Windows 2K3 machine koppelen aan een Samba Domein

Pagina: 1
Acties:

Acties:
  • 0 Henk 'm!

  • Bjornmeijer935
  • Registratie: Februari 2008
  • Laatst online: 07-09 19:21

Bjornmeijer935

I see dead pixels

Topicstarter
Hey,

Ik probeer een Windows Server 2003 machine toe te voegen in een Samba domein, ik gebruik Ubuntu 10.04LTS en Samba 3.4.7.

Ik kan wel gewoon met een Windows XP machine aanmelden en inloggen in het domein. Ik gebruik de root account om aan te melden in het domein.

Dit is het bericht dat ik krijg als ik probeer te joinen:
Afbeeldingslocatie: http://www4.picturepush.com/photo/a/5191052/img/error/Screenshot.png

Ik heb voor het grootste gedeelte deze guide gevolgt:
http://ubuntuforums.org/showthread.php?t=1330637

Hieronder post ik de configs en logs, voor de leesbaarheid heb ik de # lijnen er uit gehaald:

Dit is de output van NetSetup.log op de W2K3 machine:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
03/03 14:58:42 -----------------------------------------------------------------
03/03 14:58:42 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name
03/03 14:58:42 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0
03/03 14:58:42 NetpValidateName: name 'REALTIME' is valid for type 3
03/03 14:58:52 -----------------------------------------------------------------
03/03 14:58:52 NetpDoDomainJoin
03/03 14:58:52 NetpMachineValidToJoin: 'DEVELOPMENT-PC'
03/03 14:58:52 NetpGetLsaPrimaryDomain: status: 0x0
03/03 14:58:52 NetpMachineValidToJoin: status: 0x0
03/03 14:58:52 NetpJoinDomain
03/03 14:58:52  Machine: DEVELOPMENT-PC
03/03 14:58:52  Domain: REALTIME
03/03 14:58:52  MachineAccountOU: (NULL)
03/03 14:58:52  Account: REALTIME\root
03/03 14:58:52  Options: 0x25
03/03 14:58:52  OS Version: 5.2
03/03 14:58:52  Build number: 3790
03/03 14:58:52  ServicePack: Service Pack 2
03/03 14:58:52 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name
03/03 14:58:52 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0
03/03 14:58:52 NetpValidateName: name 'REALTIME' is valid for type 3
03/03 14:58:52 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020
03/03 14:58:52 NetpDsGetDcName: found DC '\\LDAP' in the specified domain
03/03 14:58:53 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0
03/03 14:58:53 NetpGetLsaPrimaryDomain: status: 0x0
03/03 14:58:53 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP'
03/03 14:58:53 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
03/03 14:58:53 NetpLsaOpenSecret: status: 0xc0000034
03/03 14:58:53 NetpGetLsaPrimaryDomain: status: 0x0
03/03 14:58:53 NetpLsaOpenSecret: status: 0xc0000034
03/03 14:58:53 Failed to validate machine account for DEVELOPMENT-PC against \\LDAP: 0xc000006d
03/03 14:58:53 NetpJoinDomain: w9x: status of validating account: 0x52e
03/03 14:58:53 NetpJoinDomain: initiaing a rollback due to earlier errors
03/03 14:58:53 NetpLsaOpenSecret: status: 0x0
03/03 14:58:53 NetpJoinDomain: rollback: status of deleting secret: 0x0
03/03 14:58:53 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0
03/03 14:58:53 NetpDoDomainJoin: status: 0x52e
03/03 14:58:53 -----------------------------------------------------------------
03/03 14:58:53 NetpDoDomainJoin
03/03 15:46:57 -----------------------------------------------------------------
03/03 15:46:57 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name
03/03 15:46:57 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0
03/03 15:46:57 NetpValidateName: name 'REALTIME' is valid for type 3
03/03 15:47:04 -----------------------------------------------------------------
03/03 15:47:04 NetpDoDomainJoin
03/03 15:47:04 NetpMachineValidToJoin: 'DEVELOPMENT-PC'
03/03 15:47:04 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:04 NetpMachineValidToJoin: status: 0x0
03/03 15:47:04 NetpJoinDomain
03/03 15:47:04  Machine: DEVELOPMENT-PC
03/03 15:47:04  Domain: REALTIME
03/03 15:47:04  MachineAccountOU: (NULL)
03/03 15:47:04  Account: REALTIME\root
03/03 15:47:04  Options: 0x25
03/03 15:47:04  OS Version: 5.2
03/03 15:47:04  Build number: 3790
03/03 15:47:04  ServicePack: Service Pack 2
03/03 15:47:04 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name
03/03 15:47:04 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0
03/03 15:47:04 NetpValidateName: name 'REALTIME' is valid for type 3
03/03 15:47:04 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020
03/03 15:47:05 NetpDsGetDcName: found DC '\\LDAP' in the specified domain
03/03 15:47:05 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0
03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP'
03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034
03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034
03/03 15:47:05 Failed to validate machine account for DEVELOPMENT-PC against \\LDAP: 0xc000006d
03/03 15:47:05 NetpJoinDomain: w9x: status of validating account: 0x52e
03/03 15:47:05 NetpJoinDomain: initiaing a rollback due to earlier errors
03/03 15:47:05 NetpLsaOpenSecret: status: 0x0
03/03 15:47:05 NetpJoinDomain: rollback: status of deleting secret: 0x0
03/03 15:47:05 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0
03/03 15:47:05 NetpDoDomainJoin: status: 0x52e
03/03 15:47:05 -----------------------------------------------------------------
03/03 15:47:05 NetpDoDomainJoin
03/03 15:47:05 NetpMachineValidToJoin: 'DEVELOPMENT-PC'
03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:05 NetpMachineValidToJoin: status: 0x0
03/03 15:47:05 NetpJoinDomain
03/03 15:47:05  Machine: DEVELOPMENT-PC
03/03 15:47:05  Domain: REALTIME
03/03 15:47:05  MachineAccountOU: (NULL)
03/03 15:47:05  Account: REALTIME\root
03/03 15:47:05  Options: 0x27
03/03 15:47:05  OS Version: 5.2
03/03 15:47:05  Build number: 3790
03/03 15:47:05  ServicePack: Service Pack 2
03/03 15:47:05 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name
03/03 15:47:05 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0
03/03 15:47:05 NetpValidateName: name 'REALTIME' is valid for type 3
03/03 15:47:05 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020
03/03 15:47:05 NetpDsGetDcName: found DC '\\LDAP' in the specified domain
03/03 15:47:05 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0
03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP'
03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034
03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0
03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034
03/03 15:47:07 NetpManageMachineAccountWithSid: NetUserAdd on '\\LDAP' for 'DEVELOPMENT-PC$' failed: 0x8b0
03/03 15:47:13 NetpSetMachineAccountPasswordAndTypeEx: Broken account type 0x40 -- error out
03/03 15:47:13 NetpManageMachineAccountWithSid: status of attempting to set password on '\\LDAP' for 'DEVELOPMENT-PC$': 0x524
03/03 15:47:13 NetpJoinDomain: status of creating account: 0x524
03/03 15:47:13 NetpJoinDomain: initiaing a rollback due to earlier errors
03/03 15:47:13 NetpLsaOpenSecret: status: 0x0
03/03 15:47:13 NetpJoinDomain: rollback: status of deleting secret: 0x0
03/03 15:47:13 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0
03/03 15:47:13 NetpDoDomainJoin: status: 0x524


smb.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
[global]
  smb ports = 139
  workgroup = REALTIME
  netbios name = ldap  
  domain logons = Yes  
  domain master = Yes  
  wins support = true  
  obey pam restrictions = Yes  
  dns proxy = No  
  os level = 35  
  log level = 3
  log file = /var/log/samba/log.%m  
  max log size = 10000  
  syslog = 0  
  panic action = /usr/share/samba/panic-action %d  
  pam password change = Yes  
  unix password sync = no  
  ldap passwd sync = yes  
  load printers = yes  
  printing = cups  
  printcap name = cups  
  passdb backend = ldapsam:ldap://127.0.0.1  
  ldap suffix = dc=realtime,dc=lan  
  ldap admin dn = cn=root,dc=realtime,dc=lan  
  ldap machine suffix = ou=Computers  
  ldap user suffix = ou=Users  
  ldap group suffix = ou=Groups  
  ldap idmap suffix = ou=Idmap   
  ldap ssl = no  
  add user script = /usr/sbin/smbldap-useradd -m '%u'  
  delete user script = /usr/sbin/smbldap-userdel %u  
  add group script = /usr/sbin/smbldap-groupadd -p '%g'  
  delete group script = /usr/sbin/smbldap-groupdel '%g'  
  add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'  
  delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'  
  set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'  
  add machine script = /usr/sbin/smbldap-useradd -W -i "%u"
  #add machine script = /usr/sbin/smbldap-useradd -w '%u'  
  logon drive =  
  logon home =  
  logon path = 
  logon script =   
  server signing = auto  
  server schannel = Auto 
[homes]  
  comment = Home Directories  
  valid users = %S 
  read only = No  
  browseable = No 
[netlogon]  
  comment = Network Logon Service 
  path = /var/lib/samba/netlogon  
  admin users = root  
  guest ok = Yes  
  browseable = No 
[Profiles]  
  comment = Roaming Profile Share  
  path = /var/lib/samba/profiles  
  read only = No  profile 
  acls = Yes 
  browsable = No  
[printers] 
  comment = All Printers 
  path = /var/spool/samba  
  use client driver = Yes  
  create mask = 0600  
  guest ok = Yes  
  printable = Yes  
  browseable = No  
  public = yes 
  writable = yes 
  admin users = root 
  write list = root 
[print$] 
  comment = Printer Drivers 
  Share path = /var/lib/samba/printers  
  write list = root  
  create mask = 0664  
  directory mask = 0775  
  admin users = root


slapd.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

pidfile                  /var/run/slapd/slapd.pid

argsfile                 /var/run/slapd/slapd.args

modulepath               /usr/lib/ldap
moduleload            back_bdb

sizelimit 500 

tool-threads 1 

backend               bdb
database              bdb 

suffix                      "dc=realtime,dc=lan" 
rootdn                      "cn=root,dc=realtime,dc=lan"
rootpw                      

directory       "/var/lib/ldap" 

dbconfig set_cachesize 0 2097152 0 
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500 

index ou,cn,sn,mail,givenname                       eq,pres,sub
index uidNumber,gidNumber,memberUid                 eq,pres
index loginShell                                    eq,pres
index uniqueMember                                  eq,pres
index uid                                           pres,sub,eq
index displayName                                   pres,sub,eq
index sambaSID                                      eq
index sambaPrimaryGroupSID                          eq
index sambaDomainName                               eq
index default                                       sub

lastmod         on 

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
    by dn="cn=root,dc=realtime,dc=lan"  write
    by anonymous write        
    by self write
    by * write 
access to dn.base="" by * write
access to * 
    by dn="cn=root,dc=realtime,dc=lan" write 
    by * write


ldap.conf
code:
1
2
3
4
5
6
7
HOST 127.0.0.1
BASE dc=realtime,dc=lan
URI ldap://ldap.realtime.lan
ldap_version 3
rootbinddn cn=root,dc=realtime,dc=lan
bind_policy soft
pam_password md5


smbldap.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
SID="S-1-5-21-3948054454-3683697284-853384458"
sambaDomain="REALTIME"

slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"

ldapTLS="0"
ldapSSL="0"

verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"

suffix="dc=realtime,dc=lan"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"

sambaUnixIdPooldn="sambaDomainName=REALTIME,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"

userLoginShell="/bin/bash"
userHome="/ldaphome/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"

userSmbHome=
userProfile=
userHomeDrive=
userScript=
mailDomain="realtime.lan"

with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"


Is al opgelost