Re: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

Wed, 27 Jan 2010 12:06:58 -0800

Try using "net ... -U Administrator" instead, since "root" is not by default a member of the domain admin group. This presumes you have created the Administrator account in samba, created the "domain admins" group and setup the approp group mapping for key groups (domain admins, domain users etc.) 



On 01/27/10 14:23, Henrik Dige Semark wrote:

Dos the PDC have to join the domain also?

When I try to join my PDC to its domain with "net join" I get the
following error.

Enter root's password:
Could not connect to server PDC
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE


The netbios name for my PDC is pdc.semarktest.dk I guess that way it
tells my that is can't connect to server PDC
I have checked that pdc is in the name server (nameserver is on 127.0.0.1)

# host pdc
pdc.semarktest.dk has address 192.168.1.182

Is there something I'm missing?

Log dump from net join command:

# tail -200 /var/log/syslog | grep slapd
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for 
input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>>  
dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<<  
dnPrettyNormal:<sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk>,<sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH 
"sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk" 
2 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     0 15 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     filter: 
(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     attrs:
Jan 27 20:21:53 hds-debian-virt slapd[1868]:
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  hdb_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
bdb_dn2entry("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  
hdb_dn2id("sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= hdb_dn2id: get failed: 
DB_NOTFOUND: No matching key/data pair found (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=2 p=3
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10 
matched="sambaDomainName=semarktest,dc=semark-testing,dc=dk" text=""
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=3 
tag=101 err=32
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for 
input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]:>>>  
dnPrettyNormal:<dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<<<  
dnPrettyNormal:<dc=semark-testing,dc=dk>,<dc=semark-testing,dc=dk>
Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH "dc=semark-testing,dc=dk" 2 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     0 15 0
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     filter: 
(&(uid=root)(objectClass=sambaSamAccount))
Jan 27 20:21:53 hds-debian-virt slapd[1868]:     attrs:
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uid
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  gidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  homeDirectory
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdLastSet
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdCanChange
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdMustChange
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogonTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogoffTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaKickoffTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  cn
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sn
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  displayName
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaHomeDrive
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaHomePath
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogonScript
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaProfilePath
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  description
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaUserWorkstations
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaSID
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPrimaryGroupSID
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLMPassword
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaNTPassword
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaDomainName
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  objectClass
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaAcctFlags
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaMungedDial
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaBadPasswordCount
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaBadPasswordTime
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPasswordHistory
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogonHours
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]:
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  hdb_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
bdb_dn2entry("dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: 
base="dc=semark-testing,dc=dk" (0x00000001) scope=2
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  
hdb_dn2idl("dc=semark-testing,dc=dk")
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  bdb_equality_candidates 
(objectClass)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940]
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, 
first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  bdb_equality_candidates (uid)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: =>  key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b]
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]:<= bdb_equality_candidates: id=0, 
first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 
first=1 last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched="" 
text=""
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 
tag=101 err=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for 
input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed 
errno=0 (Success)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying 
conn=15 sd=22 for close
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark


On 26-01-2010 22:42, Dale Schroeder wrote:

   

Henrik,

I saw that another user wanted you to make sure that the PDC was added
to the domain, and he is correct.
If it is still not working after adding the PDC to the domain,
consider changing the add machine script to this:

     add machine script = /usr/sbin/smbldap-useradd -i -w '%u'

I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
is what fixed the issue.

Dale


On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:

     

I have a serous problem.

I have for some time now tried to get an SAMBA based Domain Controller
working.
I have tried with OpenLDAP and tdbsam as backend, but I get the same
error every time.

I wood prefer to use LDAP as my backend.
I have read tons of how-to SAMBA + LDAP, but non of the seams to work
for my, is there someone that maybe can see what I have done rung in
my config.?

I have attached my samba conf and LDAP conf.

Samba is connected to OpenLDAP, and LDAP is running fine.
But when I try to join my Windows XP Pro SP3 I takes about one Min and
it tells my that Username and/or Password maybe rung, ore not existing.

There is no doubt that Samba and Ldap is talking together (samba have
updated the SID and RID's), cause when I try to join the domain LDAP
is activated, but the return value is somehow disappearing on the way
back to my client

I have some wireshark dump that I can provide if its necessary.
I can provide LOGS, DUMPS, and everything needed if its necessary.

System info:
Clean installed Debian Lenny (5.0.3)
Clean installed Samba 3.2.5 + Winbind 3.2.5
Clean installed OpenLDAP 2.4.11 (slapd)
Debian default smbldap-tools (smbldap-populate is working and have
populated LDAP without problems)
if there is something I have forgotten please just ask for it, I'm
close to be desperate.!

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark



       


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to