I am running Samba 3.0.2 as a PDC on a Fedora Core 1 machine using openldap
as the password backend. I think I've got all the openldap stuff working. I
can log in, ssh, etc. using ldap accounts.
When I try to join an XP machine to the domain, I get an error on the XP
machine that reads: The following error occurred attempting to join the
domain "TIMBERLINE": The user name could not be found.
When I check the logs, it is clear that the authentication succeeded and the
script to add a machine account completed successfully. So I can't figure
out what is causing the error.
Any help would be much appreciated!
Dan Meigs
--------
My smb.conf file is as follows:
#======================= Global Settings ========[global]
log level = 3
workgroup = TIMBERLINE
netbios name = RAINIER
security = user
encrypt passwords = yes
username map = /etc/samba/smbusers
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel.pl '%u'
add group script = /usr/local/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel.pl '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m
'%g'
'%u'
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
'%g' '%u'
set primary group script = /usr/local/sbin/smbldap-usermod.pl -g '%g'
'%u'
add machine script = /usr/local/sbin/smbldap-useradd.pl -w '%m'
ldap admin dn = "cn=Manager,dc=tlinenm,dc=com"
ldap ssl = start tls
passdb backend = ldapsam:ldap://rainier.tlinenm.com
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=tlinenm,dc=com
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
server string = Samba Server on Rainier
hosts allow = 192.168.0. 127.
printcap name = cups
printing = cups
log file = /var/log/samba/%m.log
max log size = 500
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 35
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
dns proxy = yes
#============================ Share Definitions =============[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
path = /home/profiles
browseable = no
guest ok = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
---------
The smb log file is as follows (log level 2):
[2004/06/29 12:35:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: root
[2004/06/29 12:35:07, 2] passdb/pdb_ldap.c:init_group_from_ldap(1697)
init_group_from_ldap: Entry found for group: 512
[2004/06/29 12:35:07, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [Administrator] -> [root]
->
[root] succeeded
[2004/06/29 12:35:07, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.98)
[2004/06/29 12:35:08, 2] smbd/server.c:exit_server(558)
Closing connections
[2004/06/29 12:35:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: root
[2004/06/29 12:35:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(1697)
init_group_from_ldap: Entry found for group: 512
[2004/06/29 12:35:09, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [Administrator] -> [root]
->
[root] succeeded
[2004/06/29 12:35:09, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.98)
[2004/06/29 12:35:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
Returning domain sid for domain TIMBERLINE ->
S-1-5-21-1936347354-1918943746-3536452940
[2004/06/29 12:35:10, 2] smbd/server.c:exit_server(558)
Closing connections