Hey,
Ik probeer een Windows Server 2003 machine toe te voegen in een Samba domein, ik gebruik Ubuntu 10.04LTS en Samba 3.4.7.
Ik kan wel gewoon met een Windows XP machine aanmelden en inloggen in het domein. Ik gebruik de root account om aan te melden in het domein.
Dit is het bericht dat ik krijg als ik probeer te joinen:

Ik heb voor het grootste gedeelte deze guide gevolgt:
http://ubuntuforums.org/showthread.php?t=1330637
Hieronder post ik de configs en logs, voor de leesbaarheid heb ik de # lijnen er uit gehaald:
Dit is de output van NetSetup.log op de W2K3 machine:
smb.conf
slapd.conf
ldap.conf
smbldap.conf
Is al opgelost
Ik probeer een Windows Server 2003 machine toe te voegen in een Samba domein, ik gebruik Ubuntu 10.04LTS en Samba 3.4.7.
Ik kan wel gewoon met een Windows XP machine aanmelden en inloggen in het domein. Ik gebruik de root account om aan te melden in het domein.
Dit is het bericht dat ik krijg als ik probeer te joinen:

Ik heb voor het grootste gedeelte deze guide gevolgt:
http://ubuntuforums.org/showthread.php?t=1330637
Hieronder post ik de configs en logs, voor de leesbaarheid heb ik de # lijnen er uit gehaald:
Dit is de output van NetSetup.log op de W2K3 machine:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
| 03/03 14:58:42 ----------------------------------------------------------------- 03/03 14:58:42 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name 03/03 14:58:42 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0 03/03 14:58:42 NetpValidateName: name 'REALTIME' is valid for type 3 03/03 14:58:52 ----------------------------------------------------------------- 03/03 14:58:52 NetpDoDomainJoin 03/03 14:58:52 NetpMachineValidToJoin: 'DEVELOPMENT-PC' 03/03 14:58:52 NetpGetLsaPrimaryDomain: status: 0x0 03/03 14:58:52 NetpMachineValidToJoin: status: 0x0 03/03 14:58:52 NetpJoinDomain 03/03 14:58:52 Machine: DEVELOPMENT-PC 03/03 14:58:52 Domain: REALTIME 03/03 14:58:52 MachineAccountOU: (NULL) 03/03 14:58:52 Account: REALTIME\root 03/03 14:58:52 Options: 0x25 03/03 14:58:52 OS Version: 5.2 03/03 14:58:52 Build number: 3790 03/03 14:58:52 ServicePack: Service Pack 2 03/03 14:58:52 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name 03/03 14:58:52 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0 03/03 14:58:52 NetpValidateName: name 'REALTIME' is valid for type 3 03/03 14:58:52 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020 03/03 14:58:52 NetpDsGetDcName: found DC '\\LDAP' in the specified domain 03/03 14:58:53 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0 03/03 14:58:53 NetpGetLsaPrimaryDomain: status: 0x0 03/03 14:58:53 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP' 03/03 14:58:53 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0 03/03 14:58:53 NetpLsaOpenSecret: status: 0xc0000034 03/03 14:58:53 NetpGetLsaPrimaryDomain: status: 0x0 03/03 14:58:53 NetpLsaOpenSecret: status: 0xc0000034 03/03 14:58:53 Failed to validate machine account for DEVELOPMENT-PC against \\LDAP: 0xc000006d 03/03 14:58:53 NetpJoinDomain: w9x: status of validating account: 0x52e 03/03 14:58:53 NetpJoinDomain: initiaing a rollback due to earlier errors 03/03 14:58:53 NetpLsaOpenSecret: status: 0x0 03/03 14:58:53 NetpJoinDomain: rollback: status of deleting secret: 0x0 03/03 14:58:53 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0 03/03 14:58:53 NetpDoDomainJoin: status: 0x52e 03/03 14:58:53 ----------------------------------------------------------------- 03/03 14:58:53 NetpDoDomainJoin 03/03 15:46:57 ----------------------------------------------------------------- 03/03 15:46:57 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name 03/03 15:46:57 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0 03/03 15:46:57 NetpValidateName: name 'REALTIME' is valid for type 3 03/03 15:47:04 ----------------------------------------------------------------- 03/03 15:47:04 NetpDoDomainJoin 03/03 15:47:04 NetpMachineValidToJoin: 'DEVELOPMENT-PC' 03/03 15:47:04 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:04 NetpMachineValidToJoin: status: 0x0 03/03 15:47:04 NetpJoinDomain 03/03 15:47:04 Machine: DEVELOPMENT-PC 03/03 15:47:04 Domain: REALTIME 03/03 15:47:04 MachineAccountOU: (NULL) 03/03 15:47:04 Account: REALTIME\root 03/03 15:47:04 Options: 0x25 03/03 15:47:04 OS Version: 5.2 03/03 15:47:04 Build number: 3790 03/03 15:47:04 ServicePack: Service Pack 2 03/03 15:47:04 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name 03/03 15:47:04 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0 03/03 15:47:04 NetpValidateName: name 'REALTIME' is valid for type 3 03/03 15:47:04 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020 03/03 15:47:05 NetpDsGetDcName: found DC '\\LDAP' in the specified domain 03/03 15:47:05 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0 03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP' 03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0 03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034 03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034 03/03 15:47:05 Failed to validate machine account for DEVELOPMENT-PC against \\LDAP: 0xc000006d 03/03 15:47:05 NetpJoinDomain: w9x: status of validating account: 0x52e 03/03 15:47:05 NetpJoinDomain: initiaing a rollback due to earlier errors 03/03 15:47:05 NetpLsaOpenSecret: status: 0x0 03/03 15:47:05 NetpJoinDomain: rollback: status of deleting secret: 0x0 03/03 15:47:05 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0 03/03 15:47:05 NetpDoDomainJoin: status: 0x52e 03/03 15:47:05 ----------------------------------------------------------------- 03/03 15:47:05 NetpDoDomainJoin 03/03 15:47:05 NetpMachineValidToJoin: 'DEVELOPMENT-PC' 03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:05 NetpMachineValidToJoin: status: 0x0 03/03 15:47:05 NetpJoinDomain 03/03 15:47:05 Machine: DEVELOPMENT-PC 03/03 15:47:05 Domain: REALTIME 03/03 15:47:05 MachineAccountOU: (NULL) 03/03 15:47:05 Account: REALTIME\root 03/03 15:47:05 Options: 0x27 03/03 15:47:05 OS Version: 5.2 03/03 15:47:05 Build number: 3790 03/03 15:47:05 ServicePack: Service Pack 2 03/03 15:47:05 NetpValidateName: checking to see if 'REALTIME' is valid as type 3 name 03/03 15:47:05 NetpCheckDomainNameIsValid [ Exists ] for 'REALTIME' returned 0x0 03/03 15:47:05 NetpValidateName: name 'REALTIME' is valid for type 3 03/03 15:47:05 NetpDsGetDcName: trying to find DC in domain 'REALTIME', flags: 0x1020 03/03 15:47:05 NetpDsGetDcName: found DC '\\LDAP' in the specified domain 03/03 15:47:05 NetpJoinDomain: status of connecting to dc '\\LDAP': 0x0 03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\LDAP' 03/03 15:47:05 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0 03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034 03/03 15:47:05 NetpGetLsaPrimaryDomain: status: 0x0 03/03 15:47:05 NetpLsaOpenSecret: status: 0xc0000034 03/03 15:47:07 NetpManageMachineAccountWithSid: NetUserAdd on '\\LDAP' for 'DEVELOPMENT-PC$' failed: 0x8b0 03/03 15:47:13 NetpSetMachineAccountPasswordAndTypeEx: Broken account type 0x40 -- error out 03/03 15:47:13 NetpManageMachineAccountWithSid: status of attempting to set password on '\\LDAP' for 'DEVELOPMENT-PC$': 0x524 03/03 15:47:13 NetpJoinDomain: status of creating account: 0x524 03/03 15:47:13 NetpJoinDomain: initiaing a rollback due to earlier errors 03/03 15:47:13 NetpLsaOpenSecret: status: 0x0 03/03 15:47:13 NetpJoinDomain: rollback: status of deleting secret: 0x0 03/03 15:47:13 NetpJoinDomain: status of disconnecting from '\\LDAP': 0x0 03/03 15:47:13 NetpDoDomainJoin: status: 0x524 |
smb.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
| [global] smb ports = 139 workgroup = REALTIME netbios name = ldap domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No os level = 35 log level = 3 log file = /var/log/samba/log.%m max log size = 10000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes unix password sync = no ldap passwd sync = yes load printers = yes printing = cups printcap name = cups passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=realtime,dc=lan ldap admin dn = cn=root,dc=realtime,dc=lan ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W -i "%u" #add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = server signing = auto server schannel = Auto [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes browsable = No [printers] comment = All Printers path = /var/spool/samba use client driver = Yes create mask = 0600 guest ok = Yes printable = Yes browseable = No public = yes writable = yes admin users = root write list = root [print$] comment = Printer Drivers Share path = /var/lib/samba/printers write list = root create mask = 0664 directory mask = 0775 admin users = root |
slapd.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/misc.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload back_bdb sizelimit 500 tool-threads 1 backend bdb database bdb suffix "dc=realtime,dc=lan" rootdn "cn=root,dc=realtime,dc=lan" rootpw directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index ou,cn,sn,mail,givenname eq,pres,sub index uidNumber,gidNumber,memberUid eq,pres index loginShell eq,pres index uniqueMember eq,pres index uid pres,sub,eq index displayName pres,sub,eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub lastmod on access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=root,dc=realtime,dc=lan" write by anonymous write by self write by * write access to dn.base="" by * write access to * by dn="cn=root,dc=realtime,dc=lan" write by * write |
ldap.conf
code:
1
2
3
4
5
6
7
| HOST 127.0.0.1 BASE dc=realtime,dc=lan URI ldap://ldap.realtime.lan ldap_version 3 rootbinddn cn=root,dc=realtime,dc=lan bind_policy soft pam_password md5 |
smbldap.conf
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| SID="S-1-5-21-3948054454-3683697284-853384458" sambaDomain="REALTIME" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" ldapSSL="0" verify="require" cafile="/etc/smbldap-tools/ca.pem" clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem" clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key" suffix="dc=realtime,dc=lan" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=REALTIME,${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/ldaphome/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome= userProfile= userHomeDrive= userScript= mailDomain="realtime.lan" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" |
Is al opgelost