Davide Frey
2004-Jan-05 15:33 UTC
[Samba] Urgent Please - Samba 3.0.1 - LDAP - WinXP ... has anyone got it working???
I've been trying to have Samba 3.0.1 work as a primary domain controller using LDAP as the authentication mechanism. However I am unable to get any of my Windows XP Pro machine join the domain. When prompt for an account with permissions to join the domain by the XP client, I give it the Administrator account which is granted Full access to the LDAP directory (BTW this is poor security, what is the right privilege I should give to the Domain Admin?), but SAMBA still responds with a permission denial when trying to open the domain and create the machine account. Here is a log of what happens on the samba server when I attempt the join operation. [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:28, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] [2004/01/05 16:20:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2004/01/05 16:20:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))] [2004/01/05 16:20:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2004/01/05 16:20:41, 2] smbd/server.c:exit_server(558) Closing connections [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:42, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] [2004/01/05 16:20:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2004/01/05 16:20:52, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))] [2004/01/05 16:20:52, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain SOLA -> S-1-5-21-238816456-3885207889-2738941293 [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain SOLA -> S-1-5-21-238816456-3885207889-2738941293 [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) [2004/01/05 16:20:53, 2] smbd/server.c:exit_server(558) Closing connections Does anyone have any suggestion on how to sort this out? thanks Davide
Sundaram Ramasamy
2004-Jan-05 16:16 UTC
[Samba] Urgent Please - Samba 3.0.1 - LDAP - WinXP ... has anyonegot it working???
You need to change Administrator uid to 0 and gui to 521( Domain Admin). -SR> > I've been trying to have Samba 3.0.1 work as a primary domain controller > using LDAP as the authentication mechanism. > > However I am unable to get any of my Windows XP Pro machine join the > domain. When prompt for an account with permissions to join the domain > by the XP client, I give it the Administrator account which is granted > Full access to the LDAP directory (BTW this is poor security, what is > the right privilege I should give to the Domain Admin?), but SAMBA still > responds with a permission denial when trying to open the domain and > create the machine account. > > Here is a log of what happens on the samba server when I attempt the > join operation. > > > [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2004/01/05 16:20:28, 2] lib/smbldap.c:smbldap_search_suffix(1068) > smbldap_search_suffix: searching > for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] > [2004/01/05 16:20:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: Administrator > [2004/01/05 16:20:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) > ldapsam_search_one_group: searching > for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))] > [2004/01/05 16:20:40, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [Administrator] -> > [Administrator] -> [Administrator] succeeded > [2004/01/05 16:20:41, 2] smbd/server.c:exit_server(558) > Closing connections > [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2004/01/05 16:20:42, 2] lib/smbldap.c:smbldap_search_suffix(1068) > smbldap_search_suffix: searching > for:[(&(&(uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] > [2004/01/05 16:20:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: Administrator > [2004/01/05 16:20:52, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) > ldapsam_search_one_group: searching > for:[(&(objectClass=sambaGroupMapping)(gidNumber=513))] > [2004/01/05 16:20:52, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [Administrator] -> > [Administrator] -> [Administrator] succeeded > [2004/01/05 16:20:53, 2] > rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) > Returning domain sid for domain SOLA -> > S-1-5-21-238816456-3885207889-2738941293 > [2004/01/05 16:20:53, 2] > rpc_server/srv_samr_nt.c:access_check_samr_object(93) > _samr_open_domain: ACCESS DENIED (requested: 0x00000211) > [2004/01/05 16:20:53, 2] > rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) > Returning domain sid for domain SOLA -> > S-1-5-21-238816456-3885207889-2738941293 > [2004/01/05 16:20:53, 2] > rpc_server/srv_samr_nt.c:access_check_samr_function(115) > _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: > 0x00000010) > [2004/01/05 16:20:53, 2] smbd/server.c:exit_server(558) > Closing connections > > > Does anyone have any suggestion on how to sort this out? > > thanks > > Davide > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Apparently Analagous Threads
- Problems with NT passwords using Samba3 and LDAP
- Joining a domain with a non-administrator account
- WinXP error when launch "Network Identification Panel"
- can't add a user to Samba with Ldap passwd backend
- [Fwd: Re: Samba 3.0.1 W2K Joing domain error - the user name couldnot be found]