|
LINUX BASED CLIENT UNABLE TO JOIN LINUX PDC with LDAP
Hello.
I have some problems, with a new samba configuration.
I want to setup a SAMBA PDC with ldap authentification, following an HOWTO found on the web.
I used this howto with success on OPENSUSE 10.1 with a X86 processor and I have used it a lot of time (windows 2000 clients).
Now I use OPENSUSE 11.3.
And I test this new configuration with two new PC running X64 processor running linux.
PDC OS : Opensuse 11.3 X86-64 with full optionnal server software install
CLIENT OS : Opensuse 11.3 X86-64 with minimal desktop workstation configuration
Samba : 3.5.4-5.1.2
Ldap : 2.4.21-9.1
Smbldap-tools : 0.9.5-26
nss_ldap : 265-4.2
pam_ldap : 185-4.2
perl-ldap : 0.40-2.4
No firewall
Local Network : 192.168.xxx.yyy
The server is not configured using opensuse yast but configuring directly from conf files.
I have try to use yast to configure the laptop client with no help.
I have not found anything on the web nor from samba doc what should be configured precisely on the linux client side.
If you have some reading to recommend.
===============
Client side is not really configured as I don't know what to do
===============
smbclient login run with success from server or client, anonymously or with normal user account and show shares
===============
ldapsearch run with success only with ip adress ( -D 192.168.xxx.yyy ) and not with name server ( -D my_server )
===============
There is some problem with winbindd-idmap (some smb panic during initialization )
===============
log : 192.168.xxx.yyy
[2010/10/12 21:51:13.860399, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
get_md4pw: Workstation MY-TOSHIBA$: no account in domain
[2010/10/12 21:51:13.861012, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
[2010/10/12 21:51:13.865713, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
get_md4pw: Workstation MY-TOSHIBA$: no account in domain
[2010/10/12 21:51:13.866259, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
log : my_toshiba
[2010/10/12 21:51:13.860399, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
get_md4pw: Workstation MY-TOSHIBA$: no account in domain
[2010/10/12 21:51:13.861012, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
[2010/10/12 21:51:13.865713, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
get_md4pw: Workstation MY-TOSHIBA$: no account in domain
[2010/10/12 21:51:13.866259, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
log : smbd (at startrup)
[2010/10/12 20:37:19.676580, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2010/10/12 20:37:20.246137, 2] auth/token_util.c:453(create_local_nt_token)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids?
[2010/10/12 20:37:20.269393, 2] auth/token_util.c:477(create_local_nt_token)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/10/12 20:37:20.589480, 2] auth/token_util.c:453(create_local_nt_token)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids?
[2010/10/12 20:37:20.604934, 2] auth/token_util.c:477(create_local_nt_token)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/10/12 20:37:20.667902, 2] smbd/server.c:721(smbd_parent_loop)
waiting for connections
log : smbd.log
2010-10-12T21:51:13.861325+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: [2010/10/12 21:51:13.860399, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
2010-10-12T21:51:13.861351+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: get_md4pw: Workstation MY-TOSHIBA$: no account in domain
2010-10-12T21:51:13.861365+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: [2010/10/12 21:51:13.861012, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
2010-10-12T21:51:13.861377+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: _netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
2010-10-12T21:51:13.866599+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: [2010/10/12 21:51:13.865713, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
2010-10-12T21:51:13.866615+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: get_md4pw: Workstation MY-TOSHIBA$: no account in domain
2010-10-12T21:51:13.866627+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: [2010/10/12 21:51:13.866259, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
2010-10-12T21:51:13.866643+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5332]: MSG: _netr_ServerAuthenticate2: failed to get machine password for account MY-TOSHIBA$: NT_STATUS_ACCESS_DENIED
2010-10-12T21:51:15.691754+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5333]: MSG: [2010/10/12 21:51:15.690729, 0] passdb/pdb_interface.c:348(pdb_default_create_user)
2010-10-12T21:51:15.691788+02:00 LINUX-SRV SVRTY:3 TAG:smbd[5333]: MSG: _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 'my-toshiba$'' gave 9
Using yast on the client ( join windows domain )
1°) From scratch after initializing ldap database, the workstation account is created ( my_toshiba$ )
2°) There is a search for the machine account password, but there no field for that in the schema. Password field exist only for user.
On the client side could you tell me what files must be considered ( I configure these on the server side )
/etc/hosts
/etc/nsswitch.conf
/etc/pam.d/common-session-pc
/etc/samba/smb.conf
/etc/openldap/ldap.conf
/etc/openldap/slapd.conf
/etc/smbldap-tools/smbldap.conf
/etc/smbldap-tools/smbldap_bind.conf
Thank you for helping me
JC DOLE
|
