[Samba] Joining Windows XP client to Samba 3 domain: Access denied

Mon, 09 Nov 2009 08:32:10 -0800 

Hi all!
When I try to join a Windows XP client to a Samba 3 domain I get an access denied error. Below's my configuration and a snippet from the log file. Has someone an idea what I need to change / do in order to be able to join the domain from Windows? 

Thx in advance for your help!

Chris


snippet from log.smbd:

[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(487)
  netbios connect: name1=DC              name2=EMCO-TEST
[2009/11/09 17:26:24,  2] smbd/reply.c:reply_special(494)
  netbios connect: local=dc remote=emco-test, name type = 0
[2009/11/09 17:26:24,  0] lib/util_sock.c:write_data(1136)
[2009/11/09 17:26:24,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected

  write_data: write failure in writing to client 0.0.0.0. Error 
Connection reset

 by peer
[2009/11/09 17:26:24,  0] smbd/process.c:srv_send_smb(74)

  Error writing 4 bytes to client. -1. (Transport endpoint is not 
connected)

[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old

resources.
[2009/11/09 17:26:24,  2] smbd/sesssetup.c:setup_new_vc_session(1368)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old

resources.
[2009/11/09 17:26:24,  2] lib/smbldap.c:smbldap_open_connection(800)
  smbldap_open_connection: connection opened
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  init_sam_from_ldap: Entry found for user: mg
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] auth/auth.c:check_ntlm_password(308)

  check_ntlm_password:  authentication for user [mg] -> [mg] -> [mg] 
succeeded

[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)

  pdb_create_builtin_alias: Could not add group mapping entry for alias 
544 (NT_

STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(450)

  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind 
allocate

gids?
[2009/11/09 17:26:24,  0] groupdb/mapping.c:pdb_create_builtin_alias(802)

  pdb_create_builtin_alias: Could not add group mapping entry for alias 
545 (NT_

STATUS_GROUP_EXISTS)
[2009/11/09 17:26:24,  2] auth/token_util.c:create_local_nt_token(474)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)

  Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121

0167058
[2009/11/09 17:26:24,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3486)

  Returning domain sid for domain LOHRMANN.DE -> 
S-1-5-21-80921578-305742319-121

0167058
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 10000
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  init_sam_from_ldap: Entry found for user: EMCO-TEST$
[2009/11/09 17:26:24,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 10000


snippet from log.winbindd:


[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_interface_version(75

4)
  [19549]: request interface version

[2009/11/09 17:33:01,  3] 
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(787)

  [19549]: request location of privileged pipe
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
  [19549]: ping
[2009/11/09 17:33:01,  3] winbindd/winbindd_misc.c:winbindd_ping(733)
  [19549]: ping
[2009/11/09 17:33:01,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe


testparm:

r...@domain-controller:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = LOHRMANN.DE
        netbios name = DC
        passdb backend = ldapsam
        log level = 2
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=samba,dc=lohrmann,dc=de
        ldap group suffix = ou=groups
        ldap idmap suffix = ou=idmaps
        ldap machine suffix = ou=machines
        ldap passwd sync = yes
        ldap suffix = dc=lohrmann,dc=de
        ldap ssl = no
        ldap user suffix = ou=users
        idmap backend = ldap
        idmap alloc backend = ldap
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        ldapsam:editposix = yes
        ldapsam:trusted = yes
        idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
        idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
        idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
r...@domain-controller:/var/log/samba#
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to