Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP

[Robert Schetterer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Horst B. Simon schrieb:
| On Aug 12, 2005 07:36 AM, Robert Schetterer <[EMAIL PROTECTED]>
| wrote:
|
|
| Horst B. Simon schrieb:
| | On Aug 11, 2005 10:35 AM, Geoffrey Scott <[EMAIL PROTECTED]>
| wrote:
| |
| |
| |>Horst B. Simon wrote:
| |>
| |>>Hi All,
| |>>
| |>>I have OX with Samba 3 and Ldap working fine, except that
| workstation
| |>>can not join the domain. When I try to join the domain I get
| |>>following error message: The following error occurred attempting to
| |>>join the domain. Can not find user name in Domain. But the user is
| |>>there and it creates the computer in ou=computers in ldap. All users
| |>>have no problems accessing the samba shares and using OX. Anyone in
| |>>this group has successful joined a computer into ldap with OX and
| |>>Samba3?
| |>>
| |>>Regards,
| |>>Horst
| |>
| |>Horst,
| |>Is the user either root account in LDAP or been given sepriveledges
| |>as per chapter 5 of JHT example book? Does your smb.conf point to the
| |>correct part of ldap for your users? Have nss and pam been configured
| |>pointing correctly to where to the users are? Is the user that you
| are
| |>trying actually in that part of LDAP? Eg. You aren't trying to use:
| |>
| |>cn=Manager,dc=hsimon,dc=com,dc=au
| |>
| |>When your users are in :
| |>
| |>ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au
| |>
| |>Are you?
| |>
| |>Cheers Geoff
| |>
| |
| | Hi Geoff,
| |
| | I am not near the box now, I think you are on the right track. I will
| | post tonight the relevant parts of my ldap.conf and smb.conf. Yes my
| | binddn is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in
| | ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root
| | user and I set up a administrator according
| | to the information in the IDEALX document.
| |
| | Cheers,
| | Horst
| |
| |
| i had problems too with suse 9.3 too with ldap samba pdc, at last i
| could fix it an now it works but only with the idealx tool versions
| included in the samba sources , the newer directly downloaded ( from
| idealx )higher versions did not work.
| I was never able to find out the exact problems ( but i think it was
| some kind of perl trouble ) never had this probs before suse versions
| lower than 9.3
| for more analysis what might gets you into trouble, look in your smb
| logs
| Regards
|
| --
| Mit freundlichen Gruessen
| Best Regards
| Robert Schetterer
|
| robert_at_schetterer.org
| Munich / Bavaria / Germany
| https://www.schetterer.org
|
| **********************************
| * gnupgp
| * public key:
| * https://www.schetterer.org/public.key
| **********************************

| Following are the lines from the clients samba log file. I don't know
| what to look for, does anyone with more samba knowledge see where it is
| going wrong?

| Thanks and Regards,
| Horst

| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219)
| check_ntlm_password: Checking password for unmapped user
| [EMAIL PROTECTED] with the new password interface
| [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222)
| check_ntlm_password: mapped user is:
| [EMAIL PROTECTED]
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692)
| smbldap_open_connection: connection opened
| [2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866)
| ldap_connect_system: succesful connection to the LDAP server
| ldap_connect_system: LDAP server does support paged results
| [2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
| init_sam_from_ldap: Entry found for user: root
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-500]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-2] pop_sec_ctx (0,
| 0)
| - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-500]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-2]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-11]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-1001]
| [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
| check_ntlm_password: sam authentication for user [root] succeeded
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
| check_ntlm_password: authentication for user [root] -> [root] -> [root]
| succeeded
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
| NTLMSSP Sign/Seal - Initialising with flags:
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
| Got NTLMSSP neg_flags=0x60088215
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
| User name: root Real name: root
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
| UNIX uid 0 is UNIX user root, and will be vuid 100
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
| Adding homes service for user 'root' using home directory: '/root'
| [2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
| adding home's share [root] for user 'root' at '/root'
| [2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
| Transaction 3 of length 84
| [2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
| switch message SMBtconX (pid 7053) conn 0x0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-11]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| pop_sec_ctx (0,
| 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-500]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-2]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID [S-1-5-11]
| [2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-1001]
| [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
| check_ntlm_password: sam authentication for user [root] succeeded
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
| check_ntlm_password: authentication for user [root] -> [root] -> [root]
| succeeded
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
| NTLMSSP Sign/Seal - Initialising with flags:
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
| Got NTLMSSP neg_flags=0x60088215
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
| User name: root Real name: root
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
| UNIX uid 0 is UNIX user root, and will be vuid 100
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
| Adding homes service for user 'root' using home directory: '/root'
| [2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
| adding home's share [root] for user 'root' at '/root'
| [2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
| Transaction 3 of length 84
| [2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
| switch message SMBtconX (pid 7053) conn 0x0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

| get_privileges: No privileges assigned to SID
| [S-1-5-21-2848152307-2665265979-542469840-1001]
| [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
| check_ntlm_password: sam authentication for user [root] succeeded
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
| check_ntlm_password: authentication for user [root] -> [root] -> [root]
| succeeded
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
| NTLMSSP Sign/Seal - Initialising with flags:
| [2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
| Got NTLMSSP neg_flags=0x60088215
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
| User name: root Real name: root
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
| UNIX uid 0 is UNIX user root, and will be vuid 100
| [2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
| Adding homes service for user 'root' using home directory: '/root'
| [2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
| adding home's share [root] for user 'root' at '/root'
| [2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
| Transaction 3 of length 84
| [2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
| switch message SMBtconX (pid 7053) conn 0x0
| [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

i use to create an Administrator account or a user account in the domain
admin group
and use this for administration with usmgr.
have you tried this?
i am not clear with your ou=OxObjects


- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**********************************
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**********************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC/G6Xb0iqzJq+0MgRAsu0AJ0YGY/V4+WmJ9ppG/gAv+MpMq15DQCeKiy0
imVW4CaW29jqGaUTrMJS3GY=
=/clP
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba