Hi
I read all the HOWTOs I could find on the net about the LDAP PDC and
still, I can't get it to work.
Here are some infos about the server
Samba version 3.0.1pre3 running Redhat 8.0 with a OpenLDAP server
version 2.0.27.
I want to do a new domain named DOMAINB from the users I imported from
DOMAINA (NT4 PDC) using net rpc vampire.
It went well and every user is in the DB, including the machine
accounts and the groups ( groups mappings too ). I don't know if this
is right but I changed every SIDs from the original accounts to the new
server SID (got it from net getlocalsid) please tell me if this is
wrong.
The problem occurs when I try to join the domain using a Windows 2000
SP2 client (signorseal=0). I constantly get the message : User /
Password is wrong from the client.
The root/nobody are also created.
Here are the debug messages I get, starting by the LDAP logs :
daemon: conn=0 fd=9 connection from IP=127.0.0.1:1296 (IP=0.0.0.0:389)
accepted.
conn=0 op=0 BIND dn="CN=ROOT,O=GARAGE,DC=QC,DC=CA" method=128
ber_flush: 14 bytes to sd 9
deferring operation
conn=0 op=0 RESULT tag=97 err=0 textconn=0 op=1 SRCH
base="o=garage,dc=qc,dc=ca" scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=DOMAINB))"
ber_flush: 271 bytes to sd 9
ber_flush: 14 bytes to sd 9
conn=0 op=1 SEARCH RESULT tag=101 err=0 textconn=0 op=2 SRCH
base="o=garage,dc=qc,dc=ca" scope=2
filter="(&(uid=ADMINAM)(objectClass=sambaSamAccount))"
ber_flush: 672 bytes to sd 9
ber_flush: 14 bytes to sd 9
daemon: conn=1 fd=16 connection from IP=127.0.0.1:1297 (IP=0.0.0.0:389)
accepted.
conn=0 op=2 SEARCH RESULT tag=101 err=0 textconn=1 op=0 BIND dn=""
method=128
ber_flush: 14 bytes to sd 16
deferring operation
conn=1 op=0 RESULT tag=97 err=0 textconn=1 op=1 SRCH
base="o=garage,dc=qc,dc=ca" scope=2
filter="(&(objectClass=posixAccount)(uid=ADMINAM))"
ber_flush: 14 bytes to sd 16
conn=1 op=1 SEARCH RESULT tag=101 err=0 textconn=-1 fd=9 closed
conn=-1 fd=16 closed
Now goes the SAMBA log :
[2003/12/06 00:37:23, 4] auth/auth_sam.c:sam_password_ok(224)
sam_password_ok: Checking NT MD4 password
[2003/12/06 00:37:23, 4] auth/auth_sam.c:sam_account_ok(325)
sam_account_ok: Checking SMB password for user ADMINAM
[2003/12/06 00:37:23, 1] auth/auth_util.c:make_server_info_sam(821)
User ADMINAM in passdb, but getpwnam() fails!
[2003/12/06 00:37:23, 5] auth/auth_util.c:free_server_info(1251)
attempting to free (and zero) a server_info structure
[2003/12/06 00:37:23, 0] auth/auth_sam.c:check_sam_security(464)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2003/12/06 00:37:23, 5] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [ADMINAM] FAILED
with error NT_STATUS_NO_SUCH_USER
[2003/12/06 00:37:23, 3] auth/auth_winbind.c:check_winbind_security(79)
check_winbind_security: Not using winbind, requested domain was for
this SAM.
[2003/12/06 00:37:23, 10] auth/auth.c:check_ntlm_password(256)
check_ntlm_password: winbind had nothing to say
[2003/12/06 00:37:23, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: Authentication for user [ADMINAM] -> [ADMINAM]
FAILED with error NT_STATUS_NO_SUCH_USER
[2003/12/06 00:37:23, 5] auth/auth_util.c:free_user_info(1226)
attempting to free (and zero) a user_info structure
[2003/12/06 00:37:23, 10] auth/auth_util.c:free_user_info(1229)
structure was created for ADMINAM
Here is the ADMINAM entry in the backend :
dn: uid=ADMINAM,ou=Users,o=garage,dc=qc,dc=ca
uid: ADMINAM
displayName: Admin
sambaLogonTime: 1070401736
sambaLogoffTime: 1025783704
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPwdLastSet: 1056543798
sambaAcctFlags: [UX ]
objectClass: sambaSamAccount
objectClass: account
sambaDomainName: GARAGE
sambaSID: S-1-5-21-3655003630-1527190663-3647291254-1009
sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-513
Here is my samba config file :
# Global parameters
[global]
#### ADD SCRIPTS
add machine script = /usr/local/samba/share/smbldap-useradd.pl -w %ms"
add user script = /usr/local/samba/share/smbldap-useradd.pl -a %u
delete user script = /usr/local/samba/share/smbldap-userdel.pl %u
add group script = /usr/local/samba/share/smbldap-groupadd.pl %g
delete group script = /usr/local/samba/share/smbldap-groupdel.pl %g
add user to group script = /usr/local/samba/share/smbldap-groupmod.pl"
-m %u %g
delete user from group script =
/usr/local/samba/share/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G
%g %u
null passwords = yes
unix charset = UTF-8
passdb backend = ldapsam:ldap://localhost/
ldap suffix = o=garage,dc=qc,dc=ca
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=root,o=garage,dc=qc,dc=ca
workgroup = GARAGE
netbios name = PDC
comment = Server
security = user
encrypt passwords = yes
logon script = scripts\%U.bat
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
share modes = No
wins support = yes
[homes]
path=/home/domainusers
read only = No
create mask = 0700
directory mask = 0700
locking = No
oplocks = No
[netlogon]
path = /usr/local/samba/netlogon
locking = no
read only = yes
write list = ntadmin
[profiles]
path = /home/domainusers/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
nsswitch.conf is passwd/group/shadow are set to : files ldap
I think this is all, thank you for your help and thanks to the samba
team for writing such a useful software!
Charles Hamel
hamelc@videotron.ca