thr3ads.net - samba - [Samba] Joining Windows XP client to Samba 3 domain: Access denied [Nov 2009]

If this information is useful, please help other people find it:
Share via:

Christian Geiger

2009-Nov-09 16:31 UTC

[Samba] Joining Windows XP client to Samba 3 domain: Access denied

Hi all!

When I try to join a Windows XP client to a Samba 3 domain I get an 
access denied error. Below's my configuration and a snippet from the log 
file. Has someone an idea what I need to change / do in order to be able 
to join the domain from Windows?

Thx in advance for your help!

Chris


snippet from log.smbd:

[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(487)
   netbios connect: name1=DC              name2=EMCO-TEST
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(494)
   netbios connect: local=dc remote=emco-test, name type = 0
[2009/11/09 17:26:24,  0] lib/util_sock.c:write_data(1136)
[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
   write_data: write failure in writing to client 0.0.0.0. Error 
Connection reset
  by peer
[2009/11/09 17:26:24,  0] smbd/process.c:srv_send_smb(74)
   Error writing 4 bytes to client. -1. (Transport endpoint is not 
connected)
[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2009/11/09 17:26:24,  2] lib/smbldap.c:smbldap_open_connection(800)
   smbldap_open_connection: connection opened
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: mg
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] auth/auth.c:check_ntlm_password(308)
   check_ntlm_password:  authentication for user [mg] -> [mg] -> [mg] 
succeeded
[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)
   pdb_create_builtin_alias: Could not add group mapping entry for alias 
544 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(450)
   WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind 
allocate
gids?
[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)
   pdb_create_builtin_alias: Could not add group mapping entry for alias 
545 (NT_
STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(474)
   WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
   Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)
   Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121
0167058
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
   init_group_from_ldap: Entry found for group: 10000


snippet from log.winbindd:

[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_interface_version(75
4)
   [19549]: request interface version
[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(787)
   [19549]: request location of privileged pipe
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
   final write to client failed: Broken pipe
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
   [19549]: ping
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
   [19549]: ping
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
   final write to client failed: Broken pipe


testparm:

root at domain-controller:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
         workgroup = LOHRMANN.DE
         netbios name = DC
         passdb backend = ldapsam
         log level = 2
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         ldap admin dn = cn=samba,dc=lohrmann,dc=de
         ldap group suffix = ou=groups
         ldap idmap suffix = ou=idmaps
         ldap machine suffix = ou=machines
         ldap passwd sync = yes
         ldap suffix = dc=lohrmann,dc=de
         ldap ssl = no
         ldap user suffix = ou=users
         idmap backend = ldap
         idmap alloc backend = ldap
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         ldapsam:editposix = yes
         ldapsam:trusted = yes
         idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
         idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
         idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
root at domain-controller:/var/log/samba#

Vinicius Abrahao

2010-Jan-04 00:52 UTC

head link

[Samba] Joining Windows XP client to Samba 3 domain: Access denied

On Mon, Nov 9, 2009 at 2:31 PM, Christian Geiger <c.geiger at lohrmann.de>
wrote:> Hi all!
>
> When I try to join a Windows XP client to a Samba 3 domain I get an access
> denied error. Below's my configuration and a snippet from the log file.
Has
> someone an idea what I need to change / do in order to be able to join the
> domain from Windows?
>
> Thx in advance for your help!
>
> Chris
Hi Chris, how are you?

Happy 2010, btw!!  Sorry for importune you&&list with a topic about 2
months ago, but...

I'm had this same problem with my samba. What Is your ambient?
Mine is: FreeBSD 8-STABLE
Samba 3.3.9
Openldap: 2.4.21 (I note that you are using LDAP-base too).

Do you have best luck with this, since your report?

I'll try to REinstall this service from scratch, in this week. Cause I'm
pretty sure that service had work here (at 3.3.7 version /freebsd 7.1) but
been honest I dont remember (it's a test lab, not a production).

By the way, shares(smbd), are working very well(production too,
authenticate on AD) and I can
easily share files at my win/mac/nix network without any problems!
With an web ldap
administration (LAM) is great to delegate (or at  least get a help )
the administration of these
"little rain forests".

Congrats community!

Best wishes!
Vin?cius A. Schmidt [vinnix at triariusBR]

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Nov 2009 - Joining Windows XP client to Samba 3 domain: Access denied

[Samba] Joining Windows XP client to Samba 3 domain: Access denied

[Samba] Joining Windows XP client to Samba 3 domain: Access denied

Possibly Parallel Threads