Join the club! one thing I found is that if I dont have the master browser setup correctly (domain logons = yes master browser = yes), then I get that message as well.
are your logs showing anything? > -----Original Message----- > From: PHELPS, SCOTT [mailto:[EMAIL PROTECTED] > Sent: Friday, July 11, 2003 8:32 PM > To: [EMAIL PROTECTED] > Subject: [Samba] Samba-2.2.8a /LDAP can't join domain > > > > > -----Original Message----- > From: Scott Phelps [mailto:[EMAIL PROTECTED] > Sent: Friday, July 11, 2003 9:19 PM > To: '[EMAIL PROTECTED]' > Subject: Samba-2.2.8a & LDAP - Can't join Domain - SID mapping error > > Hi everyone, > I am at my wits end and am hoping one of you can help me out. > > I am getting the following error when attempting to join > Windows XP/2000 machine to the domain: > > "The following error occurred attempting to join the domain > "MY_DOMAIN" > No mapping between account names and security IDs was done. > > Running Gentoo Linux > Samba 2.2.8a > OpenLDAP 2.0.27 > > I performed the following registry hacks: > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] > "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000 > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters] > "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000 > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon > \Parameters] > "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000 > > I am attempting to join the domain as root. > root was added via smbpasswd -a root > domain admin group = root Was placed in my smb.conf > I set up a fake root user this way in LDAP: > dn: uid=root,ou=People,dc=virginiabeach,dc=net > objectClass: top > objectClass: account > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaAccount > uidNumber: 0 > gidNumber: 0 > homeDirectory: /home/root > loginShell: /bin/bash > gecos: root > shadowLastChange: 0 > shadowMax: 0 > shadowWarning: 0 > userPassword: {SSHA}GN3hrCs7c8Kgd93df23838hHH > uid: root > pwdLastSet: 1057974221 > logonTime: 0 > logoffTime: 2147483647 > kickoffTime: 2147483647 > pwdCanChange: 2147483647 > pwdMustChange: 2147483647 > displayName: root > cn: root > smbHome: \\MY_PDC\homes > homeDrive: Z: > scriptPath: logon.cmd > profilePath: \\MT-PDC\profiles\root > rid: 1000 > primaryGroupID: 1001 > lmPassword: 639C041927C79D99AAEJKHRJFHKRJKL > ntPassword: 6E1766AB79DDFHGJDHFJJHBJFHBJRHR > acctFlags: [UX ] > > The machine name is also in LDAP like this: > dn: uid=MYMACHINE$,ou=Machine,dc=virginiabeach,dc=net > objectClass: top > objectClass: account > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaAccount > uid: MYMACHINE$ > uidNumber: 11014 > gidNumber: 11014 > homeDirectory: /dev/null > loginShell: /bin/false > gecos: rid96itlaptop windows machine,,, > userPassword: {crypt}x > shadowLastChange: 0 > shadowMax: 0 > shadowWarning: 0 > pwdLastSet: 0 > logonTime: 0 > logoffTime: 2147483647 > kickoffTime: 2147483647 > pwdCanChange: 2147483647 > pwdMustChange: 2147483647 > displayName: MYMACHINE$ > acctFlags: [W] > rid: 23028 > primaryGroupID: 23029 > homeDrive: U: > smbHome: > profilePath: > scriptPath: logon.cmd > lmPassword: xxx > ntPassword: xxx > cn: MYMACHINE$ > > Everything else works, and I am able to log into Linux and a > Samba share using a test user authenticating strictly via LDAP. > > Any help is greatly appreciated. Otherwise I will have no hair left! > > Thanks, > > -- Scott Phelps > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
