Update !!!!!!!! I just noticed that I have a previously installed samba from the rpm which samba 3.0.2a, out curiosity I tried copying all the configuration files to the /etc/samba/ directory and now I CAN LOGIN to the domain, no idea why though, anyway I'm still trying to make the 3.0.9 version work as well, please help
----- Original Message ----- From: "Adi Nugraha" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[email protected]> Sent: Friday, January 14, 2005 10:34 AM Subject: Re: [Samba] can join but unable to login to the domain + ldapaccountproblems > > > I happen to be the author of that book. Suggest you delete the > Administrator > > account and add an account for 'root' that matches your /etc/passwd entry > for > > the 'root' user. I will be fixing this information in the update that I > will > > soon make to the book. > > I deleted the Administrator account and added a root user using > ./smbldap-useradd.pl, but it seems similar to adding my own __admin__ > account, would it be a problem if I used the __admin__ account ?? > > > > 1. According to the book the account that can be used to join a domain > is > > > the Administrator account with the password set from the ldap admin dn > > > which is secret is my installation,but I was unable to join the domain > with > > > the account, not even just to see the shares, something like wrong > > > password, when I look at the log it seem the Administrator is mapped to > > > root, which has a different password in the linux, does this matter? in > the > > > end I tried creating a new Account with 0 uid to join the domain (let's > > > call it __admin__ ), and it worked, but I still would like to know why > the > > > Administrator account didn't work, > > > > Winbind will break if there is any ambiguity in the forward and reverse > > mapping of login names to UID. You can NOT have both root with UID=0 and > > Administrator with UID=0. If you do, when Samba does a reverse lookup of > the > > Windows SID for Administrator it will find it has UNIX UID=0, but then can > > not determine which UNIX account that represents - i.e.: Is it 'root' or > is > > it 'Administrator'. > > > > Additionally, all accounts Samba uses must be in the LDAP backend (both > the > > POSIX account details and the SambaSamAccount details) if you are using an > > LDAP backend. > > > > > > > > 2. A W2k workstation can join the domain with the __admin__ account , > but > > > after reboot It can't login with any User name, not even with the > account > > > that succesfully joined the workstation the error message is 'The system > > > cannot log you o now because the domain is not available, I am able to > see > > > the shares with the __admin__ Account, but not with any other accounts ( > > > even newly created ones) > > > > Did you add the LDAP admin password to the secrets.tdb file? > > > > Do the following work?: > > > > getent passwd > > pdbedit -Lw > > > > when you said ldap admin password do you mean the one with the smbpasswd -w > secret command if so then I already did, getent passwd and pdbedit -Lw > worked fine, all the accounts I added to login to the domain is there > > > If you have a service definition for [IPC$] in your smb.conf file, please > > delete it, then try again. > > No, I don't have a service definition for [IPC$] in my smb.conf file, but > the result from smbclient -L localhost -Uadmin%1234 have an IPC service, but > when I used a different account like the domain user account it returned : > > Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] > tree connect failed: NT_STATUS_BAD_NETWORK_NAME > > Does this mean that there's something wrong with the domain user group ?? > > > > > > > 3. when trying to net rpc join the samba box itself it returned > > > Unable to join domain VALHALLA. > > > > > > and when I tried smbclient -L localhost > > > > > > Anonymous login successful > > > Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] > > > tree connect failed: NT_STATUS_BAD_NETWORK_NAME > > > > > > but when I tried smbclient //valkyrie/user -Uuser%1234 it wored just > fine > > > of course the administrator password still didn't work > > > > > > this is the level 1 log : > > > > > > [2005/01/13 13:03:09, 0] smbd/service.c:make_connection_snum(620) > > > '/root/tmp' does not exist or is not a directory, when connecting to > > > [IPC$] > > > > What version of Samba? Did you compile it yourself? If so, what parameters > did > > you pass to configure? > > > - John T. > > > > I used samba version 3.0.9 from the samba source on a Mandrake Linux 10.0 , > I compiled it myself with the default configuration as in just ./configure > because I read that since samba 3 ldap support is on by default. > > BTW I found some logs that seems suspicious please take a look : > > [2005/01/14 04:55:33, 2] smbd/sesssetup.c:setup_new_vc_session(608) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2005/01/14 04:55:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) > Doing spnego session setup > [2005/01/14 04:55:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > PrimaryDomain=[] > [2005/01/14 04:55:33, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) > Got user=[] domain=[] workstation=[VPC1] len1=1 len2=0 > [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/01/14 04:55:33, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/14 04:55:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/14 04:55:33, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] > with the new password interface > [2005/01/14 04:55:33, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > > the log is from when I tried to login form a W2K PC that is already joined > to the domain, why is the primary domain [] ??? and it seems that the > workstation didn't send any username or password either and it authenticates > as a guest account ??? > > > this is the log from when tried joining the domain from the samba box itself > : > > > > Adding homes service for user 'adi' using home directory: '/home//adi' > [2005/01/14 05:20:15, 3] param/loadparm.c:lp_add_home(2341) > adding home's share [adi] for user 'adi' at '/home//adi' > : > : > : > cut > : > : > : > : > [2005/01/14 05:20:15, 3] smbd/ipc.c:api_fd_reply(296) > Got API command 0x26 on pipe "NETLOGON" (pnum 76c8) > [2005/01/14 05:20:15, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass > [2005/01/14 05:20:15, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\NETLOGON > [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) > Transaction 27 of length 45 > [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) > switch message SMBclose (pid 8730) conn 0x834b730 > [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) > Transaction 28 of length 45 > [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) > switch message SMBclose (pid 8730) conn 0x834b730 > [2005/01/14 05:20:15, 3] smbd/process.c:process_smb(1092) > Transaction 29 of length 39 > [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) > [2005/01/14 05:20:15, 3] smbd/process.c:switch_message(887) > switch message SMBtdis (pid 8730) conn 0x834b730 > [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/14 05:20:15, 3] smbd/service.c:close_cnum(836) > valkyrie (192.168.88.2) closed connection to service IPC$ > [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ > [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/14 05:20:15, 3] smbd/process.c:timeout_processing(1337) > timeout_processing: End of file from client (client has disconnected). > [2005/01/14 05:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/14 05:20:15, 2] smbd/server.c:exit_server(571) > Closing connections > [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(76) > [2005/01/14 05:20:15, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not > exist. > [2005/01/14 05:20:15, 3] smbd/server.c:exit_server(614) > Server exit (normal exit) > > > from what I can tell it seems to repeat alot of the process, and the > NETLOGON part was where it was timed out > > > any help will be great thanks > > > > Adi > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
