thr3ads.net - samba - [Samba] join ldap pdc domain "Access is denied." [Sep 2004]

If this information is useful, please help other people find it:
Share via:
John Stile
2004-Sep-21 23:58 UTC
[Samba] join ldap pdc domain "Access is denied."

I am trying to join a W2k Workstation to a samba PDC (SuSE9.1
samba-3.0.4, openldap2-2.2.6, samba-winbind-3.0.4) following the book
Samba-3 By Example, by John H. Terpstra.

The error is "Access is denied." on the Windows, when trying to join
the
domain from My Computer->Properties->Identification->Member
of->Domain->WASTE2.

Administrator is mapped to a uid=0:
  getent passwd |grep Admin
    Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false

From the workstation I can map a share with user=Administrator and
passwd=not24get
This is the slapd log for the transaction (I did not see the logs in
/var/log/samba/log.* grow):

Sep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 ACCEPT from IP=127.0.0.2:34839
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 ACCEPT from IP=127.0.0.2:34840
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND
dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH base="dc=STILEN,dc=COM"
scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND
dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: connection_input: conn=2 deferring
operation: binding
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH base="dc=STILEN,dc=COM"
scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH
base="dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 ACCEPT from
IP=127.0.0.1:34841 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SEARCH RESULT
tag=101 err=0 nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=1 op=3
SRCH base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 ACCEPT from IP=127.0.0.2:34842
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 ACCEPT from IP=127.0.0.2:34843
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND
dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH base="dc=STILEN,dc=COM"
scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND
dn="cn=Manager,dc=stilen,dc=com" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=1
textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH
base="dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH
base="dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 ACCEPT from
IP=127.0.0.1:34844 (IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND
dn="cn=Manager,dc=STILEN,dc=COM" mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 RESULT tag=97 err=0 textSep 21
16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH
base="dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-3407451059-1907285946-1511391544-501)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SEARCH RESULT tag=101 err=0
nentries=0 textSep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH
base="ou=People,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=nobody))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=546))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SEARCH RESULT tag=101 err=0
nentries=1 textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SEARCH RESULT tag=101 err=0
nentries=0 textSep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SEARCH RESULT tag=101 err=0
nentries=0 textSep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 closed

-- 
._____________________.
|   \0/    John Stile |
| UniX Administration |
|   / \  510-305-3800 |     
|     john@stilen.com |
.---------------------.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040921/45b7dd1d/attachment.bin
samba - Sep 2004 - join ldap pdc domain "Access is denied."

[Samba] join ldap pdc domain "Access is denied."
