> Tony Austin wrote: > >>I cannot join my WinXP workstation computers to the Samba domain. Using the Computer Name / Change on the XP computer gives me an error saying that the username or password is incorrect - except very occasionally >> when >>it works although I do nothing different! >>I have noticed that on when it works there is a machine record set up in LDAP with Samba data as follows:- >>dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk >>uid: leem-q4hw$ >>sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090 >>sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107 displayName: leem-q4hw$ >>objectClass: sambaSamAccount >>objectClass: account >>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk >>createTimestamp: 20051109143944Z >>sambaPwdCanChange: 1131547184 >>sambaPwdMustChange: 2147483647 >>sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B >>sambaPwdLastSet: 1131547184 >>sambaAcctFlags: [W ] >>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk >>modifyTimestamp: 20051109143944Z >>But the rest of the time, when it doesn't work, I get an LDAP entry without any Samba data like this:- >>dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk >>objectClass: top >>objectClass: inetOrgPerson >>objectClass: posixAccount >>cn: commaint-df398$ >>sn: commaint-df398$ >>uid: commaint-df398$ >>uidNumber: 1046 >>gidNumber: 553 >>homeDirectory: /dev/null >>loginShell: /bin/false >>description: Computer >>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk >>createTimestamp: 20051116130633Z >>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk >>modifyTimestamp: 20051116130633Z >>I have experimented with various combinations of >>root# ./smbldap-useradd -a -w compname$ >>to see if I can get the record set up with the Samba data, but no luck. I now have 2 servers both of which show the same symptom. >>Tony > Hi Tony, > > Recently I have come across your problem though i have a > similar setup running on different server for a different domain. There are two things that I have observed causing this problem: > > 1) When the smb & nmb server is restarted too many times teh > database is getting corrupted. So, I have deleted the samba files frm the /var/spool/samba before restarting the service and added the administrator (root in my case) again. > 2) For a weird reason the administrator is not added to the > smb backend database. > > I am using the OpenLDAP backend, and so the password must be added to the secrets.tdb using smbpasswd -w yourpassword (must be ldap binddn password). Also, check the log.smbd and log.<your client computer name>, that helps a lot in narrowing the problem. > > cheers, > pavan. > > > -- > Pavan Krishna L
I checked these points, but I don't think it is the cause of the problem in my case. I start by making sure the machine record does not exist in LDAP:- [EMAIL PROTECTED] sbin]# ./smbldap-usershow.pl winxp$ ./smbldap-usershow.pl: user winxp$ doesn't exist I then use the Wizard on machine winxp, entering Administrator as the username and giving the correct password Windows responds "unknown username or bad password" and /var/log/samba/winxp shows:- [2005/11/22 13:36:02, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516) ldapsam_modify_entry: Failed to add user dn= uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com with: Already exists [2005/11/22 13:36:02, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1948) ldapsam_add_sam_account: failed to modify/add user with uid = winxp$ (dn = uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com) [2005/11/22 13:36:02, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer winxp$ to passdb. Check permissions? and an entry is added to LDAP:- [EMAIL PROTECTED] sbin]# ./smbldap-usershow.pl winxp$ dn: uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com objectClass: top,inetOrgPerson,posixAccount cn: winxp$ sn: winxp$ uid: winxp$ uidNumber: 1001 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer Using the Change Name button in Windows gives exactly the same results. Both Windows and Samba seem to be complaining about permissions. Where should I be looking? Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
