Thanks Louis, I'm checking it out. I'll undo my setting and try again with your reciepe.
Thanks for the tip. David El Martes, 5 de Julio de 2005 13:33, Louis van Belle escribió: > I run this setup, my config is posted lastweek. > > >-----Oorspronkelijk bericht----- > >Van: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] > >Namens David Szanto > >Verzonden: maandag 4 juli 2005 18:04 > >Aan: [email protected] > >Onderwerp: [Samba] Samba3+LDAP: Can't join domain. > > > >Hi everyone!! > >I'm having a bit of trouble join a Samba 3 PDC with LDAP > >authentication. > >First some tips on what system I'm using: > >- Debian Sarge > >- Samba 3.0.14a-Debian > >- OpenLDAP 2.2.24 : Protocol v.3 > > > > > >Well, Now I'll explain the problem and show you some log output. > > > >When ever I try to join the domain I get the following error: > >--begin--------------------- > ># net rpc join GICOMMNET > >Creation of workstation account failed > >Unable to join domain GICOMMNET. > >--end--------------------- > > > >So, I check my logs to see what's wrong and I see this in the > >Samba log: > >--begin--------------------- > >[2005/07/04 17:29:36, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) > > get_md4pw: Workstation DAVIDSZANTO$: no account in domain > >Error: modifications require authentication > >at /usr/share/perl5/smbldap_tools.pm line 1005, <DATA> line 283. > >[2005/07/04 17:29:39, 0] > >rpc_server/srv_samr_nt.c:_samr_create_user(2324) > > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w > >"davidszanto$"' gave 1 > >--end-------------------- > > > >So I check if everything alright with my smbldap-useradd > >command, and I try > >creating the account manually using exactly the same command. > >Everything > >works fine. The account is created and machine davidszanto$ > >is created. > > > >So then I scratch my head a bit, and while I'm loosing most of > >my hair I try > >something a bit easier. Let's see if I can recover the user > >list or the > >group list. I use the "net user -I 192.168.xxx.xxx" and it > >works fine. I > >get the whole list and smae with groups. So, if everything > >looks fine, > >where's the mistake? > > > >I try joining again and this time I check the slapd log as > >well and I get the > >biggest transaction log record in history!! : > >--begin------------------ > >Jul 4 17:38:49 localhost slapd[8515]: connection_get(10): got > >connid=35 > >Jul 4 17:38:49 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=35 > >Jul 4 17:38:49 localhost slapd[8515]: do_bind > >Jul 4 17:38:49 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:49 localhost slapd[8515]: >>> dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:49 localhost slapd[8515]: <<< dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp>, <cn=admin,dc=gicomm,dc=i > >berica,dc=esp> > >Jul 4 17:38:49 localhost slapd[8515]: do_bind: version=3 > >dn="cn=admin,dc=gicomm,dc=iberica,dc=esp" method=128 > >Jul 4 17:38:49 localhost slapd[8515]: do_bind: v3 bind: > >"cn=admin,dc=gicomm,dc=iberica,dc=esp" to "cn=admin,dc=gicomm,dc=i > >berica,dc=esp" > >Jul 4 17:38:49 localhost slapd[8515]: send_ldap_result: > >conn=35 op=0 p=3 > >Jul 4 17:38:49 localhost slapd[8515]: send_ldap_response: > >msgid=1 tag=97 > >err=0 > >Jul 4 17:38:49 localhost slapd[8515]: connection_get(10): got > >connid=35 > >Jul 4 17:38:49 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=35 > >Jul 4 17:38:49 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:49 localhost slapd[8515]: do_search > >Jul 4 17:38:49 localhost slapd[8515]: >>> dnPrettyNormal: <> > >Jul 4 17:38:49 localhost slapd[8515]: <<< dnPrettyNormal: <>, <> > >Jul 4 17:38:49 localhost slapd[8515]: => send_search_entry: dn="" > >Jul 4 17:38:49 localhost slapd[8515]: <= send_search_entry > >Jul 4 17:38:49 localhost slapd[8515]: send_ldap_result: > >conn=35 op=1 p=3 > >Jul 4 17:38:49 localhost slapd[8515]: send_ldap_response: > >msgid=2 tag=101 > >err=0 > >Jul 4 17:38:49 localhost slapd[8515]: connection_get(10): got > >connid=35 > >Jul 4 17:38:50 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=35 > >Jul 4 17:38:50 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:50 localhost slapd[8515]: do_search > >Jul 4 17:38:50 localhost slapd[8515]: >>> dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:50 localhost slapd[8515]: <<< dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp>, <dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:50 localhost slapd[8515]: => bdb_search > >Jul 4 17:38:50 localhost slapd[8515]: > >bdb_dn2entry("dc=gicomm,dc=iberica,dc=esp") > >Jul 4 17:38:50 localhost slapd[8515]: search_candidates: > >base="dc=gicomm,dc=iberica,dc=esp" (0x00000001) scope=2 > >Jul 4 17:38:50 localhost slapd[8515]: => > >bdb_dn2idl( "dc=gicomm,dc=iberica,dc=esp" ) > >Jul 4 17:38:50 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:50 localhost slapd[8515]: => key_read > >Jul 4 17:38:50 localhost slapd[8515]: <= bdb_index_read: > >failed (-30990) > >Jul 4 17:38:50 localhost slapd[8515]: <= > >bdb_equality_candidates: id=0, > >first=0, last=0 > >Jul 4 17:38:50 localhost slapd[8515]: => bdb_equality_candidates (uid) > >Jul 4 17:38:50 localhost slapd[8515]: => key_read > >Jul 4 17:38:50 localhost slapd[8515]: <= bdb_index_read: > >failed (-30990) > >Jul 4 17:38:50 localhost slapd[8515]: <= > >bdb_equality_candidates: id=0, > >first=0, last=0 > >Jul 4 17:38:50 localhost slapd[8515]: bdb_search_candidates: > >id=0 first=1 > >last=0 > >Jul 4 17:38:50 localhost slapd[8515]: bdb_search: no candidates > >Jul 4 17:38:50 localhost slapd[8515]: send_ldap_result: > >conn=35 op=2 p=3 > >Jul 4 17:38:50 localhost slapd[8515]: send_ldap_response: > >msgid=3 tag=101 > >err=0 > >Jul 4 17:38:50 localhost smbd[8612]: [2005/07/04 17:38:50, 0] > >rpc_server/srv_netlog_nt.c:get_md4pw(244) > >Jul 4 17:38:50 localhost smbd[8612]: get_md4pw: Workstation > >DAVIDSZANTO$: > >no account in domain > >Jul 4 17:38:50 localhost slapd[8515]: connection_get(10): got > >connid=35 > >Jul 4 17:38:50 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=35 > >Jul 4 17:38:50 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=0 > >(Success) > >Jul 4 17:38:50 localhost slapd[8515]: connection_read(10): > >input error=-2 > >id=35, closing. > >Jul 4 17:38:50 localhost slapd[8515]: connection_closing: > >readying conn=35 > >sd=10 for close > >Jul 4 17:38:50 localhost slapd[8515]: connection_close: conn=35 sd=10 > >Jul 4 17:38:51 localhost slapd[8515]: connection_get(10): got > >connid=36 > >Jul 4 17:38:51 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=36 > >Jul 4 17:38:51 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:51 localhost slapd[8515]: do_bind > >Jul 4 17:38:51 localhost slapd[8515]: >>> dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: <<< dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp>, <cn=admin,dc=gicomm,dc=i > >berica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: do_bind: version=3 > >dn="cn=admin,dc=gicomm,dc=iberica,dc=esp" method=128 > >Jul 4 17:38:51 localhost slapd[8515]: do_bind: v3 bind: > >"cn=admin,dc=gicomm,dc=iberica,dc=esp" to "cn=admin,dc=gicomm,dc=i > >berica,dc=esp" > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_result: > >conn=36 op=0 p=3 > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_response: > >msgid=1 tag=97 > >err=0 > >Jul 4 17:38:51 localhost slapd[8515]: connection_get(10): got > >connid=36 > >Jul 4 17:38:51 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=36 > >Jul 4 17:38:51 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:51 localhost slapd[8515]: do_search > >Jul 4 17:38:51 localhost slapd[8515]: >>> dnPrettyNormal: <> > >Jul 4 17:38:51 localhost slapd[8515]: <<< dnPrettyNormal: <>, <> > >Jul 4 17:38:51 localhost slapd[8515]: => send_search_entry: dn="" > >Jul 4 17:38:51 localhost slapd[8515]: <= send_search_entry > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_result: > >conn=36 op=1 p=3 > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_response: > >msgid=2 tag=101 > >err=0 > >Jul 4 17:38:51 localhost slapd[8515]: connection_get(10): got > >connid=36 > >Jul 4 17:38:51 localhost slapd[8515]: connection_read(10): > >checking for input > >on id=36 > >Jul 4 17:38:51 localhost slapd[8515]: ber_get_next on fd 10 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:51 localhost slapd[8515]: do_search > >Jul 4 17:38:51 localhost slapd[8515]: >>> dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: <<< dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp>, <dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_search > >Jul 4 17:38:51 localhost slapd[8515]: > >bdb_dn2entry("dc=gicomm,dc=iberica,dc=esp") > >Jul 4 17:38:51 localhost slapd[8515]: search_candidates: > >base="dc=gicomm,dc=iberica,dc=esp" (0x00000001) scope=2 > >Jul 4 17:38:51 localhost slapd[8515]: => > >bdb_dn2idl( "dc=gicomm,dc=iberica,dc=esp" ) > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read: > >failed (-30990) > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=0, > >first=0, last=0 > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates (uid) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read 1 candidates > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=1, > >first=243, last=243 > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read 97 candidates > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=97, > >first=144, last=256 > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read 97 candidates > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=97, > >first=144, last=256 > >Jul 4 17:38:51 localhost slapd[8515]: bdb_search_candidates: > >id=1 first=243 > >last=243 > >Jul 4 17:38:51 localhost slapd[8515]: => send_search_entry: > >dn="uid=davidszanto,ou=Users,dc=gicomm,dc=iberica,dc=esp" > >Jul 4 17:38:51 localhost slapd[8515]: <= send_search_entry > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_result: > >conn=36 op=2 p=3 > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_response: > >msgid=3 tag=101 > >err=0 > >Jul 4 17:38:51 localhost smbd[8613]: nss_ldap: reconnecting > >to LDAP server... > >Jul 4 17:38:51 localhost slapd[8515]: connection_get(14): got > >connid=37 > >Jul 4 17:38:51 localhost slapd[8515]: connection_read(14): > >checking for input > >on id=37 > >Jul 4 17:38:51 localhost slapd[8515]: ber_get_next on fd 14 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:51 localhost slapd[8515]: do_bind > >Jul 4 17:38:51 localhost slapd[8515]: >>> dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: <<< dnPrettyNormal: > ><cn=admin,dc=gicomm,dc=iberica,dc=esp>, <cn=admin,dc=gicomm,dc=i > >berica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: do_bind: version=3 > >dn="cn=admin,dc=gicomm,dc=iberica,dc=esp" method=128 > >Jul 4 17:38:51 localhost slapd[8515]: do_bind: v3 bind: > >"cn=admin,dc=gicomm,dc=iberica,dc=esp" to "cn=admin,dc=gicomm,dc=i > >berica,dc=esp" > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_result: > >conn=37 op=0 p=3 > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_response: > >msgid=1 tag=97 > >err=0 > >Jul 4 17:38:51 localhost slapd[8515]: connection_get(14): got > >connid=37 > >Jul 4 17:38:51 localhost slapd[8515]: connection_read(14): > >checking for input > >on id=37 > >Jul 4 17:38:51 localhost slapd[8515]: ber_get_next on fd 14 > >failed errno=11 > >(Resource temporarily unavailable) > >Jul 4 17:38:51 localhost slapd[8515]: do_search > >Jul 4 17:38:51 localhost slapd[8515]: >>> dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: <<< dnPrettyNormal: > ><dc=gicomm,dc=iberica,dc=esp>, <dc=gicomm,dc=iberica,dc=esp> > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_search > >Jul 4 17:38:51 localhost slapd[8515]: > >bdb_dn2entry("dc=gicomm,dc=iberica,dc=esp") > >Jul 4 17:38:51 localhost slapd[8515]: search_candidates: > >base="dc=gicomm,dc=iberica,dc=esp" (0x00000001) scope=2 > >Jul 4 17:38:51 localhost slapd[8515]: => > >bdb_dn2idl( "dc=gicomm,dc=iberica,dc=esp" ) > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read: > >failed (-30990) > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=0, > >first=0, last=0 > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates > >(objectClass) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read 97 candidates > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=97, > >first=144, last=256 > >Jul 4 17:38:51 localhost slapd[8515]: => bdb_equality_candidates (uid) > >Jul 4 17:38:51 localhost slapd[8515]: => key_read > >Jul 4 17:38:51 localhost slapd[8515]: <= bdb_index_read 1 candidates > >Jul 4 17:38:51 localhost slapd[8515]: <= > >bdb_equality_candidates: id=1, > >first=243, last=243 > >Jul 4 17:38:51 localhost slapd[8515]: bdb_search_candidates: > >id=1 first=243 > >last=243 > >Jul 4 17:38:51 localhost slapd[8515]: => send_search_entry: > >dn="uid=davidszanto,ou=Users,dc=gicomm,dc=iberica,dc=esp" > >Jul 4 17:38:51 localhost slapd[8515]: <= send_search_entry > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_result: > >conn=37 op=1 p=3 > >Jul 4 17:38:51 localhost slapd[8515]: send_ldap_response: > >msgid=2 tag=101 > >err=0 > > > >.... and on and on repeating it self 2 more seconds ... > >--end------------------ > > > >I'm not much of an expert on LDAP, actually quite the > >opposite. I can't > >really tell if there's something really wrong here or not. > > My configuration files are the following: > > > >-- smb.conf ----------------- > >[global] > > > >netbios name = GICOMM > >workgroup = GICOMMNET > >server string = GICOMM (Servidor de Comunicaciones) > > > >passdb backend = ldapsam:ldap://127.0.0.1 > >username map = /et/samba/smbusers > >log file = /var/log/samba/%m.log > >max log size = 50 > >socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >smb ports = 139 > > > >preferred master = yes > >domain master = yes > >local master = yes > >domain logons = yes > >os level = 255 > >dns proxy = yes > >;wins support = Yes > >security = user > >encrypt passwords = yes > > > >ldap suffix = dc=gicomm,dc=iberica,dc=esp > >ldap machine suffix = ou=Computers > >ldap user suffix = ou=Users > >ldap group suffix = ou=Groups > >ldap idmap suffix = ou=Idmap > >ldap admin dn = cn=admin,dc=gicomm,dc=iberica,dc=esp > >ldap ssl = no > >ldap delete dn = no > >ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) > >ldap passwd sync = Yes > > > >add user script = /usr/sbin/smbldap-useradd -a -m -A 1 -D \"H:\" -E > >\"%u.bat\" "%u" > >delete user script = /usr/sbin/smbldap-userdel "%u" > >add machine script = /usr/sbin/smbldap-useradd -w "%u" > >add group script = /usr/sbin/smbldap-groupadd -p "%g" > >delete group script = /usr/sbin/smbldap-groupdel "%g" > >add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > >delete user from group script = /usr/sbin/smbldap-usermod -x "%u" "%g" > >set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > >template home dir = /etc/skel > >template shell = /bin/sh > >username map = /etc/samba/users.map > > > >logon script = logon.bat > >logon drive = H: > >hide dot files = yes > > > >[homes] > >... > >--end---------------------- > > > >And my slapd.conf file: > >--slapd.conf--------------------------- > >allow bind_v2 > > > >include /etc/ldap/schema/core.schema > >include /etc/ldap/schema/cosine.schema > >include /etc/ldap/schema/nis.schema > >include /etc/ldap/schema/inetorgperson.schema > >include /etc/ldap/schema/samba.schema > > > >schemacheck on > >pidfile /var/run/slapd/slapd.pid > >argsfile /var/run/slapd.args > >loglevel 1 > > > >modulepath /usr/lib/ldap > >moduleload back_bdb > > > >backend bdb > >checkpoint 512 30 > > > >database bdb > > > >suffix "dc=gicomm,dc=iberica,dc=esp" > >rootdn "cn=admin,dc=gicomm,dc=iberica,dc=esp" > >rootpw im_not_telling :-D > > > >directory "/var/lib/ldap" > > > >index objectClass eq > >index uid,cn,sn,givenname,mail eq,sub > >index uidNumber eq > >index gidNumber eq > >index memberUid eq > >index sambaSID eq > >index sambaPrimaryGroupSID eq > >index sambaDomainName eq > >index default sub > > > >lastmod on > > > >access to * > > by dn="cn=admin,dc=gicomm,dc=iberica,dc=esp" write > > by dn="uid=root,ou=Users,dc=gicomm,dc=iberica,dc=esp" write > > by self write > > by * read > > > >--end---------------- > > > >As you can see, my slapd.conf ACL is not very restrictive. > > > >I've checked other posts and tested accordinglly, but I stil > >can't join nor > >from a linux workstation nor a W2K workstation. > > > >Well, that's basicly it. > >I'd appreciate any help. > >Thanx!! > >David > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
