Re: [Samba] cannot login to Samba PDC from win2k

Wed, 18 Feb 2004 05:34:17 -0800 

> I have the following system:
> 
>   - Samba 3 using LDAP backend.
>   - Every old windows user has been inserted in LDAP database.
>   - Samba is configured (or is trying to be) as a PDC.
>   - Win2k is working by now with workgroups, not with domains.
>   
> The idea now is use this new Samba schema for user authentication in the 
> company. From a workstation I changed the workgroup use to domain, and I 
> inserted the one in Samba. It seems to connect to it, but no user can log in
> 
> (wrong username and password), and all of them are already inserted in LDAP.
> 
> Furthermore, whenever a look up in Samba (pdbedit -vL), I can see that all
> the 
> users are accesible by Samba.
> 
> What is the problem?
> 
> I will attach my smb.conf file:
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2004/02/16 15:42:24
> 
> # Global parameters
> [global]
>       domain master = Yes
>       preferred master = yes  
>       local master = yes
>       domain logons = yes
>       directory mask = 0770
>       passdb backend = ldapsam:ldap://localhost:389
>       logon script = logon.cmd
>       veto files = /*.eml/*.nws/riched20.dll/*.{*}/
>       printing = cups
>       force directory mode = 0770
>       ldap admin dn = cn=root,dc=my,dc=domain
>       #logon path = \{}\{}%N\{}profiles\{}%U
>       #logon path = /var/lib/samaba/netlogon
>       workgroup = LINUXTEST
>       os level = 255
>       create mask = 0770
>       wins support = true
>       ldap machine suffix = ou=machines
>       printcap name = CUPS
>       #logon home = \{}\{}%N\{}\{}%u\{}winprofile
>       netbios name = LINUXTEST
>       force create mode = 0770
>       ldap group suffix = ou=Groups
>       ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>       logon drive = H:
>       ldap user suffix = ou=People
>       auto services = homes
>       time server = Yes
>       security = user
>       map to guest = Bad User
>       socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY 
> SO_SNDBUF=8192
>       ldap suffix = dc=my,dc=domain
>       ldap ssl = off
>       hide unreadable = yes
>       #hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1
>       #hosts deny = all
>       idmap uid = 10000-20000
>       idmap gid = 10000-20000
>       idmap backend = ldap:ldap://localhost:389
> 
> [homes]
>       comment = Home Directories
>       valid users = %S
>       read only = No
>       create mask = 0740
>       directory mask = 0750
>       browseable = No
> 
> [printers]
>       comment = All Printers
>       path = /var/tmp
>       create mask = 0600
>       printable = Yes
>       browseable = No
> 
> [print$]
>       comment = Printer Drivers
>       path = /var/lib/samba/drivers
>       write list = @ntadmin, root
>       force group = ntadmin
>       create mask = 0664
>       directory mask = 0775
> 
> [supersamba]
>       user = @ldapusers
>       path = /usr/local/shares/super
>       writeable = yes
>       comment = Samba ist Super
>       valid users = @ldapusers
> 
> [netlogon]
>       path = /var/lib/samba/netlogon
>       write list = root
>       read only = yes
>       guest ok = yes
>       browseable = no
> 
> [profiles]
>       path = /var/lib/samba/profiles
>       browseable = no
>       read only = no
>       directory mask = 0700
>       create mask = 0600

I have added the parameter to smb.conf:

[global]
        ldap idmap suffix = ou=idmap

It seems that now winbindd is runned without errors. However, I still cannot 
log in with any user. 

Here I attach the log files, so that someone can help me:

log.winbindd
============

[2004/02/18 14:28:08, 1] nsswitch/winbindd.c:main(842)
  winbindd version 3.0.1 started.
  Copyright The Samba Team 2000-2003
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain LINUXTEST  
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/18 14:28:08, 1] nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2004/02/18 14:29:41, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid
[2004/02/18 14:29:42, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437)
  Could not convert gid 10000 to sid


log.smbd
========

[2004/02/18 14:28:07, 0] smbd/server.c:main(747)
  smbd version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/02/18 14:28:08, 0] printing/pcap.c:pcap_printer_fn(361)
  Unable to open printcap file CUPS for read!
[2004/02/18 14:28:08, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:28:08, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:29:41, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST
[2004/02/18 14:29:42, 0] lib/smbldap.c:smbldap_search_domain_info(1321)
  Got too many (2) domain info entries for domain LINUXTEST


log.nmbd
========

[2004/02/18 14:28:08, 0] nmbd/nmbd.c:main(664)
  Netbios nameserver version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/02/18 14:28:08, 0] nmbd/asyncdns.c:start_async_dns(150)
  started asyncdns process 2539
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
  add_domain_logon_names:
  Attempting to become logon server for workgroup LINUXTEST on subnet 
192.168.1.70
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
  add_domain_logon_names:
  Attempting to become logon server for workgroup LINUXTEST on subnet 
UNICAST_SUBNET
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup LINUXTEST, subnet 
UNICAST_SUBNET.
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
  become_domain_master_browser_wins: querying WINS server from IP 192.168.1.70 
for domain master browser name LINUXTEST<1b> on workgroup LINUXTEST
[2004/02/18 14:28:08, 0] nmbd/nmbd_nameregister.c:register_name_response(130)
  register_name_response: WINS server at IP 192.168.1.70 rejected our name 
registration of LINUXTEST<00> IP 192.168.1.70 with error code 5.
[2004/02/18 14:28:08, 0] nmbd/nmbd_workgroupdb.c:fail_register(210)
  fail_register: Failed to register name LINUXTEST<00> on subnet UNICAST_SUBNET.
[2004/02/18 14:28:08, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(283)
  standard_fail_register: Failed to register/refresh name LINUXTEST<00> on 
subnet UNICAST_SUBNET
[2004/02/18 14:28:08, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup 
LINUXTEST on subnet UNICAST_SUBNET
[2004/02/18 14:28:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
  *****
  
  Samba server LINUXTEST is now a domain master browser for workgroup LINUXTEST 
on subnet UNICAST_SUBNET
  
  *****
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup LINUXTEST on subnet 
192.168.1.70
[2004/02/18 14:28:08, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
  become_domain_master_browser_bcast: querying subnet 192.168.1.70 for domain 
master browser on workgroup LINUXTEST
[2004/02/18 14:28:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup 
LINUXTEST on subnet 192.168.1.70
[2004/02/18 14:28:16, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
  *****
  
  Samba server LINUXTEST is now a domain master browser for workgroup LINUXTEST 
on subnet 192.168.1.70
  
  *****
[2004/02/18 14:28:31, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****
  
  Samba name server LINUXTEST is now a local master browser for workgroup 
LINUXTEST on subnet 192.168.1.70
  
  *****
[2004/02/18 14:29:33, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:33, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:40, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x7
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x12
[2004/02/18 14:29:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.1.25: code = 0x7



-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to