sven_sol
Tux's lil' helper
Joined: 27 Apr 2005
Posts: 120
Location: Royston, Herts. UK
|
 Posted: Wed Aug 15, 2007 10:55 am Post subject: samba pdc, vista, XP-64bit quibbles. |
 |
|
Hi All,
we have a Samba PDC with an LDAP back end, and its running fine except when it come to the joining of the work station to the domain.
1. XP-SP2/2k and below, When it joins, it fails first time to join, the machine account is then created, then can join.
2. XP-SP2 64bit and Vista. When it joins, it fails to join fir time, the machine account is created, but is created as a Trust account, rather than a workstation account. Second time it tries it fails saying a user name cannot be found. I have to go in and manually edit the LDAP structure and change the sambaAcctFlags for an I to a W.
Now, looking at the LDAP structure between the first failure and the second success on the first scenario I can see it creates the work station as an "I", then the second time it turns it to a "W" and it joins and there is this in the log file.
| Code: | Aug 15 11:49:58 pdc smbd[10917]: [2007/08/15 11:49:58, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786)
Aug 15 11:49:58 pdc smbd[10917]: api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
|
However, on the 64 bit/vista is doesn't flip that flag.
The add machine script has the "-i" flag set, as when it is "-w" it fails constantly.
globals:
| Code: | workgroup = dom
server string = pdc server
printcap name = cups
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
security = user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
encrypt passwords = yes
obey pam restrictions = yes
admin users = administrator, @"Domain Admins"
passdb backend = ldapsam:ldap://127.0.0.1 smbpasswd guest
idmap uid = 1000-2000
idmap gid = 1000-2000
ldap admin dn = cn=pdc,dc=testdom,dc=co,dc=uk
ldap ssl = no
ldap port = 389
ldap suffix = dc=testdom,dc=co,dc=uk
ldap server = pdc.testdom.co.uk
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap idmap suffix = ou=People
ldap group suffix = ou=Group
ldap passwd sync = Yes
dns proxy = no
preserve case = yes
hide unreadable = yes
hide dot files = yes
prefered master = yes
local master = yes
domain master = yes
domain logons = yes
os level = 33
logon home =
logon path =
add machine script = /usr/sbin/smbldap-useradd -i -d /dev/null -g 515 -c 'Machine Account' -s /bin/false '%u' |
First LDAP structure (Fail)
| Code: | dn: uid=svenlaptop$,ou=Computers,dc=testdom,dc=co,dc=uk
cn: svenlaptop$
sn: svenlaptop$
uid: svenlaptop$
uidNumber: 2007
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 543ee7f2-df64-102b-8383-df1b05d6c548
creatorsName: cn=pdc,dc=testdom,dc=co,dc=uk
createTimestamp: 20070815101627Z
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1187172987
sambaAcctFlags: [I ]
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
sambaSID: S-1-5-21-472291352-1649616530-1559386932-5014
sambaPrimaryGroupSID: S-1-5-21-472291352-1649616530-1559386932-515
entryCSN: 20070815101627Z#000002#00#000000
modifiersName: cn=pdc,dc=testdom,dc=co,dc=uk
modifyTimestamp: 20070815101627Z
|
Second Ldap structure, (Works)
| Code: | dn: uid=svenlaptop$,ou=Computers,dc=testdom,dc=co,dc=uk
cn: svenlaptop$
sn: svenlaptop$
uid: svenlaptop$
uidNumber: 2007
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 543ee7f2-df64-102b-8383-df1b05d6c548
creatorsName: cn=pdc,dc=testdom,dc=co,dc=uk
createTimestamp: 20070815101627Z
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-472291352-1649616530-1559386932-5014
sambaPrimaryGroupSID: S-1-5-21-472291352-1649616530-1559386932-515
sambaAcctFlags: [W ]
sambaPwdCanChange: 1187173042
sambaNTPassword: 350B8A6B33F80B07A64EA8992FA57DF0
sambaPwdLastSet: 1187173042
entryCSN: 20070815101722Z#000003#00#000000
modifiersName: cn=pdc,dc=testdom,dc=co,dc=uk
modifyTimestamp: 20070815101722Z |
Anyone have any ideas what is going on? 
Off to play some more...
_________________
Tua mater tam antiqua ut linguam latinam loquatur
Linux User: #405647 |
|
Networking & Security
