[Samba] join ldap pdc domain "Access is denied."

John Stile Tue, 21 Sep 2004 16:59:38 -0700

I am trying to join a W2k Workstation to a samba PDC (SuSE9.1
samba-3.0.4, openldap2-2.2.6, samba-winbind-3.0.4) following the book
Samba-3 By Example, by John H. Terpstra.


The error is "Access is denied." on the Windows, when trying to join the
domain from My Computer->Properties->Identification->Member
of->Domain->WASTE2.

Administrator is mapped to a uid=0:
  getent passwd |grep Admin
    Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false

From the workstation I can map a share with user=Administrator and
passwd=not24get
This is the slapd log for the transaction (I did not see the logs in
/var/log/samba/log.* grow):

Sep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 ACCEPT from IP=127.0.0.2:34839 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 ACCEPT from IP=127.0.0.2:34840 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase 
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: connection_input: conn=2 deferring operation: 
binding
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase 
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SRCH attr=uid uidNumber gidNumber 
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime 
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass 
sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=2 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=2 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=2 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 ACCEPT from IP=127.0.0.1:34841 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH 
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SRCH attr=cn userPassword memberUid 
uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=2 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=3 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SRCH 
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SRCH attr=gidNumber sambaSID 
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=1 op=3 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=3 op=4 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=1 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=3 fd=9 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 ACCEPT from IP=127.0.0.2:34842 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 ACCEPT from IP=127.0.0.2:34843 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase 
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND dn="cn=Manager,dc=stilen,dc=com" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=waste2))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase 
objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=4 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SRCH attr=uid uidNumber gidNumber 
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime 
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass 
sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=2 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 ACCEPT from IP=127.0.0.1:34844 
(IP=0.0.0.0:389)
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
method=128
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 BIND dn="cn=Manager,dc=STILEN,dc=COM" 
mech=SIMPLE ssf=0
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=0 RESULT tag=97 err=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=2 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH 
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SRCH attr=cn userPassword memberUid 
uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=3 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH 
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SRCH attr=gidNumber sambaSID 
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=3 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=administrator))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=4 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH base="dc=STILEN,dc=COM" scope=2 
deref=0 
filter="(&(sambaSID=s-1-5-21-3407451059-1907285946-1511391544-501)(objectClass=sambaSamAccount))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SRCH attr=uid uidNumber gidNumber 
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime 
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass 
sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=4 SEARCH RESULT tag=101 err=0 
nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH 
base="ou=People,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=nobody))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=5 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH 
base="ou=Groups,dc=stilen,dc=com" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=stilen,dc=com)))"
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SRCH attr=cn userPassword memberUid 
uniqueMember gidNumber
Sep 21 16:49:06 amanda slapd[19418]: conn=6 op=6 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH 
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=546))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SRCH attr=gidNumber sambaSID 
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=5 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH 
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SRCH attr=gidNumber sambaSID 
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=6 SEARCH RESULT tag=101 err=0 
nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH 
base="ou=Groups,dc=STILEN,dc=COM" scope=2 deref=0 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SRCH attr=gidNumber sambaSID 
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 21 16:49:06 amanda slapd[19418]: conn=5 op=7 SEARCH RESULT tag=101 err=0 
nentries=0 text=
Sep 21 16:49:06 amanda slapd[19418]: conn=6 fd=8 closed
Sep 21 16:49:06 amanda slapd[19418]: conn=5 fd=9 closed

-- 
._____________________.
|   \0/    John Stile |
| UniX Administration |
|   / \  510-305-3800 |     
|     [EMAIL PROTECTED] |
.---------------------.

signature.asc
Description: This is a digitally signed message part

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] join ldap pdc domain "Access is denied."

Reply via email to