samba - Aug 2009 - samba with ldap PDC cannot join my windows to domain?

Hi people.

  I have been working with samba+ldap = PDC in my test netwwork. I had
follow the good tutorial: Samba By Example, chapter 5, I had done all
the test the book say and no issues.

  I have 2 issues:

1; I cannot see my domain at my windows browser.
2; I cannot add my windows xp pro to my domain.

  I have been trying to see if I could find the solution but nothing
yet, there is the reason I send this email.

  My server is Centos 5.3 latest one all the packages are the current
from centos.

  Ldap looks that is working, because all my test from the book pass,
and the same with samba.

  Went I try to add one Winbox to the domain I receive this:

  "The following error occurred attempting to join the domain
"MyDomain"
  "The network path as not found"

  My smb.conf is this:

[global]
        dos charset = 850
        unix charset = ISO8859-1
        display charset = ISO8859-1
        workgroup = RMAI
        netbios name = RMAIPDC
        server string = Samba Server on %L
        os level = 33
        remote announce = 192.168.50.255
        interfaces = eth0,lo
        bind interfaces only = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        allow hosts = 192.168.50.0/24 127.0.0.1
        admin users = Manager @"Domain Admins"
        passdb backend = ldapsam:ldap://127.0.0.1
        enable privileges = Yes
        username map = /etc/samba/smbusers
        log level = 6
        syslog = 1
        log file = /var/log/samba/%m.log
        max log size = 100
        smb ports = 139 445
        name resolve order = wins bcast hosts
        time server = No
        #printcap name = CUPS
        show add printer wizard = No
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        #logon script = scripts\logon.bat
        #logon path = \\%L\profiles\%U
        #logon drive = X:
        domain logons = Yes
        domain master = Yes
        preferred master = Yes
        wins support = Yes
        ##########LDAP###################
        ldap suffix = dc=rmai,dc=local
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Manager,dc=rmai,dc=local
        idmap backend = ldap:ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        #################################
        map acl inherit = Yes
        cups options = ""

[homes]
        comment = RMAI Home Directories
        browseable = No
        writeable = Yes
        read only = No
        create mask = 0664
        browseable = No
        valid users = %U

[profiles]
        path = /home/samba/profiles
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
        browseable = No
        writeable = Yes
        guest ok = No

The stuff I can see at the log files is this:

windows-box.log
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              004c uni_max_len: 0000000c
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0050 offset     : 00000000
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0054 uni_str_len: 0000000c
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              0058 buffer     : F.A.M.-.C.H.O.R.I.Z.O...
[2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000070 smb_io_chal
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0070 data: 03 a3 f4 30 4b c7 3c 90
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_auth
[2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_chal
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0000 data: 00 00 00 00 00 00 00 00
[2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      0008 status: NT_STATUS_ACCESS_DENIED
[2009/08/11 16:40:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
  api_rpcTNP: called NETLOGON successfully
[2009/08/11 16:40:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 70

I will increase the debug level and give u more info.

Thanks for your time!!!

-- 
LIving the dream...

Alberto Moreno wrote:
 >   Hi people.
 >
 >   I have been working with samba+ldap = PDC in my test netwwork. I had
 > follow the good tutorial: Samba By Example, chapter 5, I had done all
 > the test the book say and no issues.
 >
 >   I have 2 issues:
 >
 > 1; I cannot see my domain at my windows browser.
 > 2; I cannot add my windows xp pro to my domain.
 >
 >   I have been trying to see if I could find the solution but nothing
 > yet, there is the reason I send this email.
 >
 >   My server is Centos 5.3 latest one all the packages are the current
 > from centos.
 >
 >   Ldap looks that is working, because all my test from the book pass,
 > and the same with samba.
 >
 >   Went I try to add one Winbox to the domain I receive this:
 >
 >   "The following error occurred attempting to join the domain
"MyDomain"
 >   "The network path as not found"
 >
 >   My smb.conf is this:
 >
 >  ...
 >
 >    wins support = Yes

The clients will try to locate a DC for your domain via wins and 
broadcast. If neither of these works, it will fail.

Seems like you configured the samba box to be a WINS server. Did you add 
  its IP address under WINS in the TCP/IP settings on the client machines?

-- 
Deyan Stoykov, dstoykov at ru.acad.bg
University of Rousse, BG-7017

On Tue, Aug 11, 2009 at 11:20 PM, Deyan Stoykov<dstoykov at ru.acad.bg>
wrote:
> Alberto Moreno wrote:
>> ? Hi people.
>>
>> ? I have been working with samba+ldap = PDC in my test netwwork. I had
>> follow the good tutorial: Samba By Example, chapter 5, I had done all
>> the test the book say and no issues.
>>
>> ? I have 2 issues:
>>
>> 1; I cannot see my domain at my windows browser.
>> 2; I cannot add my windows xp pro to my domain.
>>
>> ? I have been trying to see if I could find the solution but nothing
>> yet, there is the reason I send this email.
>>
>> ? My server is Centos 5.3 latest one all the packages are the current
>> from centos.
>>
>> ? Ldap looks that is working, because all my test from the book pass,
>> and the same with samba.
>>
>> ? Went I try to add one Winbox to the domain I receive this:
>>
>> ? "The following error occurred attempting to join the domain
"MyDomain"
>> ? "The network path as not found"
>>
>> ? My smb.conf is this:
>>
>> ?...
>>
>> ? ?wins support = Yes
>
> The clients will try to locate a DC for your domain via wins and broadcast.
> If neither of these works, it will fail.
>
> Seems like you configured the samba box to be a WINS server. Did you add
> ?its IP address under WINS in the TCP/IP settings on the client machines?
>
> --
> Deyan Stoykov, dstoykov at ru.acad.bg
> University of Rousse, BG-7017
>
  Yes, I setup my DHCP server to give the WINS IP.

-- 
LIving the dream...

Alberto,

You will need a [netlogon] share.

I used these tutorials for my setup, taking the best from both.  I know 
they can work.
I did skip the [profiles] share, as I didn't want roaming profiles.
http://wiki.makethemove.net/index.php?title=LDAP-Samba
https://help.ubuntu.com/community/OpenLDAP-SambaPDC-OrgInfo-Posix

Compare these to what you've done; see if anything was missed.

Dale


Alberto Moreno wrote:
>   Hi people.
>
>   I have been working with samba+ldap = PDC in my test netwwork. I had
> follow the good tutorial: Samba By Example, chapter 5, I had done all
> the test the book say and no issues.
>
>   I have 2 issues:
>
> 1; I cannot see my domain at my windows browser.
> 2; I cannot add my windows xp pro to my domain.
>
>   I have been trying to see if I could find the solution but nothing
> yet, there is the reason I send this email.
>
>   My server is Centos 5.3 latest one all the packages are the current
> from centos.
>
>   Ldap looks that is working, because all my test from the book pass,
> and the same with samba.
>
>   Went I try to add one Winbox to the domain I receive this:
>
>   "The following error occurred attempting to join the domain
"MyDomain"
>   "The network path as not found"
>
>   My smb.conf is this:
>
> [global]
>         dos charset = 850
>         unix charset = ISO8859-1
>         display charset = ISO8859-1
>         workgroup = RMAI
>         netbios name = RMAIPDC
>         server string = Samba Server on %L
>         os level = 33
>         remote announce = 192.168.50.255
>         interfaces = eth0,lo
>         bind interfaces only = Yes
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         allow hosts = 192.168.50.0/24 127.0.0.1
>         admin users = Manager @"Domain Admins"
>         passdb backend = ldapsam:ldap://127.0.0.1
>         enable privileges = Yes
>         username map = /etc/samba/smbusers
>         log level = 6
>         syslog = 1
>         log file = /var/log/samba/%m.log
>         max log size = 100
>         smb ports = 139 445
>         name resolve order = wins bcast hosts
>         time server = No
>         #printcap name = CUPS
>         show add printer wizard = No
>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>         delete user script = /usr/sbin/smbldap-userdel "%u"
>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m
"%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g
"%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>         #logon script = scripts\logon.bat
>         #logon path = \\%L\profiles\%U
>         #logon drive = X:
>         domain logons = Yes
>         domain master = Yes
>         preferred master = Yes
>         wins support = Yes
>         ##########LDAP###################
>         ldap suffix = dc=rmai,dc=local
>         ldap machine suffix = ou=Computers
>         ldap user suffix = ou=People
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap admin dn = cn=Manager,dc=rmai,dc=local
>         idmap backend = ldap:ldap://127.0.0.1
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         #################################
>         map acl inherit = Yes
>         cups options = ""
>
> [homes]
>         comment = RMAI Home Directories
>         browseable = No
>         writeable = Yes
>         read only = No
>         create mask = 0664
>         browseable = No
>         valid users = %U
>
> [profiles]
>         path = /home/samba/profiles
>         read only = No
>         store dos attributes = Yes
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         writeable = Yes
>         guest ok = No
>
> The stuff I can see at the log files is this:
>
> windows-box.log
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               004c uni_max_len: 0000000c
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               0050 offset     : 00000000
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710)
>               0054 uni_str_len: 0000000c
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
>               0058 buffer     : F.A.M.-.C.H.O.R.I.Z.O...
> [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
>       000070 smb_io_chal
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
>           0070 data: 03 a3 f4 30 4b c7 3c 90
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 net_io_r_auth
> [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84)
>       000000 smb_io_chal
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
>           0000 data: 00 00 00 00 00 00 00 00
> [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
>       0008 status: NT_STATUS_ACCESS_DENIED
> [2009/08/11 16:40:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
>   api_rpcTNP: called NETLOGON successfully
> [2009/08/11 16:40:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
>   free_pipe_context: destroying talloc pool of size 70
>
> I will increase the debug level and give u more info.
>
> Thanks for your time!!!
>
>

On Mittwoch, 12. August 2009 wrote Alberto Moreno:
>   Hi people.
>
>   I have been working with samba+ldap = PDC in my test netwwork. I
> had follow the good tutorial: Samba By Example, chapter 5, I had done
> all the test the book say and no issues.
>
>   I have 2 issues:
>
> 1; I cannot see my domain at my windows browser.
> 2; I cannot add my windows xp pro to my domain.
>
>   I have been trying to see if I could find the solution but nothing
> yet, there is the reason I send this email.
>
>   My server is Centos 5.3 latest one all the packages are the current
> from centos.
>
>   Ldap looks that is working, because all my test from the book pass,
> and the same with samba.
>
>   Went I try to add one Winbox to the domain I receive this:
>
>   "The following error occurred attempting to join the domain
> "MyDomain" "The network path as not found"
Maybe, it helps:
Try the domain "RMAI".
>   My smb.conf is this:
>
> [global]
>         dos charset = 850
>         unix charset = ISO8859-1
>         display charset = ISO8859-1
>         workgroup = RMAI
>
> Thanks for your time!!!
>
> --
> LIving the dream...


-- 

Gruss
	Harry Jede