Matt Ingram escreveu:
anyone ?
Matt Ingram wrote:
I just migrated my SMB pdc to a new server (was running 3.0.21c, now
3.0.22). Some things seems to be ok. net rpc list; net rpc testjoin
seem to work. But if I attempt to join a windows system to the domain
I get "The following error occured while attempting to join to domain
"DOMAINNAME": The user name could not be found". The machine name
is getting loaded into ldap.
LDAP seems to be fine, getent passwd/group returns all the ldap
users; net groupmap list returns all the groups. I can shell in with
ldap accounts/
I copied the old server's /etc/samba to the new server and I set the
new servers SID to be that of the old server.
Also, I have a logon script on my BDC and my PDC. The BDC script
runs on the client boot up, but the PDC one isn't running.
Any ideas?
Which user are you using?
If root, ok, if you are using another user, have you sure that it has
privileges to do that?
Privileges are stored in account_policy.tdb (that you haven't copied).
Did you added the ldap admin password to samba again? smbpasswd -w
ldappassword?
The secrets.tdb file holds that (that you haven't copied).
About the login script, did you copied the contents of the netlogon
share and changed the permissions properly (to everyone be able to read it)?
SMB.CONF
[global]
workgroup = DOMAINNAME
netbios name = HOME
server string = HOME
passdb backend = ldapsam:ldap://ldap.domain
username map = /etc/samba/smbusers
printcap name = cups
enable privileges = Yes
log level = 2
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m
'%u' '%g'
delete user from group script =
/usr/local/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g
'%g' '%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
# logon path = \\%L\Profiles\%U
logon path =
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server = 172.30.30.25
ldap suffix = ou=Accounts,dc=company,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Posix,ou=Groups
ldap idmap suffix = ou=idmap
ldap admin dn = cn=Manager,dc=company,dc=com
ldap ssl = no
ldap passwd sync = No
# idmap uid = 15000-20000
# idmap gid = 15000-20000
printing = cups
map acl inherit = Yes
here's my log.smbd when I tried to add the computer:
[2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2006/06/23 11:28:27, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
init_group_from_ldap: Entry found for group: 512
[2006/06/23 11:28:27, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [Administrator] ->
[root] -> [root] succeeded
[2006/06/23 11:28:28, 2] smbd/server.c:exit_server(614)
Closing connections
[2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2006/06/23 11:28:28, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: root
[2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
init_group_from_ldap: Entry found for group: 512
[2006/06/23 11:28:28, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [Administrator] ->
[root] -> [root] succeeded
[2006/06/23 11:28:29, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
Returning domain sid for domain DOMAINNAME ->
S-1-5-21-3186883984-1813041273-1898769360
[2006/06/23 11:28:30, 2] smbd/server.c:exit_server(614)
Closing connections
thanks in advance.
Putting a "log file = /var/log/samba/log.%m" will log per machine.
You should see something like this with a log level = 3:
[2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"testmachine$"' gave 0
...
[2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832)
ldapsam_add_sam_account: User exists without samba attributes: adding them
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
init_ldap_from_sam: Setting entry for user: testmachine$
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942)
ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database
...
It will shows the script beeing executed (it will add the POSIX account
only), the errorlevel that it gaves (0 = no errors).
And samba adding the rest of the attributes.
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
