M
mischka
Grünschnabel
Hi !
Dies ist mein erster Beitrag, ich entschuldige mich schon im vorraus für den langen Beitrag, ich möchte euch soviel Angaben machen wie ich kann, und ich hoffe, ihr könnt mir helfen.
Also ich hab hier einen Samba PDC (samba-3.0.14) mit LDAP-Backend (2.2.27) aufgesetzt (hoff ich jedenfalls). Das Problem ist, WinXP möchte nicht in meine Domäne. Ich bekomme folgende Meldung:
"Beim Versuch der Domäne "SPIELE" trat der folgende Fehler auf: Der Benutzername konnte nicht gefunden werden."
Im Samba-Logfile find ich dies:
[2005/08/24 19:04:04, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: root
[2005/08/24 19:04:04, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
[2005/08/24 19:04:05, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain SPIELE -> S-1-5-21-3886292755-2720702596-2478349069
Sieht also eigentlich ganz gut aus, es wird der Maschinenaccount angelegt, und die Domain-SID wird auch geschickt, was geht da also schief ?
Mischka
Hier kommen meine Konfigurationsdateien:
Hier meine smb.conf:
netbios name = STOPPI
workgroup = SPIELE
server string = stoppi
host allow = 192.168.0.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = fxp0
bind interfaces only = yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 10000
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
logon script = login.bat
logon path = \\%L\profiles\%U
logon drive = H:
null passwords = no
hide unreadable = yes
hide dot files = yes
ldap passwd sync = yes
passdb backend = ldapsam:ldap://192.168.0.1/
admin users = root
ldap admin dn = cn=root,dc=localnet,dc=de
ldap suffix = dc=localnet,dc=de
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
dos charset = 850
unix charset = ISO8859-1
[netlogon] und [profiles] sind auch vorhanden, hier mein ldap-Direktory:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# localnet.de
dn: dc=localnet,dc=de
objectClass: dcObject
objectClass: organization
o: localnet
dc: localnet
# Users, localnet.de
dn: ou=Users,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Users
# Groups, localnet.de
dn: ou=Groups,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Groups
# Computers, localnet.de
dn: ou=Computers,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Computers
# Idmap, localnet.de
dn: ou=Idmap,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Idmap
# root, Users, localnet.de
dn: uid=root,ou=Users,dc=localnet,dc=de
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\STOPPI\home\root
sambaHomeDrive: H:
sambaProfilePath: \\STOPPI\profiles\root
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-512
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaAcctFlags:
sambaPwdLastSet: 1124831186
sambaKickoffTime: 0
sambaPwdMustChange: 2447483647
# nobody, Users, localnet.de
dn: uid=nobody,ou=Users,dc=localnet,dc=de
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\STOPPI\home\nobody
sambaHomeDrive: H:
sambaProfilePath: \\STOPPI\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-514
sambaAcctFlags: [NUD ]
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-2998
loginShell: /bin/false
# Domain Admins, Groups, localnet.de
dn: cn=Domain Admins,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, Groups, localnet.de
dn: cn=Domain Users,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-513
sambaGroupType: 2
displayName: Domain Users
memberUid: micha
# Domain Guests, Groups, localnet.de
dn: cn=Domain Guests,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-514
sambaGroupType: 2
displayName: Domain Guests
# Domain Computers, Groups, localnet.de
dn: cn=Domain Computers,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-515
sambaGroupType: 2
displayName: Domain Computers
# Administrators, Groups, localnet.de
dn: cn=Administrators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
# Account Operators, Groups, localnet.de
dn: cn=Account Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
# Print Operators, Groups, localnet.de
dn: cn=Print Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
# Backup Operators, Groups, localnet.de
dn: cn=Backup Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
# Replicators, Groups, localnet.de
dn: cn=Replicators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
# NextFreeUnixId, localnet.de
dn: cn=NextFreeUnixId,dc=localnet,dc=de
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
uidNumber: 1003
# micha, Users, localnet.de
dn: uid=micha,ou=Users,dc=localnet,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: micha
sn: micha
uid: micha
gidNumber: 513
homeDirectory: /home/micha
loginShell: /usr/local/bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-3002
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-513
sambaLogonScript: logon.bat
sambaProfilePath: \\STOPPI\profiles\micha
sambaHomePath: \\STOPPI\home\micha
sambaHomeDrive: H:
sambaAcctFlags:
sambaPwdLastSet: 1124831558
displayName: Michael Gusek
uidNumber: 500
sambaPwdMustChange: 2547483647
# SPIELE, localnet.de
dn: sambaDomainName=SPIELE,dc=localnet,dc=de
sambaDomainName: SPIELE
sambaSID: S-1-5-21-3886292755-2720702596-2478349069
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
# crolla$, Computers, localnet.de
dn: uid=crolla$,ou=Computers,dc=localnet,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: crolla$
sn: crolla$
uid: crolla$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
Dies ist mein erster Beitrag, ich entschuldige mich schon im vorraus für den langen Beitrag, ich möchte euch soviel Angaben machen wie ich kann, und ich hoffe, ihr könnt mir helfen.
Also ich hab hier einen Samba PDC (samba-3.0.14) mit LDAP-Backend (2.2.27) aufgesetzt (hoff ich jedenfalls). Das Problem ist, WinXP möchte nicht in meine Domäne. Ich bekomme folgende Meldung:
"Beim Versuch der Domäne "SPIELE" trat der folgende Fehler auf: Der Benutzername konnte nicht gefunden werden."
Im Samba-Logfile find ich dies:
[2005/08/24 19:04:04, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: root
[2005/08/24 19:04:04, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
[2005/08/24 19:04:05, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain SPIELE -> S-1-5-21-3886292755-2720702596-2478349069
Sieht also eigentlich ganz gut aus, es wird der Maschinenaccount angelegt, und die Domain-SID wird auch geschickt, was geht da also schief ?
Mischka
Hier kommen meine Konfigurationsdateien:
Hier meine smb.conf:
netbios name = STOPPI
workgroup = SPIELE
server string = stoppi
host allow = 192.168.0.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = fxp0
bind interfaces only = yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 10000
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
logon script = login.bat
logon path = \\%L\profiles\%U
logon drive = H:
null passwords = no
hide unreadable = yes
hide dot files = yes
ldap passwd sync = yes
passdb backend = ldapsam:ldap://192.168.0.1/
admin users = root
ldap admin dn = cn=root,dc=localnet,dc=de
ldap suffix = dc=localnet,dc=de
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
dos charset = 850
unix charset = ISO8859-1
[netlogon] und [profiles] sind auch vorhanden, hier mein ldap-Direktory:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# localnet.de
dn: dc=localnet,dc=de
objectClass: dcObject
objectClass: organization
o: localnet
dc: localnet
# Users, localnet.de
dn: ou=Users,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Users
# Groups, localnet.de
dn: ou=Groups,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Groups
# Computers, localnet.de
dn: ou=Computers,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Computers
# Idmap, localnet.de
dn: ou=Idmap,dc=localnet,dc=de
objectClass: organizationalUnit
ou: Idmap
# root, Users, localnet.de
dn: uid=root,ou=Users,dc=localnet,dc=de
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\STOPPI\home\root
sambaHomeDrive: H:
sambaProfilePath: \\STOPPI\profiles\root
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-512
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaAcctFlags:
sambaPwdLastSet: 1124831186
sambaKickoffTime: 0
sambaPwdMustChange: 2447483647
# nobody, Users, localnet.de
dn: uid=nobody,ou=Users,dc=localnet,dc=de
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\STOPPI\home\nobody
sambaHomeDrive: H:
sambaProfilePath: \\STOPPI\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-514
sambaAcctFlags: [NUD ]
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-2998
loginShell: /bin/false
# Domain Admins, Groups, localnet.de
dn: cn=Domain Admins,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, Groups, localnet.de
dn: cn=Domain Users,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-513
sambaGroupType: 2
displayName: Domain Users
memberUid: micha
# Domain Guests, Groups, localnet.de
dn: cn=Domain Guests,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-514
sambaGroupType: 2
displayName: Domain Guests
# Domain Computers, Groups, localnet.de
dn: cn=Domain Computers,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-515
sambaGroupType: 2
displayName: Domain Computers
# Administrators, Groups, localnet.de
dn: cn=Administrators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
# Account Operators, Groups, localnet.de
dn: cn=Account Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
# Print Operators, Groups, localnet.de
dn: cn=Print Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
# Backup Operators, Groups, localnet.de
dn: cn=Backup Operators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
# Replicators, Groups, localnet.de
dn: cn=Replicators,ou=Groups,dc=localnet,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
# NextFreeUnixId, localnet.de
dn: cn=NextFreeUnixId,dc=localnet,dc=de
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
uidNumber: 1003
# micha, Users, localnet.de
dn: uid=micha,ou=Users,dc=localnet,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: micha
sn: micha
uid: micha
gidNumber: 513
homeDirectory: /home/micha
loginShell: /usr/local/bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaSID: S-1-5-21-3886292755-2720702596-2478349069-3002
sambaPrimaryGroupSID: S-1-5-21-3886292755-2720702596-2478349069-513
sambaLogonScript: logon.bat
sambaProfilePath: \\STOPPI\profiles\micha
sambaHomePath: \\STOPPI\home\micha
sambaHomeDrive: H:
sambaAcctFlags:
sambaPwdLastSet: 1124831558
displayName: Michael Gusek
uidNumber: 500
sambaPwdMustChange: 2547483647
# SPIELE, localnet.de
dn: sambaDomainName=SPIELE,dc=localnet,dc=de
sambaDomainName: SPIELE
sambaSID: S-1-5-21-3886292755-2720702596-2478349069
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
# crolla$, Computers, localnet.de
dn: uid=crolla$,ou=Computers,dc=localnet,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: crolla$
sn: crolla$
uid: crolla$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer