thr3ads.net - samba - [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o) [Mar 2005]

If this information is useful, please help other people find it:
Share via:

benjamin.dupuis@armorarena-fr.com

2005-Mar-21 16:46 UTC

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

Okay

I try this thing :
mastok:/etc/samba # smbldap-useradd root
mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
mastok:/etc/samba # smbldap-usermod -a root
mastok:/etc/samba # smbldap-passwd root
#####
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
#####
Connecting to the domain with account root.
Computer Accout created : 
poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
But Access Deny on my Windows computer :(

 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
  init_group_from_ldap: Entry found for group: 515
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
  init_ldap_from_sam: Setting entry for user: poil-barebone$
[2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
  ldapsam_modify_entry: Failed to modify user dn= 
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access
 
[2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
  ldapsam_add_sam_account: failed to modify/add user with uid = 
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
[2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
  could not add user/computer poil-barebone$ to passdb.  Check permissions?
[2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

John H Terpstra

2005-Mar-21 17:02 UTC

head link

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

On Monday 21 March 2005 09:45, benjamin.dupuis@armorarena-fr.com
wrote:> Okay
>
> I try this thing :
> mastok:/etc/samba # smbldap-useradd root
> mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
> mastok:/etc/samba # smbldap-usermod -a root
> mastok:/etc/samba # smbldap-passwd root
> #####
> Administrator:x:998:512:Netbios Domain
> Administrator:/home/data1/samba/Administrator:/sbin/nologin
> nobody:x:999:514:nobody:/dev/null:/sbin/nologin
> root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
> #####
> Connecting to the domain with account root.
> Computer Accout created :
> poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
> But Access Deny on my Windows computer :(
>
>  check_ntlm_password:  authentication for user [root] -> [root] ->
> [root] succeeded
> [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>   Returning domain sid for domain ARZUR-NT ->
> S-1-5-21-1874299889-3982645529-2160850509
> [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
>   init_group_from_ldap: Entry found for group: 515
> [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
>   init_ldap_from_sam: Setting entry for user: poil-barebone$
> [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
>   ldapsam_modify_entry: Failed to modify user dn>
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It would appear that your Samba configuration does not permit write access to 
the LDAP server. Did you set the LDAP admin password? This is done using:

	smbpasswd -w 'secret'

- John T.
>
> [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
>   ldapsam_add_sam_account: failed to modify/add user with uid >
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
> [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
>   could not add user/computer poil-barebone$ to passdb.  Check permissions?
> [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

Bruno Guerreiro

2005-Mar-21 17:07 UTC

head link

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

Hi,
Did you execute smbpasswd -w <ldap bind password> ?
Another thing you're trying to add your Computer with the user root?
This user, by default, doesn't belong to the Domain Admins groups. At least
not with the scripts provided by smbldap-tools.
If so, try adding the machine using the Administrator account.

Best Regards,
Bruno Guerreiro

-----Original Message-----
From: benjamin.dupuis@armorarena-fr.com
[mailto:benjamin.dupuis@armorarena-fr.com]
Sent: segunda-feira, 21 de Mar?o de 2005 16:46
To: samba@lists.samba.org
Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)


Okay

I try this thing :
mastok:/etc/samba # smbldap-useradd root
mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
mastok:/etc/samba # smbldap-usermod -a root
mastok:/etc/samba # smbldap-passwd root
#####
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
#####
Connecting to the domain with account root.
Computer Accout created : 
poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
But Access Deny on my Windows computer :(

 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
  init_group_from_ldap: Entry found for group: 515
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
  init_ldap_from_sam: Setting entry for user: poil-barebone$
[2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
  ldapsam_modify_entry: Failed to modify user dn= 
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access
 
[2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
  ldapsam_add_sam_account: failed to modify/add user with uid = 
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
[2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
  could not add user/computer poil-barebone$ to passdb.  Check permissions?
[2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reasonably Related Threads

Search for more possibly parallel threads

samba - Mar 2005 - SAMBA3 + LDAP = PDC => ROUND 4 ;o)

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

Reasonably Related Threads