LDAP 2.1.23 - Samba 3.0.0 - trust account problems
Hello,
I've posted this many time on the samba list server and openldap list server but I still am unable to fix this problem, so I look for clues. PROBLEM: I am not able joind a Windows 2000 computer to a Samba domain. I get an error message logon failure: unknown username or bad password. WHAT DOES WORK: Can logon to domain from a Windows 95/98 and get mapped drive to home directory, netlogon on share. After logging into local machine on Windows 2000 computer, I can browse the network, find the domain controller where it prompts me for a username and password. It accept the password and allows me to get to the shares that are allowed for my account. I can also change passwords. WHAT THIS IMPLIES: This implies that samba is communicating correctlly with the backend db. It also implies that samba is using the LDAP admin account for access to the LDAP directory correctly. The error messages I get appears to be the result of samba mapping to the root account or the password for the root account.. The root account I use in LDAP is Administrator # Administrator, Users, tow,net # Administrator, Users, tow.net dn: uid=Administrator,ou=Users,dc=tow,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 0 uid: Administrator uidNumber: 0 sambaPwdLastSet: 1068814077 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1068814077 sambaPwdMustChange: 2147483647 sambaHomePath: \\whs1\Administrator sambaHomeDrive: H: sambaProfilePath: \\whs1\profiles\ sambaLMPassword: E3B4E05BE6A182C9E13B8E8F6853DCAC sambaNTPassword: F4858C7E53BB628AE91E00E9DB6CD467 sambaAcctFlags: [U ] sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000 loginShell: /bin/bash gecos: Netbios Domain Administrator sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-1001 userPassword:: e1NNRDV9ZGpiNFo3ODQ3VFlKYWJYZEM5ZGRtSkFpMklzPQ== homeDirectory: /root Does anyone out ther have any clues as to why I would have a problem connecting this account? Kent N |
There was a posting on the Samba lists that said you must, Must, MUST have a samba account named root. That poster said to do:
smbpasswd -a root and put in a password different from root's Linux password. During the procedure to join the domain you are asked for a user who has the rights to join the domain. Enter root as the user and the password you set up. There was also a step-by-step on how to do LDAP. Here, too, you needed to have a samba user called root with a UID of 0 and a rid of 1000. This was done with a: smbldap-useradd.pl -a -P root. Then use GQ to change the rid and UID. |
All times are GMT -5. The time now is 08:03 AM. |