> I happen to be the author of that book. Suggest you delete the Administrator > account and add an account for 'root' that matches your /etc/passwd entry for > the 'root' user. I will be fixing this information in the update that I will > soon make to the book.
I deleted the Administrator account and added a root user using ./smbldap-useradd.pl, but it seems similar to adding my own __admin__ account, would it be a problem if I used the __admin__ account ?? > > 1. According to the book the account that can be used to join a domain is > > the Administrator account with the password set from the ldap admin dn > > which is secret is my installation,but I was unable to join the domain with > > the account, not even just to see the shares, something like wrong > > password, when I look at the log it seem the Administrator is mapped to > > root, which has a different password in the linux, does this matter? in the > > end I tried creating a new Account with 0 uid to join the domain (let's > > call it __admin__ ), and it worked, but I still would like to know why the > > Administrator account didn't work, > > Winbind will break if there is any ambiguity in the forward and reverse > mapping of login names to UID. You can NOT have both root with UID=0 and > Administrator with UID=0. If you do, when Samba does a reverse lookup of the > Windows SID for Administrator it will find it has UNIX UID=0, but then can > not determine which UNIX account that represents - i.e.: Is it 'root' or is > it 'Administrator'. > > Additionally, all accounts Samba uses must be in the LDAP backend (both the > POSIX account details and the SambaSamAccount details) if you are using an > LDAP backend. > > > > > 2. A W2k workstation can join the domain with the __admin__ account , but > > after reboot It can't login with any User name, not even with the account > > that succesfully joined the workstation the error message is 'The system > > cannot log you o now because the domain is not available, I am able to see > > the shares with the __admin__ Account, but not with any other accounts ( > > even newly created ones) > > Did you add the LDAP admin password to the secrets.tdb file? > > Do the following work?: > > getent passwd > pdbedit -Lw > when you said ldap admin password do you mean the one with the smbpasswd -w secret command if so then I already did, getent passwd and pdbedit -Lw worked fine, all the accounts I added to login to the domain is there > If you have a service definition for [IPC$] in your smb.conf file, please > delete it, then try again. No, I don't have a service definition for [IPC$] in my smb.conf file, but the result from smbclient -L localhost -Uadmin%1234 have an IPC service, but when I used a different account like the domain user account it returned : Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Does this mean that there's something wrong with the domain user group ?? > > > > 3. when trying to net rpc join the samba box itself it returned > > Unable to join domain VALHALLA. > > > > and when I tried smbclient -L localhost > > > > Anonymous login successful > > Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] > > tree connect failed: NT_STATUS_BAD_NETWORK_NAME > > > > but when I tried smbclient //valkyrie/user -Uuser%1234 it wored just fine > > of course the administrator password still didn't work > > > > this is the level 1 log : > > > > [2005/01/13 13:03:09, 0] smbd/service.c:make_connection_snum(620) > > '/root/tmp' does not exist or is not a directory, when connecting to > > [IPC$] > > What version of Samba? Did you compile it yourself? If so, what parameters did > you pass to configure? > - John T. I used samba version 3.0.9 from the samba source on a Mandrake Linux 10.0 , I compiled it myself with the default configuration as in just ./configure because I read that since samba 3 ldap support is on by default. BTW I found some logs that seems suspicious please take a look : [2005/01/14 04:55:33, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/01/14 04:55:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/01/14 04:55:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/01/14 04:55:33, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[] domain=[] workstation=[VPC1] len1=1 len2=0 [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/01/14 04:55:33, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/14 04:55:33, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/01/14 04:55:33, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] the log is from when I tried to login form a W2K PC that is already joined to the domain, why is the primary domain [] ??? and it seems that the workstation didn't send any username or password either and it authenticates as a guest account ??? this is the log from when tried joining the domain from the samba box itself : Adding homes service for user 'adi' using home directory: '/home//adi' [2005/01/14 05:20:15, 3] param/loadparm.c:lp_add_home(2341) adding home's share [adi] for user 'adi' at '/home//adi' : : : cut : : : : [2005/01/14 05:20:15, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "NETLOGON" (pnum 76c8) [2005/01/14 05:20:15, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/01/14 05:20:15, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) Transaction 27 of length 45 [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) switch message SMBclose (pid 8730) conn 0x834b730 [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) Transaction 28 of length 45 [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) switch message SMBclose (pid 8730) conn 0x834b730 [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) Transaction 29 of length 39 [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 8730) conn 0x834b730 [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/14 05:20:15, 3] smbd/service.c:close_cnum(836) valkyrie (192.168.88.2) closed connection to service IPC$ [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/14 05:20:15, 3] smbd/process.c:timeout_processing(1337) timeout_processing: End of file from client (client has disconnected). [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/14 05:20:15, 2] smbd/server.c:exit_server(571) Closing connections [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(76) [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2005/01/14 05:20:15, 3] smbd/server.c:exit_server(614) Server exit (normal exit) from what I can tell it seems to repeat alot of the process, and the NETLOGON part was where it was timed out any help will be great thanks Adi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
