Todd E Thomas
2010-Nov-14 23:22 UTC
[Samba] A device attached to the system is not functioning (smbd -V 3.5.x)
Howdy,
I'm having one last problem with my Samba PDC with an ldap backend. When
I add a machine to the domain I get the error, on my Win7 test client,
that says:
The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.
Here are some particulars:
# smbd -V
Version 3.5.6 (configured sernet repo to install latest packages)
I'm using OpenLDAP v2.4.23
# cat /etc/redhat-release
CentOS release 5.5 (Final)
The Win7 client is a VM in VirtualBox. It does, in fact, have a device
with no driver (sound card).
---
After adding the client to the domain and entering UN/PW, these are
logged entries:
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.344804, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[admingear]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345033, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[apps]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345199, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[docs]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345352, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[homes]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345543, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[netlogon]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345689, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[printers]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.346143, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[print$]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.431008, 1]
param/loadparm.c:7605(lp_do_parameter)
Nov 14 16:37:26 hostname smbd[18542]: WARNING: The "printer admin"
option is deprecated
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.498046, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[public]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.573629, 2]
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]: cups_async_callback: failed to
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.649941, 2]
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]: cups_async_callback: failed to
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.701745, 2]
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]: added interface lo ip=127.0.0.1
bcast=127.255.255.255 netmask=255.0.0.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.768676, 2]
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]: added interface eth0 ip=10.0.0.4
bcast=10.0.0.255 netmask=255.255.255.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.838027, 2]
lib/access.c:406(check_access)
Nov 14 16:37:26 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.912057, 2]
smbd/reply.c:554(reply_special)
Nov 14 16:37:26 hostname smbd[18542]: netbios connect:
name1=ZERVER 0x20 name2=7TEST1 0x0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.978893, 2]
smbd/reply.c:565(reply_special)
Nov 14 16:37:27 hostname smbd[18542]: netbios connect: local=zerver
remote=7test1, name type = 0
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.575662, 2]
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]: setup_new_vc_session: New VC ==
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.589383, 2]
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]: setup_new_vc_session: New VC ==
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.590067, 2]
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 16:37:34 hostname smbd[18542]: smbldap_open_connection:
connection opened
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.593216, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.597839, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_group_from_ldap: Entry
found for group: 10002
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.604253, 2]
auth/auth.c:304(check_ntlm_password)
Nov 14 16:37:34 hostname smbd[18542]: check_ntlm_password:
authentication for user [admin] -> [root] -> [root] succeeded
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.605279, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.649251, 2]
lib/access.c:406(check_access)
Nov 14 16:37:34 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.054891, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 16:37:38 hostname smbd[18542]: Returning domain sid for domain
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.406066, 2]
lib/smbldap_util.c:277(smbldap_search_domain_info)
Nov 14 16:37:38 hostname smbd[18542]: smbldap_search_domain_info:
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE))]
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.453986, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.574143, 2]
passdb/pdb_ldap.c:2384(ldapsam_add_sam_account)
Nov 14 16:37:38 hostname smbd[18542]: ldapsam_add_sam_account: added:
uid == 7TEST1$ in the LDAP database
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.602310, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.608293, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.634266, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.635898, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.678490, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.744535, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:45 hostname smbd[18286]: [2010/11/14 16:37:45.253240, 1]
smbd/server.c:240(cleanup_timeout_fn)
Nov 14 16:37:45 hostname smbd[18286]: Cleaning up brl and lock
database after unclean shutdown
This is where the error occurs:
The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.
But, I've verified the workstation account is resident in the ldap
database at this point:
# ldapsearch -x -H ldap://${FQDNAME} -b "${LDAPBASEDN}"
"(&(uid=7TEST1$)(objectClass=sambaSamAccount))" -D cn=config -w
${LDAPPASSWD}
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=tld> with scope subtree
# filter: (&(uid=7TEST1$)(objectClass=sambaSamAccount))
# requesting: ALL
#
# 7TEST1$, machines, domain.tld
dn: uid=7TEST1$,ou=machines,dc=domain,dc=tld
uid: 7TEST1$
sambaSID: S-1-5-21-341473964-3919201715-2767564749-1008
displayName: Workstation (7test1$)
objectClass: sambaSamAccount
objectClass: account
sambaAcctFlags: [W ]
sambaNTPassword: 3E27124ADFFC14F8F96B48C49808C43A
sambaPwdLastSet: 1289775897
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
It is also resident in /etc/passwd. I'm not sure how to make samba stop
adding it here yet :)
$ grep -i 7test1 /etc/passwd
7test1$:x:10016:100:Workstation (7test1$):/nohome:/sbin/nologin
Does anyone know how to make samba only write workstation accounts to
ldap and not /etc/passwd?
---
If I were now to (on the Win7 client) click OK to the error and
re-attempt to add the machine to the domain it would be joined without
failure.
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.250056, 2]
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 17:04:56 hostname smbd[18542]: smbldap_open_connection:
connection opened
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.535673, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 17:04:56 hostname smbd[18542]: Returning domain sid for domain
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.540337, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.554429, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.569368, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.599912, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.602703, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.604196, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.941592, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.031499, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.072269, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.199951, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.268142, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.313315, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.359135, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.491592, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.966683, 2]
lib/access.c:406(check_access)
Nov 14 17:05:00 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.979326, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982879, 2]
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
Nov 14 17:05:00 hostname smbd[18542]: credentials check failed
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982981, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
Nov 14 17:05:00 hostname smbd[18542]: _netr_ServerAuthenticate3:
netlogon_creds_server_check failed. Rejecting auth request from client
7TEST1 machine account 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.988057, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:05:08 hostname smbd[18542]: [2010/11/14 17:05:08.502178, 2]
auth/auth.c:314(check_ntlm_password)
Nov 14 17:05:08 hostname smbd[18542]: check_ntlm_password:
Authentication for user [7TEST1] -> [7TEST1] FAILED with error
NT_STATUS_NO_SUCH_USER
After this I get a message, on the Win7 client, that says: Welcome to
the domain: OFFICE.
The message: "Authentication for user [7TEST1] -> [7TEST1] FAILED with
error NT_STATUS_NO_SUCH_USER" is just confusing.
---
I'm not really sure what I'm doing wrong here. I can say that the
attached smb.conf file is from a samba 3.0x install with a few additions
to make it work quickly within my test environment (ldap ssl = off,
etc). Its performed without fail for quite a long time.
If someone could shed some light on:
q1: why does this error occur? and
q2: how do I configure samba ignore it? or, maybe better
q3: is there a better, more 'correct', solution for this problem?
that would be helpful. The lack of a sound card driver doesn't seem like
a legitimate hold-up for adding a machine to the domain.
--
Thanks for the assist,
Todd E Thomas
"It's a frail music knits the world together."
-Robert Dana
Daniel Müller
2010-Nov-15 07:17 UTC
[Samba] A device attached to the system is not functioning (smbd -V 3.5.x)
I had a similar problem:
Look at this sambaAcctFlags: [W ]
I had one workstation with this sambaAcctFlags: [W ]
All other workstations had [W].
I changed it to [W] and it did the trick.
Maybe you can solve this too.
Good Luck
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Todd E Thomas
Gesendet: Montag, 15. November 2010 00:23
An: Samba List; Todd E Thomas
Betreff: [Samba] A device attached to the system is not functioning (smbd -V
3.5.x)
Howdy,
I'm having one last problem with my Samba PDC with an ldap backend. When I
add a machine to the domain I get the error, on my Win7 test client, that
says:
The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.
Here are some particulars:
# smbd -V
Version 3.5.6 (configured sernet repo to install latest packages)
I'm using OpenLDAP v2.4.23
# cat /etc/redhat-release
CentOS release 5.5 (Final)
The Win7 client is a VM in VirtualBox. It does, in fact, have a device with
no driver (sound card).
---
After adding the client to the domain and entering UN/PW, these are logged
entries:
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.344804, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[admingear]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345033, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[apps]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345199, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[docs]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345352, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[homes]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345543, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[netlogon]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.345689, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section
"[printers]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.346143, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[print$]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.431008, 1]
param/loadparm.c:7605(lp_do_parameter)
Nov 14 16:37:26 hostname smbd[18542]: WARNING: The "printer admin"
option is deprecated
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.498046, 2]
param/loadparm.c:7859(do_section)
Nov 14 16:37:26 hostname smbd[18542]: Processing section "[public]"
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.573629, 2]
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]: cups_async_callback: failed to
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.649941, 2]
printing/print_cups.c:550(cups_async_callback)
Nov 14 16:37:26 hostname smbd[18542]: cups_async_callback: failed to
read a new printer list
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.701745, 2]
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]: added interface lo ip=127.0.0.1
bcast=127.255.255.255 netmask=255.0.0.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.768676, 2]
lib/interface.c:340(add_interface)
Nov 14 16:37:26 hostname smbd[18542]: added interface eth0 ip=10.0.0.4
bcast=10.0.0.255 netmask=255.255.255.0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.838027, 2]
lib/access.c:406(check_access)
Nov 14 16:37:26 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.912057, 2]
smbd/reply.c:554(reply_special)
Nov 14 16:37:26 hostname smbd[18542]: netbios connect:
name1=ZERVER 0x20 name2=7TEST1 0x0
Nov 14 16:37:26 hostname smbd[18542]: [2010/11/14 16:37:26.978893, 2]
smbd/reply.c:565(reply_special)
Nov 14 16:37:27 hostname smbd[18542]: netbios connect: local=zerver
remote=7test1, name type = 0
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.575662, 2]
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]: setup_new_vc_session: New VC ==
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.589383, 2]
smbd/sesssetup.c:1391(setup_new_vc_session)
Nov 14 16:37:34 hostname smbd[18542]: setup_new_vc_session: New VC ==
0, if NT4.x compatible we would close all old resources.
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.590067, 2]
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 16:37:34 hostname smbd[18542]: smbldap_open_connection:
connection opened
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.593216, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.597839, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_group_from_ldap: Entry
found for group: 10002
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.604253, 2]
auth/auth.c:304(check_ntlm_password)
Nov 14 16:37:34 hostname smbd[18542]: check_ntlm_password:
authentication for user [admin] -> [root] -> [root] succeeded Nov 14
16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.605279, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:34 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: root
Nov 14 16:37:34 hostname smbd[18542]: [2010/11/14 16:37:34.649251, 2]
lib/access.c:406(check_access)
Nov 14 16:37:34 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.054891, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 16:37:38 hostname smbd[18542]: Returning domain sid for domain
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.406066, 2]
lib/smbldap_util.c:277(smbldap_search_domain_info)
Nov 14 16:37:38 hostname smbd[18542]: smbldap_search_domain_info:
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE))]
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.453986, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.574143, 2]
passdb/pdb_ldap.c:2384(ldapsam_add_sam_account)
Nov 14 16:37:38 hostname smbd[18542]: ldapsam_add_sam_account: added:
uid == 7TEST1$ in the LDAP database
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.602310, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.608293, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.634266, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.635898, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 16:37:38 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.678490, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:38 hostname smbd[18542]: [2010/11/14 16:37:38.744535, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 16:37:38 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 16:37:45 hostname smbd[18286]: [2010/11/14 16:37:45.253240, 1]
smbd/server.c:240(cleanup_timeout_fn)
Nov 14 16:37:45 hostname smbd[18286]: Cleaning up brl and lock
database after unclean shutdown
This is where the error occurs:
The following error occurred attempting to join the domain "office":
A device attached to the system is not functioning.
But, I've verified the workstation account is resident in the ldap database
at this point:
# ldapsearch -x -H ldap://${FQDNAME} -b "${LDAPBASEDN}"
"(&(uid=7TEST1$)(objectClass=sambaSamAccount))" -D cn=config -w
${LDAPPASSWD} # extended LDIF # # LDAPv3 # base <dc=domain,dc=tld> with
scope subtree # filter: (&(uid=7TEST1$)(objectClass=sambaSamAccount))
# requesting: ALL
#
# 7TEST1$, machines, domain.tld
dn: uid=7TEST1$,ou=machines,dc=domain,dc=tld
uid: 7TEST1$
sambaSID: S-1-5-21-341473964-3919201715-2767564749-1008
displayName: Workstation (7test1$)
objectClass: sambaSamAccount
objectClass: account
sambaAcctFlags: [W ]
sambaNTPassword: 3E27124ADFFC14F8F96B48C49808C43A
sambaPwdLastSet: 1289775897
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
It is also resident in /etc/passwd. I'm not sure how to make samba stop
adding it here yet :)
$ grep -i 7test1 /etc/passwd
7test1$:x:10016:100:Workstation (7test1$):/nohome:/sbin/nologin
Does anyone know how to make samba only write workstation accounts to ldap
and not /etc/passwd?
---
If I were now to (on the Win7 client) click OK to the error and re-attempt
to add the machine to the domain it would be joined without failure.
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.250056, 2]
lib/smbldap.c:950(smbldap_open_connection)
Nov 14 17:04:56 hostname smbd[18542]: smbldap_open_connection:
connection opened
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.535673, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Nov 14 17:04:56 hostname smbd[18542]: Returning domain sid for domain
OFFICE -> S-1-5-21-341473964-3919201715-2767564749
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.540337, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.554429, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.569368, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.599912, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database Nov 14 17:04:56
hostname smbd[18542]: [2010/11/14 17:04:56.602703, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:56 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.604196, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:56 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:56 hostname smbd[18542]: [2010/11/14 17:04:56.941592, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:56 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database Nov 14 17:04:57
hostname smbd[18542]: [2010/11/14 17:04:57.031499, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.072269, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.199951, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database Nov 14 17:04:57
hostname smbd[18542]: [2010/11/14 17:04:57.268142, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.313315, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:04:57 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.359135, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
Nov 14 17:04:57 hostname smbd[18542]: init_ldap_from_sam: Setting
entry for user: 7TEST1$
Nov 14 17:04:57 hostname smbd[18542]: [2010/11/14 17:04:57.491592, 2]
passdb/pdb_ldap.c:2061(ldapsam_update_sam_account)
Nov 14 17:04:57 hostname smbd[18542]: ldapsam_update_sam_account:
successfully modified uid = 7TEST1$ in the LDAP database Nov 14 17:05:00
hostname smbd[18542]: [2010/11/14 17:05:00.966683, 2]
lib/access.c:406(check_access)
Nov 14 17:05:00 hostname smbd[18542]: Allowed connection from
10.0.0.203 (10.0.0.203)
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.979326, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982879, 2]
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
Nov 14 17:05:00 hostname smbd[18542]: credentials check failed
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.982981, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
Nov 14 17:05:00 hostname smbd[18542]: _netr_ServerAuthenticate3:
netlogon_creds_server_check failed. Rejecting auth request from client
7TEST1 machine account 7TEST1$
Nov 14 17:05:00 hostname smbd[18542]: [2010/11/14 17:05:00.988057, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
Nov 14 17:05:00 hostname smbd[18542]: init_sam_from_ldap: Entry found
for user: 7TEST1$
Nov 14 17:05:08 hostname smbd[18542]: [2010/11/14 17:05:08.502178, 2]
auth/auth.c:314(check_ntlm_password)
Nov 14 17:05:08 hostname smbd[18542]: check_ntlm_password:
Authentication for user [7TEST1] -> [7TEST1] FAILED with error
NT_STATUS_NO_SUCH_USER
After this I get a message, on the Win7 client, that says: Welcome to the
domain: OFFICE.
The message: "Authentication for user [7TEST1] -> [7TEST1] FAILED with
error
NT_STATUS_NO_SUCH_USER" is just confusing.
---
I'm not really sure what I'm doing wrong here. I can say that the
attached
smb.conf file is from a samba 3.0x install with a few additions to make it
work quickly within my test environment (ldap ssl = off, etc). Its performed
without fail for quite a long time.
If someone could shed some light on:
q1: why does this error occur? and
q2: how do I configure samba ignore it? or, maybe better
q3: is there a better, more 'correct', solution for this problem?
that would be helpful. The lack of a sound card driver doesn't seem like a
legitimate hold-up for adding a machine to the domain.
--
Thanks for the assist,
Todd E Thomas
"It's a frail music knits the world together."
-Robert Dana
Maybe Matching Threads
- samba BDC + LDAP slave Referral errors
- [Follow-UP] samba BDC + LDAP slave Referral errors
- Windows client does not recognize password change...
- Problems with userPassword when it's base64 encoded
- samba bad password count reset between logins (not loaded from login_cache.tdb)