Hi
I have a small problem with joining a XP box to a Samba domain, which I
hope that someone can put some light on.
The setup:
Samba 3.0.4 using ldap for users. All users are created with both posix
and samba accounts. Users can login with ssh (pam/nss), smbclient and net
use \\pdc\share /USER:username (also from XP pro).
W2k workstations can join the domain.
When I try to join a XP (pro) workstation I get the following in the log:
[2004/06/01 11:51:47, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA))]
[2004/06/01 11:51:47, 2] lib/smbldap.c:smbldap_open_connection(639)
smbldap_open_connection: connection opened
[2004/06/01 11:51:47, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2004/06/01 11:51:47, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2004/06/01 11:51:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
init_sam_from_ldap: Entry found for user: root
[2004/06/01 11:51:48, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2004/06/01 11:51:48, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477)
Returning domain sid for domain SAMBA ->
S-1-5-21-3689821868-1502956241-3879604288
[2004/06/01 11:51:52, 2] smbd/server.c:exit_server(568) Closing connections
It appears that the PDC returns the domain SID and the client just chooses
to ignore it i.e. closing the connection.
I have tried both with and without the signorseal registry change. The
most recent info seems to indicate that it is not needed, but I was not
sure. The machine account gets created automatically. I have tried to
create it manually (using smbldap-useradd -w from IDEALIX's smbldap
tools), but with the same result. The global section of the smb.conf file
are included below.
I have searched the archives and google but found nothing except one other
having the same problem, but no solution was found.
Does anyone have any ideas?
Best regards
Mikael M. Hansen
smb.conf:
[global]
workgroup = SAMBA
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = 'ldapsam:ldap://ldap1.cs.auc.dk
ldap://ldap2.cs.auc.dk'
passwd program = /var/lib/samba/sbin/smbldap-passwd-auto %u
passwd chat = *New*password*:* %n\n *Retype*new*password*:* %n\n
passwd chat debug = Yes
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 2
smb ports = 139 445
name resolve order = wins hosts bcast
add user script = /var/lib/samba/sbin/smbldap-useradd -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel %u
add group script = /var/lib/samba/sbin/smbldap-groupadd -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel '%g'
add user to group script = /var/lib/samba/sbin/smbldap-groupmod -m
'%u' '%g'
delete user from group script = /var/lib/samba/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod -h
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\%U\.profile
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=cs,dc=aau,dc=dk
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = "cn=Manager,dc=cs,dc=aau,dc=dk"
ldap ssl = start tls
ldap passwd sync = Yes
idmap backend = ldap:ldap://ldap1.cs.auc.dk
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
