Marcin Giedz
2007-Jul-26 15:30 UTC
[Samba] unix password sync causes domain joining problem?
Hello, Today I've been trying to set up new test based on 3.0.25b. In some ways I've managed to join Windows machines to domain but not linux machine. All the time I get: test1:/etc# /opt/samba-3.0.25b/bin/net rpc join -U giedz%qwerty [2007/07/26 19:11:21, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(304) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain GIEDZ. test1:/etc# I checked test1.log file and got: [2007/07/26 17:19:59, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/07/26 17:19:59, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Thu Jul 26 17:26:37 2007 [2007/07/26 17:19:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is TEST1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [test1$]! [2007/07/26 17:19:59, 1] rpc_server/srv_samr_nt.c:set_user_info_pw(3410) chgpasswd: Username does not exist in system !?! [2007/07/26 17:19:59, 3] smbd/chgpasswd.c:chgpasswd(462) chgpasswd: Password change (as_root=Yes) for user: test1$ [2007/07/26 17:19:59, 0] smbd/chgpasswd.c:chgpasswd(521) chgpasswd: user test1$ doesn't exist in the UNIX password database. [2007/07/26 17:19:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (1001, 513) - sec_ctx_stack_ndx = 0 [2007/07/26 17:19:59, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2007/07/26 17:19:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0000 status: NT_STATUS_ACCESS_DENIED Really strange...why UNIX password database since I have LDAP. In my smb.conf file I have: ldap passwd sync = No unix password sync = Yes passwd program = /opt/samba-3.0.25b/bin/spasswd.pl -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n Looks normal. However "unix password sync = Yes" prevents me from joining linux machine to domain. When I remove the line I can join domain well. I also found that if "unix password sync = Yes" my LDAP gets queries regarding test1$ (machine name) in ou=people tree which seems like a mistake/bug? Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SRCH base="ou=people,dc=giedz,dc=pl" scope=1 deref=0 filter="(&(objec tClass=posixAccount)(uid=test1$))" Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory login Shell gecos description objectClass Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text .... or maybe I do something wrong? Can you please correct me or confirm this strange behaviour. Regards, Marcin -- ARISE M.Giedz, T.?ebru? sp.j. http: www.arise.pl mail: giedz@arise.pl tel: +48 502 537 157