jamurph
2007-Feb-04 01:43 UTC
[Samba] Failed join a domain, root found ok, Administrator not found
I'm trying to join a Windows PC to a domain. I've got a root user set-up
to
add machines to the domain. When prompted by windows, I enter in root and
the password. But I get a windows error dialog, indicating a user was not
found.
However, in the samba log file for the machine I'm trying to connect to the
domain, I can see that the root user was found in ldap, however, for some
reason I can see samba is trying to find another user "Administrator"
entry
in LDAP. There is no entry in ldap for Administrator. Anyone know why it is
looking for this "Administrator" user? I'm relatively comfortable
with LDAP,
but my samba knowledge isn't good to be honest.
I've used smbldap-populate to create entries in LDAP. The entry for the PC
is added to LDAP ok on my attempt to join the domain.
I did change /etc/samba/smbusers and added a mapping for Administrator root, but
this didn't help
Following is more details and log file output
Any help much appreciated
Microsoft Windows Server 2003 Service Pack 1
Samba installed on Centos 4.3
smbd -V =>Version 3.0.22
winbindd -V => Version 3.0.10-1.4E.9
Running Openldap
[2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
Returning domain sid for domain XXXDEV ->
S-1-5-21-3798003437-3932026004-3600456286
[2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
_samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd
-t 1 -w "dev-prefect-1$"' gave 9
[2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614)
Closing connections
# Global parameters
[global]
workgroup = XXXDEV
netbios name = XXXDEV-PDC
security = user
#enable privileges = yes
#interfaces = 10.192.3.21
#username map = /etc/samba/smbusers
server string = Samba Server
encrypt passwords = Yes
#pam password change = no
#obey pam restrictions = No
#ldap passwd sync = Yes
unix password sync = Yes
passwd program = /usr/sbin/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*Result**Success****
# Settings to debug passwd chat
#passwd chat debug = Yes
#debug level = 103
#log level = passdb:5
# Crackcheck settings to allow NT style password complexity checks
check password script = /sbin/crackcheck -c -d
/usr/lib/cracklib_dict
log level = 2
syslog = 0
log file = /var/log/samba/%m.log
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
# logon script = logon.bat
# logon drive = H:
logon home = ""
logon path = ""
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk
ldap suffix = dc=blah,dc=co,dc=uk
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w
"%u"
--
View this message in context:
http://www.nabble.com/Failed-join-a-domain%2C-root-found-ok%2C-Administrator-not-found-tf3160558.html#a8766016
Sent from the Samba - General mailing list archive at Nabble.com.
Jason Baker
2007-Feb-05 13:36 UTC
[Samba] Failed join a domain, root found ok, Administrator not found
Check the file /etc/samba/smbusers and make sure it contains the
following entry:
root = Administrator
This maps the administrator account when joining a domain to the root user.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
On 2/2/2007 7:17 AM, jamurph wrote:> I'm trying to join a Windows PC to a domain. I've got a root user
set-up to
> add machines to the domain. When prompted by windows, I enter in root and
> the password. But I get a windows error dialog, indicating a user was not
> found.
>
> However, in the samba log file for the machine I'm trying to connect to
the
> domain, I can see that the root user was found in ldap, however, for some
> reason I can see samba is trying to find another user
"Administrator" entry
> in LDAP. There is no entry in ldap for Administrator. Anyone know why it is
> looking for this "Administrator" user? I'm relatively
comfortable with LDAP,
> but my samba knowledge isn't good to be honest.
>
> I've used smbldap-populate to create entries in LDAP. The entry for
the PC
> is added to LDAP ok on my attempt to join the domain.
>
> I did change /etc/samba/smbusers and added a mapping for Administrator >
root, but this didn't help
>
> Following is more details and log file output
>
> Any help much appreciated
>
>
> Microsoft Windows Server 2003 Service Pack 1
> Samba installed on Centos 4.3
> smbd -V =>Version 3.0.22
> winbindd -V => Version 3.0.10-1.4E.9
>
> Running Openldap
>
> [2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722)
> smbldap_open_connection: connection opened
> [2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307)
> check_ntlm_password: authentication for user [root] -> [root] ->
[root]
> succeeded
> [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317)
> check_ntlm_password: Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614)
> Closing connections
> [2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722)
> smbldap_open_connection: connection opened
> [2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307)
> check_ntlm_password: authentication for user [root] -> [root] ->
[root]
> succeeded
> [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317)
> check_ntlm_password: Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> [2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
> Returning domain sid for domain XXXDEV ->
> S-1-5-21-3798003437-3932026004-3600456286
> [2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
> _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd
> -t 1 -w "dev-prefect-1$"' gave 9
> [2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614)
> Closing connections
>
>
>
> # Global parameters
> [global]
> workgroup = XXXDEV
> netbios name = XXXDEV-PDC
> security = user
> #enable privileges = yes
> #interfaces = 10.192.3.21
> #username map = /etc/samba/smbusers
> server string = Samba Server
> encrypt passwords = Yes
> #pam password change = no
> #obey pam restrictions = No
> #ldap passwd sync = Yes
> unix password sync = Yes
> passwd program = /usr/sbin/ldap_userPassword_change %u
> passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
> *Result**Success****
> # Settings to debug passwd chat
> #passwd chat debug = Yes
> #debug level = 103
> #log level = passdb:5
> # Crackcheck settings to allow NT style password complexity checks
> check password script = /sbin/crackcheck -c -d
> /usr/lib/cracklib_dict
> log level = 2
> syslog = 0
> log file = /var/log/samba/%m.log
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
> # logon script = logon.bat
> # logon drive = H:
> logon home = ""
> logon path = ""
> domain logons = Yes
> domain master = Yes
> os level = 65
> preferred master = Yes
> wins support = yes
> passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
> ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk
> ldap suffix = dc=blah,dc=co,dc=uk
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
> add user script = /opt/IDEALX/sbin/smbldap-useradd -m
"%u"
> #ldap delete dn = Yes
> delete user script = /opt/IDEALX/sbin/smbldap-userdel
"%u"
> add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w
"%u"
>
>