Hi, I have been trying different approaches to get it working and apparently I do need nss installed to get it working (which I have not found as mandatory in many tutorials). Once I installed nss-ldap and configured it still failed, but then I removed the line "ldapsam:trusted = yes" and the machines started to join the domain correctly.
Summing up, I needed nss-ldap and I did not need "ldapsam:trusted = yes". Now I am trying to get the whole thing working with "ldapsam:trusted = yes" uncommented. Thank you all very much for your help. I expect to be able to help others solve the problems I have had. Edmundo Valle Neto wrote: > > mikelOn escreveu: >> The last few lines of the "pdbedit -v root" command show the following: >> >> >> pm_process() returned Yes >> smbldap_search_domain_info: Searching >> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))] >> smbldap_open_connection: connection opened >> ldap_connect_system: succesful connection to the LDAP server >> The LDAP server is succesfully connected >> smbldap_search_domain_info: Searching >> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))] >> smbldap_open_connection: connection opened >> ldap_connect_system: succesful connection to the LDAP server >> The LDAP server is succesfully connected >> init_sam_from_ldap: Entry found for user: root >> Unix username: root >> NT username: root >> Account Flags: [U ] >> User SID: S-1-5-21-325600022-3777026502-3741709481-500 >> ldapsam_getgroup: Did not find group >> Primary Group SID: S-1-5-21-325600022-3777026502-3741709481-513 >> Full Name: root >> Home Directory: \\SAMBA\root >> HomeDir Drive: H: >> Logon Script: LOGON.BAT >> Profile Path: \\SAMBA\profiles\root >> Domain: EREMU >> Account desc: >> Workstations: >> Munged dial: >> Logon time: 0 >> Logoff time: mar, 19 ene 2038 04:14:07 CET >> Kickoff time: mar, 19 ene 2038 04:14:07 CET >> Password last set: mié, 27 jun 2007 20:35:52 CEST >> Password can change: 0 >> Password must change: sáb, 11 ago 2007 20:35:52 CEST >> Last bad password : 0 >> Bad password count : 0 >> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> >> >> As you can see, the same error shows up: GROUP NOT FOUND >> >> Do you know why? >> >> Thanks >> >> >> Edmundo Valle Neto wrote: >> >>> mikelOn escreveu: >>> >>>> I have added the parameter "ldapsam:trusted = yes" and now the samba >>>> error >>>> has changed to NT_STATUS_UNSUCCESSFUL. The logs say the following: >>>> >>>> >>>> [2007/06/27 22:41:11, 4] auth/auth_sam.c:sam_account_ok(138) >>>> sam_account_ok: Checking SMB password for user root >>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:push_sec_ctx(208) >>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >>>> [2007/06/27 22:41:11, 3] smbd/uid.c:push_conn_ctx(353) >>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) >>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >>>> [2007/06/27 22:41:11, 3] >>>> passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2663) >>>> primary group of [root] not found >>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339) >>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >>>> [2007/06/27 22:41:11, 0] auth/auth_sam.c:check_sam_security(352) >>>> check_sam_security: make_server_info_sam() failed with >>>> 'NT_STATUS_UNSUCCESSFUL' >>>> [2007/06/27 22:41:11, 3] auth/auth_winbind.c:check_winbind_security(80) >>>> check_winbind_security: Not using winbind, requested domain [eremu] >>>> was >>>> for this SAM. >>>> [2007/06/27 22:41:11, 2] auth/auth.c:check_ntlm_password(319) >>>> check_ntlm_password: Authentication for user [root] -> [root] FAILED >>>> with >>>> error NT_STATUS_UNSUCCESSFUL >>>> [2007/06/27 22:41:11, 3] smbd/error.c:error_packet(146) >>>> error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) >>>> NT_STATUS_UNSUCCESSFUL >>>> [2007/06/27 22:41:11, 3] smbd/process.c:timeout_processing(1359) >>>> timeout_processing: End of file from client (client has >>>> disconnected). >>>> [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) >>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >>>> [2007/06/27 22:41:11, 3] smbd/connection.c:yield_connection(69) >>>> Yielding connection to >>>> [2007/06/27 22:41:11, 3] smbd/server.c:exit_server_common(675) >>>> Server exit (normal exit) >>>> >>>> >>>> Do you see anything familiar here? >>>> Thanks >>>> >>>> >>> What "pdbedit -v root" shows? >>> >>> Regards. >>> >>> Edmundo Valle Net > > Whats the output of: > > net groupmap list > smbldap-usershow root > smbldap-groupshow "Domain Admins" > > ? > > ps: Im not interested in your password hashes :) > > You said that root belongs to Domain Admins group, but the RID 513 is > the known RID of the Domin Users group. > > > Regards. > > Edmundo Valle Neto > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11356183 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
