RE: [Samba] Re: domain join - no sambaSamAccount created
Let's hope so... :) if you didn't work it out yet send your smb.conf and attach add machine script too, I can test it on this system. Maybe that will give us some answers. Please do a 'reply to all' since I am not in the list. Cheers! Bjorn -Original Message- From: samba-request [mailto:[EMAIL PROTECTED] Sent: vrijdag 5 september 2003 17:27 To: samba Cc: udettmer Subject: [Samba] Re: domain join - no sambaSamAccount created Hi, thanks for your quick answer, Bjorn ! - first make a machine-account _ONLY_ in PosixAccount. Yes, I used /usr/bin/cpu useradd machine$ -d /dev/null -f /etc/samba/scripts/machadd.cfg -F machine$ -L machine$ -g 511 -p xxx to create a valid Unix user ( User object with posixAccount auxilliary class extended ). Samba still does not add it's sambaSamAccount class if I create the machine account this way. However, smbpasswd -amn works and I can join the Windows box to the domain if I run both commands manually. - then try to run the wizard from XP with a (or better to be sure, THE) root account. Sorry, I forget to mention it - I am already using the root account for this. You need to have add machine script configed for this ofcourse. My problem seems to be, that *only* the add machine script script is running, but Samba forgets to do it's own job ( adding the sambaSamAccount aux. class to the user object ). I had the same problem adding clients to the domain... but when I tried this procedure, it worked 4 me. Hopefully I will get this far soon, too ;-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] domain join - no sambaSamAccount created
Did you try to: - first make a machine-account _ONLY_ in PosixAccount. - then try to run the wizard from XP with a (or better to be sure, THE) root account. You need to have add machine script configed for this ofcourse. I had the same problem adding clients to the domain... but when I tried this procedure, it worked 4 me. (Reply to all for direct comments, only receive digests) Kind regards, Bjorn -Original Message- From: samba-request [mailto:[EMAIL PROTECTED] Sent: vrijdag 5 september 2003 11:10 To: samba Cc: udettmer Subject: [Samba] domain join - no sambaSamAccount created Hi, we are using Samba 3 ( CVS checkout from 09/01 ) on a SuSE 8.2 box with all patches applied. The passdb backend is LDAP / eDirectory 8.7 on another machine. The Samba box is supposed to work as a stand alone domain controller, so I am testing to join a client machine to it's domain. This is my add machine script: /usr/bin/cpu useradd %u -d /dev/null -f /etc/samba/scripts/machadd.cfg -F %u -L %u -g 511 -p xxx I've manually tested this script and it's reliably creating a functional user with the necessary posixAccount class attached. When I do a smbpasswd -amn on that user object it becomes a Samba machine account just as it should. But when I run the Network ID-Wizard from the Windows XP client I get a bad username or password message when Windows is at the point of actually requesting the machine account on the DC. Strangely, the correct posixAccount is indeed being created - Samba simply forgets to add the SambaSamAccount after the script ran. This is also what the LDAP log tells me: There are no errors at all, but the LDAP traffic still stops right after the posixAccount user is added. I've also got a level 3 Samba log for the client machine. It doesn't tell me much more, but it can be mailed on request. Thanks for any help ! Ulf Dettmer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: PDC + LDAP + W2K-SP4 Domain logon
Thanks for you reply dkrnic... Anyway... I found the problem. (but NO SOLUTION!!) Just to summarize... I had a win2k sp2 machine at home and win2k sp4 machines on my work. I was unable to login my samba-pdc (v3 rc2) with the workstations @ work, but I was able to connect from my win2k sp2 machine at home through a VPN connection. I now took that machine (w2k sp2 -machine from home) to my office to test if it would also work on the network instead of a vpn connection. and... it didn't, it gave the same error as the other machines. In tcpdump I saw the DNS query from _ldap._tcp.dc._msdcs.MYDOMAIN. This annoyed me, because my workstation from home on VPN didn't do this. Then I came up with the plan to disable my DNS-server in my network-settings on my w2k-machines. Then I tried to log on to the domain and voila... it worked. When I enable the DNS-server again in my configuration I can't login to the domain anymore. I read some things about Native and Mixed -mode w2k's. I believe this is the whole problem. W2k's are in Native mode looking for Active Directory and Samba obviously... not... since it can't. Anybody knows how I can change this behaviour of w2k towards my PDC? Thanks! Bjorn -Original Message- From: dkrnic [mailto:[EMAIL PROTECTED] Sent: dinsdag 26 augustus 2003 16:57 To: Bjorn H. Padding Cc: samba Subject: PDC + LDAP + W2K-SP4 Domain logon Thanks for your reply, but I am _SURE_ that it's nothing to do with my configuration, but with the Windows-2000 SP3. I'm not so sure. Don't blame M$ too soon. Your use of LDAP or how you use it may be the problem. Since this Services Pack, Windows 2000 looks for an active directory. Again, I tried from 2 machines now with Windows 2000 SP2 and everything works just fine. As soon as I apply Service Pack 3, the error: I'm not sure it does, probably not. Do other posters complain about PDC+LDAP+W2K-SP3-4? You can't be the 1st one with the problem. I don't use LDAP. SPs never affected my clients, 2, 3, 4. The only way I know how to solve it now is to reinstall all my workstations with a clean win2k install and stop upgrading till service pack 2, but ofcourse I do not really prefer this... Better analyze the login transactions for both SPs in a higher level log to be a bit more sure what is going on. Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: PDC + LDAP + W2K-SP4 Domain logon
bjorn.padding at ifsaudiovisueel.nl wrote: This is strange that it worked for you, because testparm tells me that if you use wins support = yes wins server = wins server IP at the same time, then smbd would not start. Anyway, I tried and it doesn't work... nono you need to read what i said: changing WINS support = yes to WINS server = 'ip address', i got the domain thing to work. I kept getting the same error you did. i said 'changing', you cant have both WINS support (this makes Samba THE WINS server) and WINS server (this delegates the WINS support elsewhere). Yeah, but that is not the situation, because my Samba PDC _is my WINS-server. Thanks for your reply, but I am _SURE_ that it's nothing to do with my configuration, but with the Windows-2000 SP3. Since this Services Pack, Windows 2000 looks for an active directory. Again, I tried from 2 machines now with Windows 2000 SP2 and everything works just fine. As soon as I apply Service Pack 3, the error: snip The following error ocurred validating the name IFS. This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please see the following Microsoft web site: http://go.microsoft.com/fwlink/?LinkId=5171 The specified domain either does not exist or could not be contacted. [ OK ] /snip And I get the queries for _tcp._ldap.dc._msdcs.IFS. on bind log. So clearly Microsoft is pushing their Active Directory on the market... (Good marketing skills those guys, really Microsoft style) The only way I know how to solve it now is to reinstall all my workstations with a clean win2k install and stop upgrading till service pack 2, but ofcourse I do not really prefer this... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC + LDAP + W2K-SP4 Domain logon
-2 admin users = adminisrtator [homes] comment = Home Directory read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/services/samba/netlogon guest ok = Yes share modes = No [Profiles] path = /home/services/samba/profiles guest ok = Yes browseable = No [data] comment = IFS's shared files path = /home/ifs/data read only = No force create mode = 0771 force directory mode = 0775 /snip _ I also tried to install the older version again (samba 2.x.stable (standard debian-package) without LDAP and with smbpasswd file), but no luck... I am completely out of ideas and believe I tried everything possible Hope someone can explain me this mystical behaviour all of a sudden... Kind Regards, Bjorn Padding IFS Audio Visuals -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: PDC + LDAP + W2K-SP4 Domain logon
= 10.21.32.1 passdb backend = ldapsam:ldap://10.21.32.1 unix password sync = No client lanman auth = No client plaintext auth = No log level = 4 syslog = 10 log file = /var/log/samba/%m name resolve order = bcast wins hosts time server = Yes keepalive = 255 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No printcap name = cups logon drive = z: logon home = \\%L\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap suffix = o=ifs,c=nl ldap machine suffix = sambaDomainName=IFS,ou=Server Services,o=ifs,c=nl ldap user suffix = ou=People,o=ifs,c=nl ldap group suffix = ou=People Groups,o=ifs,c=nl ldap idmap suffix = o=ifs,c=nl ldap admin dn = cn=root,o=ifs,c=nl remote announce = 10.21.32.255/IFS idmap uid = 1-2 idmap gid = 1-2 admin users = adminisrtator [homes] comment = Home Directory read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/services/samba/netlogon guest ok = Yes share modes = No [Profiles] path = /home/services/samba/profiles guest ok = Yes browseable = No [data] comment = IFS's shared files path = /home/ifs/data read only = No force create mode = 0771 force directory mode = 0775 /snip _ I also tried to install the older version again (samba 2.x.stable (standard debian-package) without LDAP and with smbpasswd file), but no luck... I am completely out of ideas and believe I tried everything possible Hope someone can explain me this mystical behaviour all of a sudden... Kind Regards, Bjorn Padding IFS Audio Visuals -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
