samba - Mar 2004 - AW: SAMBA 3 as PDC - W2K/WXP Pro logon trouble

Oh, so you are using ldap..., well I'm still working with smbpasswd as
backend :-(

Anyway, I tried 'net getlocalsid' for the domain-sid -> ok
Next 'net usersidlist' which should show me the user-sids ->
didn't
work: "[2004/03/04 06:40:05, 0, pid=31232, effective(0, 0), real(0, 0)]
utils/net_rpc.c:net_usersidlist(2158)
  Could not get the user/sid list"

So used 'net user' instead, which then gave me the user list!?

What am I missing here? And is there a way to see the machine sids too?
Or are they included in the users?

Thanks in advance,

Markus


> -----Urspr?ngliche Nachricht-----
> Von: Scott Gross [mailto:SGross@newsgroupwest.com]
> Gesendet: Mittwoch, 03. M?rz 2004 18:29
> An: Stumpfl Markus
> Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> Wichtigkeit: Hoch
> 
> I use a little windows gui program called LDAP browser to look at my
LDAP
> entries and I was just looking through the entries at the SID's since
> someone suggested it might be an SID problem and noticed the
discrepancy
> on
> the domain name entry.  I changed it to match all the others just to
see
> if
> it would have any effect and wallah it worked.
> 
> > -----Original Message-----
> > From: Stumpfl Markus [mailto:htl.traun.kustos@eduhi.at]
> > Sent: Tuesday, March 02, 2004 10:52 PM
> > To: 'Scott Gross'
> > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> >
> > Thx, but how did you find out? With what commands? Sry for the
stupid
> > questions, but I'm kinda knew to samba.
> >
> > Thanks in advance,
> >
> > Stumpfl Markus
> >
> >
> >
> > > -----Urspr?ngliche Nachricht-----
> > > Von: Scott Gross [mailto:SGross@newsgroupwest.com]
> > > Gesendet: Dienstag, 02. M?rz 2004 18:14
> > > An: Stumpfl Markus; Scott Gross
> > > Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> > >
> > > I got mine working it was SID mismatch. The Domain name SID was
> > different
> > > from the server and the users.
> > >
> > >
> > > > -----Original Message-----
> > > > From: Stumpfl Markus [mailto:htl.traun.kustos@eduhi.at]
> > > > Sent: Monday, March 01, 2004 11:22 PM
> > > > To: 'Scott Gross'
> > > > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon
trouble
> > > >
> > > > Do you get the problem (when trying domain logon):
"invalid
password
> > or
> > > > domain"?
> > > > I've got the same prob...
> > > >
> > > > I'll tell you, when it's working and vice versa,
hopefully ;-)
> > > >
> > > > Stumpfl Markus
> > > >
> > > >
> > > >
> > > > > -----Urspr?ngliche Nachricht-----
> > > > > Von:
samba-bounces+htl.traun.kustos=eduhi.at@lists.samba.org
> > > > >
[mailto:samba-bounces+htl.traun.kustos=eduhi.at@lists.samba.org]
> > Im
> > > > > Auftrag von Scott Gross
> > > > > Gesendet: Freitag, 27. Februar 2004 18:25
> > > > > An: samba@lists.samba.org
> > > > > Betreff: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon
trouble
> > > > >
> > > > > I have a Samba 3 PDC running with an LDAP backend on
Red Hat
8.
> > All
> > > > > authentication appears to be working correctly but I
can't
login
> > to
> > > > the
> > > > > domain from a W2K or WXP Pro workstation after I have
successfully
> > > > joined
> > > > > them to the domain.  If I login locally to the
workstation I
can
> > > > browse
> > > > > the
> > > > > Samba shares just fine.  I have checked the schannel
and sign
or
> > seal
> > > > > settings on both the workstations and the server and
made sure
> > they
> > > > were
> > > > > set
> > > > > to disable but still no luck.  Can anyone give me any
ideas on
how
> > to
> > > > > solve
> > > > > this problem.
> > > > >
> > > > >
> > > > >
> > > > > TIA
> > > > >
> > > > > Scott
> > > > >
> > > > >
> > > > >
> > > > > Smb.conf
> > > > >
> > > > > # Samba config file created using SWAT
> > > > >
> > > > > # from 0.0.0.0 (0.0.0.0)
> > > > >
> > > > > # Date: 2003/11/25 10:42:04
> > > > >
> > > > >
> > > > >
> > > > > # Global parameters
> > > > >
> > > > > [global]
> > > > >
> > > > >         workgroup = FIFEDEV
> > > > >
> > > > >         netbios name = Dev
> > > > >
> > > > >         null passwords = Yes
> > > > >
> > > > >         passdb backend = ldapsam
> > > > >
> > > > >         passwd program =
/usr/local/bin/smbldap-passwd.pl -o
%u
> > > > >
> > > > >         passwd chat = *new*password* %n\n
*new*password:* %n\
> > > > > *successfully*
> > > > >
> > > > >         passwd chat debug = Yes
> > > > >
> > > > >         log file = /var/log/samba/%m.log
> > > > >
> > > > >         socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
> > > > >
> > > > >         add user script =
/usr/local/sbin/smbldap-useradd.pl
-a
> > "%u"
> > > > >
> > > > >         delete user script
/usr/local/sbin/smbldap-useradd.pl -d
> > > > "%u"
> > > > >
> > > > >         add group script =
/usr/local/sbin/smbldap-useradd.pl
-a
> > -g
> > > > "%g%
> > > > >
> > > > >         delete group script
/usr/local/sbin/smbldap-useradd.pl
> > -d -g
> > > > > "%g"
> > > > >
> > > > >         add user to group script > >
/usr/local/sbin/smbldap-useradd.pl
> > > > -j -
> > > > > u
> > > > > "%u" -g "%g"
> > > > >
> > > > >         delete user from group script > > >
> /usr/local/sbin/smbldap-useradd.pl
> > > > > -j -u "%u" -g "%g"
> > > > >
> > > > >         set primary group script > >
/usr/local/sbin/smbldap-useradd.pl
> > > > -m -
> > > > > u
> > > > > "%u" -gid "%g"
> > > > >
> > > > >         add machine script
/usr/local/sbin/smbldap-useradd.pl -a
> > -w
> > > > "%m"
> > > > >
> > > > >         logon script = logon.bat
> > > > >
> > > > >         logon path > > > > >
> > > > >         logon drive > > > > >
> > > > >         domain logons = Yes
> > > > >
> > > > >         os level = 22
> > > > >
> > > > >         preferred master = Yes
> > > > >
> > > > >         domain master = Yes
> > > > >
> > > > >         wins support = Yes
> > > > >
> > > > >         wins proxy = No
> > > > >
> > > > >         ldap suffix = dc=test,dc=com
> > > > >
> > > > >         ldap machine suffix = ou=_COMPUTERS_
> > > > >
> > > > >         ldap user suffix = ou=_USERS_
> > > > >
> > > > >         ldap group suffix = ou=_GROUPS_
> > > > >
> > > > >         ldap admin dn =
"cn=Manager,dc=test,dc=com"
> > > > >
> > > > >         ldap ssl = No
> > > > >
> > > > >         ldap passwd sync = yes
> > > > >
> > > > >         comment = Samba-PDC Server
> > > > >
> > > > >         public = No
> > > > >
> > > > >         browseable = Yes
> > > > >
> > > > >         writable = No
> > > > >
> > > > >         client schannel = No
> > > > >
> > > > >         server schannel = No
> > > > >
> > > > >         client signing = No
> > > > >
> > > > >         server signing = No
> > > > >
> > > > >
> > > > >
> > > > > [netlogon]
> > > > >
> > > > >         path = /usr/local/samba/lib/netlogon
> > > > >
> > > > >         read only = Yes
> > > > >
> > > > >         write list = ntadmin
> > > > >
> > > > >         locking = No
> > > > >
> > > > >
> > > > >
> > > > > [tmp]
> > > > >
> > > > >         path = /tmp
> > > > >
> > > > >         guest ok = Yes
> > > > >
> > > > >         read only = Yes
> > > > >
> > > > >
> > > > >
> > > > > [profiles]
> > > > >
> > > > >         path = /profiles
> > > > >
> > > > >         read only = No
> > > > >
> > > > >         writable = Yes
> > > > >
> > > > >         create mask = 0600
> > > > >
> > > > >         directory mask = 0700
> > > > >
> > > > >
> > > > >
> > > > > [homes]
> > > > >
> > > > >         comment = Home Directories
> > > > >
> > > > >         browsable = no
> > > > >
> > > > >         writeable = yes
> > > > >
> > > > >         valid users = %S
> > > > >
> > > > >         create mask = 0700
> > > > >
> > > > >         directory mask = 0700
> > > > >
> > > > >         hide dot files = yes
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL
and read
the
> > > > > instructions: 
http://lists.samba.org/mailman/listinfo/samba