Microsoft Client Services: Digitally sign communications (Always) = Disabled That's what you mean right? In that case, yes.
Regards Tarjei ----- Original Message ----- From: "McKeever Chris" <[EMAIL PROTECTED]> To: "Andrew Bartlett" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Tarjei Bitust�yl" <[EMAIL PROTECTED]> Sent: Sunday, November 09, 2003 5:39 PM Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account > > > On Sun, 9 Nov 2003 10:26 , Tarjei Bitust�yl <[EMAIL PROTECTED]> sent: > > >Ok, additional information: > >I am using LDAP as a unix password backend, so I shouldn't be needing the > >/etc/passwd for a machine account. > >The smbldap-useradd.pl -w script adds an account correctly, and both > >posixAccount and sambaSAMAccount is set. When this is done, I get again, > >"access is denied" when I try to join the domain, with the valid SID user. > >It doesn't seem to join correctly on the operation when it actually creates > >the account, however I can see nothing wrong with the account itself. Here > >is an auto-created account: (smbldap-useradd.pl -w %u) > > > >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO > >objectClass: top > >objectClass: inetOrgPerson > >objectClass: posixAccount > >cn: main$ > >sn: main$ > >uid: main$ > >uidNumber: 1003 > >gidNumber: 553 > >homeDirectory: /dev/null > >loginShell: /bin/false > >description: Computer > > > >I have all the scripts in place, but manually only the add machine script > >works. I don't think I need the others for the operation I am trying, > >though. > > > >The thing is, if I do have an account in /etc/passwd called "main$" when I > >try to join, the auto-created ldap entry looks very very different: > > > >dn: uid=main$,ou=Machines,o=AstarothInc,c=NO > >uid: main$ > >sambaSID: S-1-5-21-2523409155-1094959098-2360343008-3006 > >sambaPrimaryGroupSID: S-1-5-21-2523409155-1094959098-2360343008-1201 > >sambaAcctFlags: [W ] > >objectClass: sambaSamAccount > >objectClass: account > > > >The error upon joining is still the same, username could not be found; > >however, subsequent attempts to join give the error "access is denied." I'm > >going nuts. > > > > > if this is an XP PRO machine, have you done the signorseal registry hack? > > > >Regards > >Tarjei > > > >----- Original Message ----- > >From: "Andrew Bartlett" [EMAIL PROTECTED]> > >To: "Tarjei Bitust�yl" [EMAIL PROTECTED]> > >Cc: [EMAIL PROTECTED]> > >Sent: Sunday, November 09, 2003 10:08 AM > >Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account > > > >On Sun, 2003-11-09 at 19:40, Tarjei Bitust�yl wrote: > >> Hi, > >> > >> I've finally gotten my LDAP password backend up and running, and finally > >figured out the SID 1000/1001 thing for Samba admin. > >> However I'm unable to join the workstation to my domain. > > > >I'm not sure what you mean about the '1000/1001' thing. Root should be > >given the special sid '-500' if at all possible, as that is > >'administrator'. > > > >> Using any random user in the WXP dialogue, I get the "Access is Denied" > >error. Fair enough. > >> Using the user with sambasid and sambagroupsid s-*-1000/s-*-1001, I get > >the error "The Username could not be found". This error is probably not > >referring to the login user, as that one is validated (I get another error > >if I type in a wrong password), so I assume it's the machine account user > >that it is looking for. > >> > >> I have however tried adding the machine account using both LAM and > >smbpasswd -a -m, but no difference. > >> > >> The debug log says everything is successful? > >> I'm at a loss. Does anyone have a hint as to what is wrong here? > > > >Do you have the add user scripts in place? > > > >Andrew Bartlett > > > >-- > >Andrew Bartlett [EMAIL PROTECTED] > >Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > >Student Network Administrator, Hawker College [EMAIL PROTECTED] > >http://samba.org http://build.samba.org http://hawkerc.net > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > ---- Prudential Preferred Properties www.prupref.com > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
