Bert_De_Ridder@peopleware.be
2005-Jan-18 15:09 UTC
[Samba] Problem adding user to Administrator list
Hi, all, We are using Samba 3.0.10 with an LDAP backend. It's been working fine for a long time. One strange thing that has come up today : I cannot add 1 specific domain user to the local Administrator group of Windows servers that are also in the domain. Adding the user to the admin group on a workstation works just fine. Adding other users to the admin group on the Windows servers works fine as well. It is just this one user that is being refused. This is the logging from Samba : (for the failing user edockx) [2005/01/18 15:37:00, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: edockx [2005/01/18 15:37:00, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: edockx [2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: edockx [2005/01/18 15:37:00, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: edockx This is the logging for another user : [2005/01/18 15:37:16, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 100 [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 100 [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 100 [2005/01/18 15:37:16, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PEOPLEWARE -> S-1-5-21-2146849782-3868185098-1 958755654 [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez [2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: bpottiez Any thoughts ? (Sorry about the lengthy message) Regards, Bert De Ridder PeopleWare NV - Head Office Cdt.Weynsstraat 85 B-2660 Hoboken Tel: +32 3 448.33.38 Fax: +32 3 448.32.66 PeopleWare NV - Branch Office Geel Kleinhoefstraat 5 B-2440 Geel Tel: +32 14 57.00.90 Fax: +32 14 58.13.25 http://www.peopleware.be http://www.mobileware.be
Bert_De_Ridder@peopleware.be
2005-Jan-18 15:32 UTC
[Samba] Problem adding user to Administrator list - part 2
It gets even weirder than that : it seems that this particular user has
not been authentication against the PDC for some time now; (so, using
cached data from his pc)
If he tries to log on to another machine in the domain, the machine
complaints that the domain is not available.
("The system cannot log you on now because the domain PEOPLEWARE is not
available")
NO entries are being made in the samba logs.
Regards,
Bert De Ridder
PeopleWare NV - Head Office
Cdt.Weynsstraat 85
B-2660 Hoboken
Tel: +32 3 448.33.38
Fax: +32 3 448.32.66
PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25
http://www.peopleware.be
http://www.mobileware.be
Bert_De_Ridder@peopleware.be
Sent by: samba-bounces+bdr=peopleware.be@lists.samba.org
18/01/2005 16:09
To
samba@lists.samba.org
cc
Subject
[Samba] Problem adding user to Administrator list
Hi, all,
We are using Samba 3.0.10 with an LDAP backend.
It's been working fine for a long time.
One strange thing that has come up today : I cannot add 1 specific domain
user to the local Administrator group of Windows servers that are also in
the domain.
Adding the user to the admin group on a workstation works just fine.
Adding other users to the admin group on the Windows servers works fine as
well.
It is just this one user that is being refused.
This is the logging from Samba : (for the failing user edockx)
[2005/01/18 15:37:00, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: edockx
This is the logging for another user :
[2005/01/18 15:37:16, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PEOPLEWARE ->
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: bpottiez
Any thoughts ?
(Sorry about the lengthy message)
Regards,
Bert De Ridder
PeopleWare NV - Head Office
Cdt.Weynsstraat 85
B-2660 Hoboken
Tel: +32 3 448.33.38
Fax: +32 3 448.32.66
PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25
http://www.peopleware.be
http://www.mobileware.be
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Tomasz Chmielewski
2005-Jan-18 15:35 UTC
[Samba] Problem adding user to Administrator list - part 2
Bert_De_Ridder@peopleware.be wrote:> It gets even weirder than that : it seems that this particular user has > not been authentication against the PDC for some time now; (so, using > cached data from his pc) > If he tries to log on to another machine in the domain, the machine > complaints that the domain is not available. > ("The system cannot log you on now because the domain PEOPLEWARE is not > available") > > NO entries are being made in the samba logs.I had similar symptoms when there were problems with name resolution and too restrictive firewall ("The system cannot log you on now because the domain PEOPLEWARE is not available", NO entries are being made in the samba logs). Tomek
Hi, i noticed this too at my last ldap pdc smb setup with 3.0.10 i cant add any user to the Administrators group, this worked in former versions of samba with an equal ldap setup, i opened a bug in bugzilla about that. But maybe this is now by design , and i missed a changelog entry about that Regards . Bert_De_Ridder@peopleware.be schrieb:>Hi, all, > >We are using Samba 3.0.10 with an LDAP backend. >It's been working fine for a long time. > >One strange thing that has come up today : I cannot add 1 specific domain >user to the local Administrator group of Windows servers that are also in >the domain. >Adding the user to the admin group on a workstation works just fine. >Adding other users to the admin group on the Windows servers works fine as >well. > >It is just this one user that is being refused. > >This is the logging from Samba : (for the failing user edockx) > >[2005/01/18 15:37:00, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: edockx >[2005/01/18 15:37:00, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: edockx >[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: edockx >[2005/01/18 15:37:00, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: edockx > >This is the logging for another user : > >[2005/01/18 15:37:16, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) > init_group_from_ldap: Entry found for group: 100 >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) > init_group_from_ldap: Entry found for group: 100 >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) > init_group_from_ldap: Entry found for group: 100 >[2005/01/18 15:37:16, 2] >rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain PEOPLEWARE -> >S-1-5-21-2146849782-3868185098-1 >958755654 >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez >[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) > init_sam_from_ldap: Entry found for user: bpottiez > >Any thoughts ? > >(Sorry about the lengthy message) > > > > >Regards, > >Bert De Ridder > >PeopleWare NV - Head Office >Cdt.Weynsstraat 85 >B-2660 Hoboken >Tel: +32 3 448.33.38 >Fax: +32 3 448.32.66 > >PeopleWare NV - Branch Office Geel >Kleinhoefstraat 5 >B-2440 Geel >Tel: +32 14 57.00.90 >Fax: +32 14 58.13.25 > >http://www.peopleware.be >http://www.mobileware.be > >