I cannot join my WinXP workstation computers to the Samba domain. Using the Computer Name / Change on the XP computer gives me an error saying that the username or password is incorrect - except very occasionally when it works although I do nothing different! I have noticed that on when it works there is a machine record set up in LDAP with Samba data as follows:- dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk uid: leem-q4hw$ sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090 sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107 displayName: leem-q4hw$ objectClass: sambaSamAccount objectClass: account creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk createTimestamp: 20051109143944Z sambaPwdCanChange: 1131547184 sambaPwdMustChange: 2147483647 sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B sambaPwdLastSet: 1131547184 sambaAcctFlags: [W ] modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk modifyTimestamp: 20051109143944Z But the rest of the time, when it doesn't work, I get an LDAP entry without any Samba data like this:- dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: commaint-df398$ sn: commaint-df398$ uid: commaint-df398$ uidNumber: 1046 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk createTimestamp: 20051116130633Z modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk modifyTimestamp: 20051116130633Z I have experimented with various combinations of root# ./smbldap-useradd -a -w compname$ to see if I can get the record set up with the Samba data, but no luck. I now have 2 servers both of which show the same symptom. Tony
On Monday 21 November 2005 10:39, Tony Austin wrote:> I cannot join my WinXP workstation computers to the Samba domain. Using > the Computer Name / Change on the XP computer gives me an error saying > that the username or password is incorrect - except very occasionally when > it works although I do nothing different!Have you been following the Samba documentation? Suggest you follow chapter 5 of the book "Samba-3 by Example, second edition". This book is available from Amazon.Com under ISBN: 013188221X Alternately, you can download this book from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Please contact me directly with details of any steo that fails. The documentation provides extensively documented configuration files and includes, in section 5.1.3.7, detailed diagnostic guidance. - John T.> I have noticed that on when it works there is a machine record set up in > LDAP with Samba data as follows:- > > dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk > uid: leem-q4hw$ > sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090 > sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107 > displayName: leem-q4hw$ > objectClass: sambaSamAccount > objectClass: account > creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk > createTimestamp: 20051109143944Z > sambaPwdCanChange: 1131547184 > sambaPwdMustChange: 2147483647 > sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B > sambaPwdLastSet: 1131547184 > sambaAcctFlags: [W ] > modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk > modifyTimestamp: 20051109143944Z > > But the rest of the time, when it doesn't work, I get an LDAP entry > without any Samba data like this:- > > dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > cn: commaint-df398$ > sn: commaint-df398$ > uid: commaint-df398$ > uidNumber: 1046 > gidNumber: 553 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk > createTimestamp: 20051116130633Z > modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk > modifyTimestamp: 20051116130633Z > > I have experimented with various combinations of > > root# ./smbldap-useradd -a -w compname$ > > to see if I can get the record set up with the Samba data, but no luck. > > I now have 2 servers both of which show the same symptom. > > Tony
> Tony Austin wrote: > >>I cannot join my WinXP workstation computers to the Samba domain. Usingthe Computer Name / Change on the XP computer gives me an error saying that the username or password is incorrect - except very occasionally>> when >>it works although I do nothing different! >>I have noticed that on when it works there is a machine record set up inLDAP with Samba data as follows:->>dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk >>uid: leem-q4hw$ >>sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090 >>sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107displayName: leem-q4hw$>>objectClass: sambaSamAccount >>objectClass: account >>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk >>createTimestamp: 20051109143944Z >>sambaPwdCanChange: 1131547184 >>sambaPwdMustChange: 2147483647 >>sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B >>sambaPwdLastSet: 1131547184 >>sambaAcctFlags: [W ] >>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk >>modifyTimestamp: 20051109143944Z >>But the rest of the time, when it doesn't work, I get an LDAP entrywithout any Samba data like this:->>dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk >>objectClass: top >>objectClass: inetOrgPerson >>objectClass: posixAccount >>cn: commaint-df398$ >>sn: commaint-df398$ >>uid: commaint-df398$ >>uidNumber: 1046 >>gidNumber: 553 >>homeDirectory: /dev/null >>loginShell: /bin/false >>description: Computer >>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk >>createTimestamp: 20051116130633Z >>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk >>modifyTimestamp: 20051116130633Z >>I have experimented with various combinations of >>root# ./smbldap-useradd -a -w compname$ >>to see if I can get the record set up with the Samba data, but no luck.I now have 2 servers both of which show the same symptom.>>Tony > Hi Tony, > > Recently I have come across your problem though i have a > similar setup running on different server for a different domain. Thereare two things that I have observed causing this problem:> > 1) When the smb & nmb server is restarted too many times teh > database is getting corrupted. So, I have deleted the samba files frmthe /var/spool/samba before restarting the service and added the administrator (root in my case) again.> 2) For a weird reason the administrator is not added to the > smb backend database. > > I am using the OpenLDAP backend, and so the password must be added tothe secrets.tdb using smbpasswd -w yourpassword (must be ldap binddn password). Also, check the log.smbd and log.<your client computer name>, that helps a lot in narrowing the problem.> > cheers, > pavan. > > > -- > Pavan Krishna LI checked these points, but I don't think it is the cause of the problem in my case. I start by making sure the machine record does not exist in LDAP:- [root@phoenix-srv1 sbin]# ./smbldap-usershow.pl winxp$ ./smbldap-usershow.pl: user winxp$ doesn't exist I then use the Wizard on machine winxp, entering Administrator as the username and giving the correct password Windows responds "unknown username or bad password" and /var/log/samba/winxp shows:- [2005/11/22 13:36:02, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516) ldapsam_modify_entry: Failed to add user dnuid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com with: Already exists [2005/11/22 13:36:02, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1948) ldapsam_add_sam_account: failed to modify/add user with uid = winxp$ (dn = uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com) [2005/11/22 13:36:02, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer winxp$ to passdb. Check permissions? and an entry is added to LDAP:- [root@phoenix-srv1 sbin]# ./smbldap-usershow.pl winxp$ dn: uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com objectClass: top,inetOrgPerson,posixAccount cn: winxp$ sn: winxp$ uid: winxp$ uidNumber: 1001 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer Using the Change Name button in Windows gives exactly the same results. Both Windows and Samba seem to be complaining about permissions. Where should I be looking? Tony