Hi, I successfully installed samba 3.0.1pre4 from cvs tree with ldap-2.0.27. I can log in with administrator but can't get my machines (win2k and XP) joined into the domain.
Here are some relevant part of the log file. [2003/11/28 15:02:32, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(251) [2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3516781642-1962875130-3438800523-3004 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-1401 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-518063335-3730449020-288107188-1401 [2003/11/28 15:02:32, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2003/11/28 15:07:25, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/11/28 15:07:25, 3] smbd/process.c:process_smb(890) Transaction 35 of length 168 [2003/11/28 15:07:25, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2501) [2003/11/28 15:07:25, 3] smbd/ipc.c:reply_trans(530) trans <\PIPE\> data=80 params=0 setup=2 [2003/11/28 15:07:25, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2003/11/28 15:07:25, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 775c)free_pipe_context: destroying talloc pool of size 0 [2003/11/28 15:07:25, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_CREATE_USER [2003/11/28 15:07:25, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) ***************** smb.conf workgroup = TEST security = user server string = Test Samba 3.0 printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log ldap admin dn = "cn=Manager,dc=csw,dc=com" ldap server = 192.168.1.30 ldap suffix = dc=csw,dc=com ldap port = 389 ldap ssl = off passdb backend = ldapsam:ldap://192.168.1.30 ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %u add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -g gid %u add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u debuglevel = 3 max log size = 10000 encrypt passwords = yes unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*succ pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote announce = 192.168.1.255 local master = yes domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes ... ****************** At the client side a simple access denied message appears. Any idea would be appreciated. thanks.,FS -- ...Fehér Sándor... --- ....Sandor Feher.... fejlesztési vezető --- development manager Blue System Kft. --- Blue System Ltd. mailto:[EMAIL PROTECTED] http://www.bluesystem.hu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
