Hello all, I've some problem with my new Samba / Ldap PDC : I cannot join the Domain from Windows (XP) computers Okay, all configuration seem to be okay on the serveur, I can create Users,Computers for samba (and unix) I put here some config file, if someone can help me, I'm on since 5 days, it's my first PDC so I use the tutorial from Idealx (smbldap-howto) getent passwd give me local and ldap account (here are the LDAP account) ... Administrateur:x:0:512:Netbios Domain Administrator:/root:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin bdupuis:x:1005:512:Benjamin Dupuis:/home/data1/samba/bdupuis:/sbin/nologin POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to computer's name? pdbedit -Lv give me samba accout (here is just the Administrator): Unix username: Administrateur NT username: Administrateur Account Flags: [U ] User SID: S-1-5-21-3150904180-1303617548-1471141863-1000 Primary Group SID: S-1-5-21-1911238739-97561441-2706018148-512 Full Name: Administrateur Home Directory: \\PDC-SMB3\homes\Administrator HomeDir Drive: X: Logon Script: logon.bat Profile Path: \\PDC-SMB3\profiles\Administrator\ Domain: ARZUR-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 GMT Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT Password last set: Fri, 18 Mar 2005 16:15:41 GMT Password can change: 0 Password must change: Sat, 25 Jun 2005 17:15:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF init_sam_from_ldap: Entry found for user: nobody Now when I try to join the domain From windows XP, I enter username : bdupuis password: toto domain name : ARZUR-NT computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also) User name: Administrateur password: toto domain name : ARZUR-NT and I have an error Log on Samba : [2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrateur] -> [Administrateur] -> [Administrateur] succeeded [2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575) Closing connections Log on LDAP : Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from IP=127.0.0.1:33002 (IP=0.0.0.0:389) Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0 textMar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH base="dc=arzur,dc=local" scope=2 deref=0 filter="(&(uid=arzur)(objectClass=sambaSamAccount))" Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textMar 18 17:09:00 mastok slapd[5569]: conn=131 fd=8 closed Mar 18 17:09:01 mastok slapd[5569]: conn=132 fd=8 ACCEPT from IP=127.0.0.1:33004 (IP=0.0.0.0:389) Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128 Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0 Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 RESULT tag=97 err=0 textMar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH base="dc=arzur,dc=local" scope=2 deref=0 filter="(&(uid=arzur)(objectClass=sambaSamAccount))" Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textMar 18 17:09:11 mastok slapd[5569]: conn=132 fd=8 closed
Domain: ARZUR-NT
^
|
There's your problem. Get rid of the - in the domain name. Windows
machines can't handle anything other than alpha-numerics in the Domain
name.
Kevin B. McCrory
Network Engineer - COPS
US Government Solutions
13600 EDS Drive
Mail stop: A4S-B21
Herndon, VA 20171
* phone: +01-703-733-3255
* mailto:kevin.mccrory@eds.com
* AKO mailto:kevin.mccrory@us.army.mil
-----Original Message-----
From: samba-bounces+kevin.mccrory=eds.com@lists.samba.org
[mailto:samba-bounces+kevin.mccrory=eds.com@lists.samba.org] On Behalf
Of benjamin.dupuis@armorarena-fr.com
Sent: Friday, March 18, 2005 11:14 AM
To: samba@lists.samba.org
Subject: [Samba] PDC Samba 3+LDAP
Hello all,
I've some problem with my new Samba / Ldap PDC :
I cannot join the Domain from Windows (XP) computers
Okay, all configuration seem to be okay on the serveur, I can create
Users,Computers for samba (and unix)
I put here some config file, if someone can help me, I'm on since 5
days, it's my first PDC so I use the tutorial from Idealx
(smbldap-howto)
getent passwd give me local and ldap account (here are the LDAP account)
... Administrateur:x:0:512:Netbios Domain
Administrator:/root:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
bdupuis:x:1005:512:Benjamin
Dupuis:/home/data1/samba/bdupuis:/sbin/nologin
POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin
POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to
computer's name?
pdbedit -Lv give me samba accout (here is just the Administrator):
Unix username: Administrateur
NT username: Administrateur
Account Flags: [U ]
User SID: S-1-5-21-3150904180-1303617548-1471141863-1000
Primary Group SID: S-1-5-21-1911238739-97561441-2706018148-512
Full Name: Administrateur
Home Directory: \\PDC-SMB3\homes\Administrator
HomeDir Drive: X:
Logon Script: logon.bat
Profile Path: \\PDC-SMB3\profiles\Administrator\
Domain: ARZUR-NT
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 GMT
Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT
Password last set: Fri, 18 Mar 2005 16:15:41 GMT
Password can change: 0
Password must change: Sat, 25 Jun 2005 17:15:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
init_sam_from_ldap: Entry found for user: nobody
Now when I try to join the domain From windows XP,
I enter username : bdupuis
password: toto
domain name : ARZUR-NT
computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also)
User name: Administrateur
password: toto
domain name : ARZUR-NT
and I have an error
Log on Samba :
[2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18
17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
init_group_from_ldap: Entry found for group: 512
[2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [Administrateur] ->
[Administrateur] -> [Administrateur] succeeded
[2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575)
Closing connections
Log on LDAP :
Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from
IP=127.0.0.1:33002 (IP=0.0.0.0:389)
Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND
dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128
Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND
dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0
Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0
text= Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH
base="dc=arzur,dc=local" scope=2 deref=0
filter="(&(uid=arzur)(objectClass=sambaSamAccount))"
Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp
Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textMar 18 17:09:00 mastok slapd[5569]: conn=131 fd=8 closed
Mar 18 17:09:01 mastok slapd[5569]: conn=132 fd=8 ACCEPT from
IP=127.0.0.1:33004 (IP=0.0.0.0:389)
Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND
dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128
Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND
dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0
Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 RESULT tag=97 err=0
text= Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH
base="dc=arzur,dc=local" scope=2 deref=0
filter="(&(uid=arzur)(objectClass=sambaSamAccount))"
Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp
Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textMar 18 17:09:11 mastok slapd[5569]: conn=132 fd=8 closed
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
I have had issues with joining windows servers to domains that have a - in the Domain Name. I ran into the same problem when I was creating an Active Directory Domain and used a - as in opmg-cops.opmg-eds.local. I had nothing but problems. Changed the domain name to opmgcops.opmg-eds.local and it worked fine. When building the Samba PDC/BDC to replace AD I again used a -. The Linux BDC could join the domain but my Windows 2000 and XP machines were getting rejected. Took the - out and they joined fine. My rule of thumb (which I violated this past week) is not to use special characters in the Windows Domain name. It has caused me problems in the past. If its working for you, fantastic. My experience has been to the contrary. If you're just building things, it should be a fairly easy task to change the name. Cheers..... Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:kevin.mccrory@eds.com * AKO mailto:kevin.mccrory@us.army.mil -----Original Message----- From: Prakash Velayutham [mailto:prakash.velayutham@cchmc.org] Sent: Friday, March 18, 2005 4:11 PM To: Mccrory, Kevin B Cc: benjamin.dupuis@armorarena-fr.com; samba@lists.samba.org Subject: Re: [Samba] PDC Samba 3+LDAP Hi, Are you sure about this? Here is my pdbedit -Lv output. Looks like Windows does accept '-' in the domain name. My windows clients join the domain just fine, and the users do login to the PDC without any hitches. Unix username: xxxx NT username: xxxx Account Flags: [U ] User SID: S-1-5-21-709429014-924526411-3950163471-15102 Primary Group SID: S-1-5-21-709429014-924526411-3950163471-513 Full Name: X X - Network User Home Directory: \\MCPILDAP1\homes\winprofile HomeDir Drive: Z: Logon Script: scripts\logon.bat Profile Path: \\MCPILDAP1\homes\winprofile Domain: CMC-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 GMT Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT Password last set: Tue, 08 Mar 2005 17:05:12 GMT Password can change: Tue, 08 Mar 2005 17:05:12 GMT Password must change: Mon, 18 Jan 2038 22:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Prakash Mccrory, Kevin B wrote:>Domain: ARZUR-NT > ^ > | >There's your problem. Get rid of the - in the domain name. Windows >machines can't handle anything other than alpha-numerics in the Domain >name. > > >Kevin B. McCrory >Network Engineer - COPS >US Government Solutions >13600 EDS Drive >Mail stop: A4S-B21 >Herndon, VA 20171 >* phone: +01-703-733-3255 >* mailto:kevin.mccrory@eds.com >* AKO mailto:kevin.mccrory@us.army.mil > > > >-----Original Message----- >From: samba-bounces+kevin.mccrory=eds.com@lists.samba.org >[mailto:samba-bounces+kevin.mccrory=eds.com@lists.samba.org] On Behalf >Of benjamin.dupuis@armorarena-fr.com >Sent: Friday, March 18, 2005 11:14 AM >To: samba@lists.samba.org >Subject: [Samba] PDC Samba 3+LDAP > > >Hello all, > >I've some problem with my new Samba / Ldap PDC : >I cannot join the Domain from Windows (XP) computers > >Okay, all configuration seem to be okay on the serveur, I can create >Users,Computers for samba (and unix) >I put here some config file, if someone can help me, I'm on since 5 >days, it's my first PDC so I use the tutorial from Idealx >(smbldap-howto) > >getent passwd give me local and ldap account (here are the LDAP >account) ... Administrateur:x:0:512:Netbios Domain >Administrator:/root:/sbin/nologin >nobody:x:999:514:nobody:/dev/null:/sbin/nologin >bdupuis:x:1005:512:Benjamin >Dupuis:/home/data1/samba/bdupuis:/sbin/nologin >POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin > >POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to >computer's name? > >pdbedit -Lv give me samba accout (here is just the Administrator): > >Unix username: Administrateur >NT username: Administrateur >Account Flags: [U ] >User SID: S-1-5-21-3150904180-1303617548-1471141863-1000 >Primary Group SID: S-1-5-21-1911238739-97561441-2706018148-512 >Full Name: Administrateur >Home Directory: \\PDC-SMB3\homes\Administrator >HomeDir Drive: X: >Logon Script: logon.bat >Profile Path: \\PDC-SMB3\profiles\Administrator\ >Domain: ARZUR-NT >Account desc: >Workstations: >Munged dial: >Logon time: 0 >Logoff time: Tue, 19 Jan 2038 04:14:07 GMT >Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT >Password last set: Fri, 18 Mar 2005 16:15:41 GMT >Password can change: 0 >Password must change: Sat, 25 Jun 2005 17:15:41 GMT >Last bad password : 0 >Bad password count : 0 >Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >init_sam_from_ldap: Entry found for user: nobody > >Now when I try to join the domain From windows XP, >I enter username : bdupuis >password: toto >domain name : ARZUR-NT > >computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also) > >User name: Administrateur >password: toto >domain name : ARZUR-NT > >and I have an error > >Log on Samba : >[2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened >[2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) > init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18 >17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) > init_group_from_ldap: Entry found for group: 512 >[2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [Administrateur] -> >[Administrateur] -> [Administrateur] succeeded >[2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575) > Closing connections > >Log on LDAP : >Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from >IP=127.0.0.1:33002 (IP=0.0.0.0:389) >Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND >dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128 >Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND >dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0 >Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0 >text= Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH >base="dc=arzur,dc=local" scope=2 deref=0 >filter="(&(uid=arzur)(objectClass=sambaSamAccount))" >Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH attr=uid >uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange >sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn >displayName sambaHomeDrive sambaHomePath sambaLogonScript >sambaProfilePath description sambaUserWorkstations sambaSID >sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName >objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount >sambaBadPasswordTime sambaPasswordHistory modifyTimestamp >sambaLogonHours modifyTimestamp >Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SEARCH RESULT tag=101>err=0 nentries=0 text>Mar 18 17:09:00 mastok slapd[5569]: conn=131 fd=8 closed >Mar 18 17:09:01 mastok slapd[5569]: conn=132 fd=8 ACCEPT from >IP=127.0.0.1:33004 (IP=0.0.0.0:389) >Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND >dn="cn=samba,ou=DSA,dc=arzur,dc=local" method=128 >Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND >dn="cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL" mech=SIMPLE ssf=0 >Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 RESULT tag=97 err=0 >text= Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH >base="dc=arzur,dc=local" scope=2 deref=0 >filter="(&(uid=arzur)(objectClass=sambaSamAccount))" >Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SRCH attr=uid >uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange >sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn >displayName sambaHomeDrive sambaHomePath sambaLogonScript >sambaProfilePath description sambaUserWorkstations sambaSID >sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName >objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount >sambaBadPasswordTime sambaPasswordHistory modifyTimestamp >sambaLogonHours modifyTimestamp >Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=1 SEARCH RESULT tag=101>err=0 nentries=0 text>Mar 18 17:09:11 mastok slapd[5569]: conn=132 fd=8 closed >