Apologies for the nast of the accompanied text, but I thought it best to include everying from the ldap log in relation to a request to join a domain. It all looks fine to me, except for the text= string never being populated, but please let me know if you can find anything of if that is a problem. The idmap suffix did not resolve the issue. I do not need to set this account up locally, right?
thanks, Dan Feb 28 12:20:53 auth slapd[6527]: conn=636 fd=40 ACCEPT from IP=128.174.124.12:54545 (IP=0.0.0.0:389) Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 BIND dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" method=128 Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 BIND dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" mech=SIMPLE ssf=0 Feb 28 12:20:53 auth slapd[6527]: conn=636 op=0 RESULT tag=97 err=0 text= Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(uid=administrator)(objectClass=sambaSamAccount))" Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Feb 28 12:20:53 auth slapd[6527]: conn=636 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:53 auth slapd[6527]: conn=637 fd=41 ACCEPT from IP=128.174.124.12:54546 (IP=0.0.0.0:389) Feb 28 12:20:53 auth slapd[6527]: conn=637 op=0 BIND dn="" method=128 Feb 28 12:20:53 auth slapd[6527]: conn=637 op=0 RESULT tag=97 err=0 text= Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:53 auth slapd[6527]: conn=637 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:54 auth slapd[6527]: conn=637 op=2 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:54 auth slapd[6527]: conn=637 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=igb,dc=uiuc,dc=edu)))" Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SRCH attr=gidNumber Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates: (memberUid) index_param failed (18) Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) Feb 28 12:20:54 auth slapd[6527]: conn=637 op=3 SEARCH RESULT tag=101 err=0 nentries=2 text= Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixGroup)(uniqueMember=cn=domain admins,ou=group,dc=igb,dc=uiuc,dc=edu))" Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SRCH attr=gidNumber Feb 28 12:20:54 auth slapd[6527]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) Feb 28 12:20:54 auth slapd[6527]: conn=637 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SRCH base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Feb 28 12:20:54 auth slapd[6527]: conn=636 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SRCH base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))" Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Feb 28 12:20:54 auth slapd[6527]: conn=636 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:54 auth slapd[6527]: conn=637 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=administrator))" Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:54 auth slapd[6527]: conn=637 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:54 auth slapd[6527]: conn=636 fd=40 closed Feb 28 12:20:54 auth slapd[6527]: conn=637 fd=41 closed Feb 28 12:20:55 auth slapd[6527]: conn=638 fd=28 ACCEPT from IP=128.174.124.12:54547 (IP=0.0.0.0:389) Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 BIND dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" method=128 Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 BIND dn="cn=ldapadmin,dc=igb,dc=uiuc,dc=edu" mech=SIMPLE ssf=0 Feb 28 12:20:55 auth slapd[6527]: conn=638 op=0 RESULT tag=97 err=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(uid=administrator)(objectClass=sambaSamAccount))" Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Feb 28 12:20:55 auth slapd[6527]: conn=638 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 fd=40 ACCEPT from IP=128.174.124.12:54548 (IP=0.0.0.0:389) Feb 28 12:20:55 auth slapd[6527]: conn=639 op=0 BIND dn="" method=128 Feb 28 12:20:55 auth slapd[6527]: conn=639 op=0 RESULT tag=97 err=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:55 auth slapd[6527]: conn=639 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=2 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=people,dc=igb,dc=uiuc,dc=edu)))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SRCH attr=gidNumber Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates: (memberUid) index_param failed (18) Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) Feb 28 12:20:55 auth slapd[6527]: conn=639 op=3 SEARCH RESULT tag=101 err=0 nentries=2 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixGroup)(uniqueMember=cn=domain admins,ou=group,dc=igb,dc=uiuc,dc=edu))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SRCH attr=gidNumber Feb 28 12:20:55 auth slapd[6527]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) Feb 28 12:20:55 auth slapd[6527]: conn=639 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SRCH base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Feb 28 12:20:55 auth slapd[6527]: conn=638 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SRCH base="ou=group,dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=512))" Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Feb 28 12:20:55 auth slapd[6527]: conn=638 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=Administrator))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:55 auth slapd[6527]: conn=639 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=administrator))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:55 auth slapd[6527]: conn=639 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(uid=sammy $)(objectClass=sambaSamAccount))" Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Feb 28 12:20:55 auth slapd[6527]: conn=638 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=sammy$))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:55 auth slapd[6527]: conn=639 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=SAMMY$))" Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:55 auth slapd[6527]: conn=639 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=sammy$))" Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:56 auth slapd[6527]: conn=639 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SRCH base="dc=igb,dc=uiuc,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=SAMMY$))" Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 28 12:20:56 auth slapd[6527]: conn=639 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text= On Wed, 2007-02-28 at 17:35 +0000, Andrew Watkins wrote: > Daniel, > > Try adding "ldap idmap suffix = ou=People" > > Since I noticed that "ldap user suffix" and "ldap group suffix" do not > seem to be used. > > Also, check you LDAP log files to see if you can spot the samba search > string! > > Andrew > > > This is really getting frustrating. The exact message when joining the > > domain is "user name could not be found", however I have the > > Administrator account set up with the proper data. And i have tried > > administrator with and without the A in caps. I can take this username, > > log into the server, and the files I create show up as owned by root. > > > > # Administrator, People, igb.uiuc.edu > > dn: uid=Administrator,ou=People,dc=igb,dc=uiuc,dc=edu > > uid: Administrator > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: shadowAccount > > objectClass: sambaSamAccount > > cn: Administrator > > sn: Administrator > > mail: [EMAIL PROTECTED] > > loginShell: /bin/bash > > homeDirectory: /home/a-m/Administrator > > gecos: Administrator > > sambaSID: S-1-5-21-3679620730-2824407525-958489067-500 > > sambaPrimaryGroupSID: S-1-5-21-3679620730-2824407525-958489067-512 > > sambaAcctFlags: UX > > gidNumber: 0 > > uidNumber: 0 > > sambaLMPassword: somethingremoved > > sambaNTPassword: somethingremoved > > > > My Sid matches up: > > > > [EMAIL PROTECTED] samba]# net getlocalsid > > SID for domain IGB-FILE-SERVER is: > > S-1-5-21-3679620730-2824407525-958489067 > > > > The server should be the master browser: > > > > ***** > > [2007/02/28 10:20:43, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282) > > become_domain_master_browser_bcast: > > Attempting to become domain master browser on workgroup IGB on subnet > > 128.174.124.12 > > [2007/02/28 10:20:43, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295) > > become_domain_master_browser_bcast: querying subnet 128.174.124.12 for > > domain master browser on workgroup IGB > > [2007/02/28 10:20:47, 0] > > nmbd/nmbd_logonnames.c:become_logon_server_success(124) > > become_logon_server_success: Samba is now a logon server for workgroup > > IGB on subnet 128.174.124.12 > > [2007/02/28 10:20:51, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) > > ***** > > > > Samba server IGB-FILE-SERVER is now a domain master browser for > > workgroup IGB on subnet 128.174.124.12 > > > > ***** > > > > > > If I look at the log for doing the add, it appears as if this might be > > where the error is if I look at the tail end of the smb log for the > > client trying to add with a loglevel of 5: > > > > > > [2007/02/28 10:31:12, 5] auth/auth_util.c:debug_unix_user_token(505) > > UNIX token of user 0 > > Primary group is 0 and contains 0 supplementary groups > > [2007/02/28 10:31:12, 5] smbd/uid.c:change_to_root_user(296) > > change_to_root_user: now uid=(0,0) gid=(0,0) > > [2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) > > wct=12 flg2=0xc807 > > [2007/02/28 10:31:12, 2] smbd/sesssetup.c:setup_new_vc_session(608) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > > all old resources. > > [2007/02/28 10:31:12, 3] > > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) > > Doing spnego session setup > > [2007/02/28 10:31:12, 3] > > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) > > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 > > 5.1] PrimaryDomain=[] > > [2007/02/28 10:31:12, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) > > Got user=[administrator] domain=[igb] workstation=[SAMMY] len1=24 > > len2=24 > > [2007/02/28 10:31:12, 5] > > auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) > > auth_context challenge set by NTLMSSP callback (NTLM2) > > [2007/02/28 10:31:12, 5] > > auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) > > challenge is: > > [2007/02/28 10:31:12, 5] lib/util.c:dump_data(1999) > > [000] 81 8F 46 13 26 F9 07 3E ..F.&..> > > > > > > For info, my globals from smb.conf are > > > > > > [global] > > workgroup = igb > > netbios name = IGB-FILE-SERVER > > server string = Samba Server > > passdb backend = ldapsam:ldap://auth.igb.uiuc.edu > > log file = /var/log/samba/%m.log > > max log size = 50 > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > domain logons = Yes > > dns proxy = No > > wins support = Yes > > ldap admin dn = cn=someonespecial,dc=igb,dc=uiuc,dc=edu > > ldap group suffix = ou=group > > ldap suffix = dc=igb,dc=uiuc,dc=edu > > ldap ssl = on > > ldap user suffix = ou=People > > ldap machine suffix = ou=computer > > cups options = raw > > log level = 10 > > > > add machine script > > = /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd.pl -w > > preferred master = Yes > > domain master = Yes > > os level = 65 > > password server = None > > idmap uid = 1000-33554431 > > idmap gid = 1000-33554431 > > template shell = /bin/false > > username map = /etc/samba/smbusers > > winbind use default domain = no > > > > > > Any help still very much appreciated, > > > > Dan > > > > On Tue, 2007-02-27 at 12:57 -0600, Daniel Davidson wrote: > >> I have found a fixed my previous problems (two typos that were hard to > >> find) and now the smbldap-tools all work as expected if I run them as > >> root. However when I try to join a domain from a windows machine, the > >> scripts never run and get an "Access is denied message". Since I am > >> using 0.10 I do not think I can use net rpc rights, so do I need to add > >> that into ldap manually? Or do I have to use a specific user other than > >> just someone in domain admins? > >> > >> thanks, > >> > >> Dan > >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
