smbclient -L localhost Enter root's password: Anonymous login successful Domain=[DCHOMO] OS=[Unix] Server=[Samba 3.2.11-0.28] S.O.=Red Hat Enterprise Linux Server (2.6.18-164.6.1.el5) Sharename Type Comment --------- ---- ------- netlogon Disk Network Logon Service public Disk Public Stuff IPC$ IPC IPC Service (Samba Server Domain Homo) Anonymous login successful Domain=[DCHOMO] OS=[Unix] Server=[Samba 3.2.11-0.28] Server Comment --------- ------- DCHOMO Samba Server Domain Homo Workgroup Master --------- ------- DCHOMO DCHOMO api_rpcTNP: rpc command: SAMR_CONNECT4 [2009/12/18 17:27:53, 3] lib/util_seaccess.c:se_access_check(249) [2009/12/18 17:27:53, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2188918441-1838679514-704389668-512 se_access_check: also S-1-22-2-11752 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-1-11752 [2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 984 [2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550) Transaction 20 of length 140 (0 toread) [2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 28881) conn 0x9698f70 [2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=52 params=0 setup=2 [2009/12/18 17:27:53, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/12/18 17:27:53, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 751a) [2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/12/18 17:27:53, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308) api_rpcTNP: rpc command: SAMR_ENUMDOMAINS [2009/12/18 17:27:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_EnumDomains: ACCESS DENIED (granted: 0x00000002; required: 0x00000010) [2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550) Transaction 21 of length 140 (0 toread) [2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 28881) conn 0x9698f70 [2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=52 params=0 setup=2 [2009/12/18 17:27:53, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/12/18 17:27:53, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 751a) [2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/12/18 17:27:53, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308) api_rpcTNP: rpc command: SAMR_ENUMDOMAINS [2009/12/18 17:27:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_EnumDomains: ACCESS DENIED (granted: 0x00000002; required: 0x00000010) [2009/12/18 17:27:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/12/18 17:27:53, 3] smbd/process.c:process_smb(1550) Transaction 22 of length 132 (0 toread) [2009/12/18 17:27:53, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 28881) conn 0x9698f70 [2009/12/18 17:27:53, 3] smbd/ipc.c:handle_trans(436) [2009/12/18 17:27:54, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [u40003] succeeded [2009/12/18 17:27:54, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/12/18 17:27:54, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/12/18 17:27:54, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088215 [2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(320) register_existing_vuid: User name: u40003 Real name: PEREZ, JUAN JAVIER [2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(332) register_existing_vuid: UNIX uid 11752 is UNIX user u40003, and will be vuid 100 [2009/12/18 17:27:54, 3] smbd/password.c:register_existing_vuid(353) Adding homes service for user 'u40003' using home directory: '/home/u40003' [2009/12/18 17:27:54, 3] smbd/process.c:process_smb(1550) Transaction 3 of length 90 (0 toread) [2009/12/18 17:27:54, 3] smbd/process.c:switch_message(1 testparm Load smb config files from /etc/samba/smb.conf Processing section "[Profiles]" Processing section "[netlogon]" Processing section "[public]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = DCHOMO netbios name = DCHOMO server string = Samba Server Domain Afip interfaces = eth0, 10.0.0.10/24 passdb backend = ldapsam:ldap://ldaphomo client lanman auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 500 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=domain,o=afip,c=ar ldap group suffix = ou=domain,ou=Groups ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = o=afip,c=ar ldap user suffix = ou=personas hosts allow = 10.0.0.0/8, 127. [Profiles] path = /home/domain/profiles read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service path = /home/domain/netlogon write list = @domainadmins guest ok = Yes share modes = No [public] comment = Public Stuff path = /home/samba write list = +staff guest only = Yes guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
2009/12/22 Javier Colella <jacolella at afip.gov.ar>:> I tried changing the netbios name and does the same thing. with WinXP > machines have no problem.was this working before? what changes did you do?
Approval by host-seeking was gone (samba + ldap approval) when we try to pass it on to production and did not work. then tested the following mix-: Samba (approval) + ldap (production), did not work Samba (production) + ldap (approval), did not work Samba + ldap (production) did not work and most unusual Samba + ldap (approval) that was walking, did not work, probably something we touched but really do not know. With WinXP and Win2003 Server works great ... If anyone has any idea where to look, really appreciate it .. _____ De: Zoolook [mailto:nbensa at gmail.com] Enviado el: Martes, 22 de Diciembre de 2009 12:04 Para: Colella Javier Anibal CC: samba at lists.samba.org Asunto: Re: [Samba] Fw: W2KSP4 Problem 2009/12/22 Javier Colella <jacolella at afip.gov.ar>:> I tried changing the netbios name and does the same thing. with WinXP > machines have no problem.was this working before? what changes did you do?