benjamin.dupuis@armorarena-fr.com
2005-Mar-21 16:46 UTC
[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
Okay I try this thing : mastok:/etc/samba # smbldap-useradd root mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root mastok:/etc/samba # smbldap-usermod -a root mastok:/etc/samba # smbldap-passwd root ##### Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin ##### Connecting to the domain with account root. Computer Accout created : poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin But Access Deny on my Windows computer :( check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)
On Monday 21 March 2005 09:45, benjamin.dupuis@armorarena-fr.com wrote:> Okay > > I try this thing : > mastok:/etc/samba # smbldap-useradd root > mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root > mastok:/etc/samba # smbldap-usermod -a root > mastok:/etc/samba # smbldap-passwd root > ##### > Administrator:x:998:512:Netbios Domain > Administrator:/home/data1/samba/Administrator:/sbin/nologin > nobody:x:999:514:nobody:/dev/null:/sbin/nologin > root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin > ##### > Connecting to the domain with account root. > Computer Accout created : > poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin > But Access Deny on my Windows computer :( > > check_ntlm_password: authentication for user [root] -> [root] -> > [root] succeeded > [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain ARZUR-NT -> > S-1-5-21-1874299889-3982645529-2160850509 > [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) > init_group_from_ldap: Entry found for group: 515 > [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) > init_ldap_from_sam: Setting entry for user: poil-barebone$ > [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) > ldapsam_modify_entry: Failed to modify user dn> uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It would appear that your Samba configuration does not permit write access to the LDAP server. Did you set the LDAP admin password? This is done using: smbpasswd -w 'secret' - John T.> > [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) > ldapsam_add_sam_account: failed to modify/add user with uid > poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) > [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) > could not add user/computer poil-barebone$ to passdb. Check permissions? > [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
Hi, Did you execute smbpasswd -w <ldap bind password> ? Another thing you're trying to add your Computer with the user root? This user, by default, doesn't belong to the Domain Admins groups. At least not with the scripts provided by smbldap-tools. If so, try adding the machine using the Administrator account. Best Regards, Bruno Guerreiro -----Original Message----- From: benjamin.dupuis@armorarena-fr.com [mailto:benjamin.dupuis@armorarena-fr.com] Sent: segunda-feira, 21 de Mar?o de 2005 16:46 To: samba@lists.samba.org Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o) Okay I try this thing : mastok:/etc/samba # smbldap-useradd root mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root mastok:/etc/samba # smbldap-usermod -a root mastok:/etc/samba # smbldap-passwd root ##### Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin ##### Connecting to the domain with account root. Computer Accout created : poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin But Access Deny on my Windows computer :( check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba