Re: [Samba] samba3 PDC+ldap domain logon problem

[Muhammad Reza]

Is this bug fix with rpm version of samba-3.0.3-5 (fedora package ?)
Cause is still can't join to Samba LDAP server with unknown user name 
and password error form Windows 2000.
smbd.log said

[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))]
[2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_open_connection(639)
 smbldap_open_connection: connection opened
[2004/06/17 23:22:20, 3] lib/smbldap.c:smbldap_connect_system(806)
 ldap_connect_system: succesful connection to the LDAP server
and <machinename>.log said
[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(208)
 netbios connect: name1=PDC-SMB3        name2=BACKUP        
[2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(215)
 netbios connect: local=pdc-smb3 remote=backup, name type = 0

Is there something wrong with my configuration ?
-----smb.conf
workgroup = SMB3
       netbios name = PDC-SMB3
       interfaces = 172.16.0.232
       username map = /etc/samba/smbusers
       admin users= administrator,@"Domain Admins"
       server string = Samba Server %v
       security = user
       encrypt passwords = Yes
     <snip>domain logons = Yes
       os level = 65
       preferred master = Yes
       domain master = Yes
       wins support = Yes
       passdb backend = ldapsam:ldap://127.0.0.1/
       # passdb backend = ldapsam:"ldap://127.0.0.1/ 
ldap://slave.idealx.com";
       ldap admin dn = cn=Manager,dc=mragroup,dc=net
       ldap suffix = dc=mragroup,dc=net
       ldap group suffix = ou=Groups
       ldap user suffix = ou=Users
       ldap machine suffix = ou=Computers
       ldap idmap suffix = ou=Users
       #ldap ssl = start tls
       add user script = /usr/local/sbin/smbldap-useradd -m "%u"
       ldap delete dn = Yes
       #delete user script = /usr/local/sbin/smbldap-userdel "%u"
       add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
       add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
       #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
       add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
       delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"

#smbldap-usershow Administrator
dn: uid=Administrator,ou=Users,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-1931314229-1443927316-3005072698-512
sambaSID: S-1-5-21-1931314229-1443927316-3005072698-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 552902031BEDE9EFAAD3B435B51404EE
sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
sambaPwdCanChange: 1087541956
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1087541956
sambaAcctFlags: [U          ]
userPassword: {SMD5}W826bGtUtVBFm2cy9pjOoLleifE=
please help me
regards
reza
           



There is a bug with seperating the machine suffix and the user suffix, 
they both need to be the same container.

Please search the archives more, this topic comes up every week or so.
David Caplan wrote:
Hi,
I've got an issue with a samba 3 PDC with an ldap backend. I get a logon
failure (unknown username or bad password) when trying to add a win2k
box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap 
2.1.22. I am able to set up the workgroup on the w2k box, and access 
folders for
users registered in the ldap database, however I am not able to join the
domain with the user Administrator.
Any ideas on where I can look to find errors or test another way? (I 
cant find anything
in the ldap logs or the samba logs).

Please CC me any response, as I'm not subscribed to the list.
Thanks.
- David
---Some relevant smb.conf
[global]
   ...
    username map = /etc/samba3/smbusers
    obey pam restrictions = No
    ldap passwd sync = yes
    passdb backend = ldapsam:ldap://127.0.0.1/
    unix password sync = yes
    pam password change = yes
    passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* 
%n\n *LDAP*password*information*changed*for*dcaplan*\n 
*passwd:*all*authentication*tokens*updated*successfully*     ldap 
admin dn = cn=root,dc=cloudraker,dc=com
   ldap suffix = dc=cloudraker,dc=com
   ldap group suffix = ou=Group
   ldap user suffix = ou=People
   ldap machine suffix = ou=Hosts
   ldap idmap suffix = ou=People
   ldap ssl = off    #ldap ssl = start tls
   add user script = /usr/bin/smbldap-useradd3 -m "%u"
   ldap delete dn = Yes
   delete user script = /usr/bin/smbldap-userdel3 "%u"
   add machine script = /usr/bin/smbldap-useradd3 -w "%u"
   add group script = /usr/bin/smbldap-groupadd3 -p "%g"    #delete 
group script = /usr/bin/smbldap-groupdel3 "%g"
   add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g"
   delete user from group script = /usr/bin/smbldap-groupmod3 -x "%u" 
"%g"
   set primary group script = /usr/bin/smbldap-usermod3 -g "%g" "%u"
    os level = 65
    security = user
    logon path = \\%L\profiles\%U
    logon drive = U:
    update encrypted = Yes
    encrypt passwords = yes
    domain master = yes
    domain logons = yes
    local master = yes
    preferred master = yes
    guest ok = no
    admin users = root Administrator
    
    #wins support = yes
    #wins proxy = yes
----

--
David Caplan <david at david.ath.cx>
Key fingerprint: AADC 53B6 D5FB 31FE E191  4E9A 8D5D 2952 9358 
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba