Results 1 to 5 of 5

Thread: Zimbra + Samba LDAP, cannot add winxp

Hybrid View

  1. #1
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Unhappy Zimbra + Samba LDAP, cannot add winxp

    Hello all,
    After successfully struggling with the getent passwd/group on Opensuse10.2 and zimbra 4.5.6, now I face another one: I cannot add my windowsxp client to zimbra ldap domain.

    The zimbra samba UI is working fine.

    This is my /etc/samba/smb.conf:
    Code:
    [global]
    workgroup = vulcan.com
    netbios name = fajar102
    os level = 33
    preferred master = yes
    enable privileges = yes
    server string = %h server (Samba, Opensuse102)
    wins support = yes
    dns proxy = no
    name resolve order = wins bcast hosts
    log file = /var/log/samba/log.%m
    log level = 3 
    max log size = 1000
    syslog only = no
    syslog = 5
    #panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true
    ldap passwd sync = yes
    passdb backend = ldapsam:ldap://192.168.1.101
    ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra"
    ldap suffix = dc=vulcan,dc=com
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    ldap machine suffix = ou=machines
    obey pam restrictions = no
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully*
    domain logons = yes
    logon path = \\fajar102.vulcan.com\%U\profile
    logon home = \\fajar102.vulcan.com\%U
    logon script = logon.cmd
    #add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u
    #add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u
    #add user script = /usr/sbin/useradd --quiet %u
    #add machine script = /usr/sbin/useradd --shell /bin/false --quiet %u
    ######## FOR OPENSUSE ##########
    username map = /etc/samba/smbusers
    add user script = /usr/local/bin/smbldap-useradd -m %u
    delete user script = /usr/local/bin/smbldap-userdel %u
    add group script = /usr/local/bin/smbldap-groupadd -p %g
    delete group script = /usr/local/bin/smbldap-groupdel %g
    add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u
    delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u
    set primary group script = /usr/local/bin/smbldap-usermod -g %g %u
    add machine script = /usr/local/bin/smbldap-useradd -w %u
    # if you want to add machines to domain automaticaly, add machine script is:
    #add machine script = /usr/local/bin/smbldap-useradd -w -i %u
    #################################
    socket options = TCP_NODELAY
    domain master = yes
    local master = yes
    The part that I'm not sure is the useradd script, I used the one from Greg's howto, but seems like it's for Ubuntu, so I use the smbldap-tools from scalix and if use independently it seems to be working. I can query user from ldap from it.

    Code:
    fajar102:~ # smbldap-usershow adminsmb4
    dn: uid=adminsmb4,ou=people,dc=vulcan,dc=com
    displayName: Admin SMB4
    givenName: Admin
    objectClass: organizationalPerson,zimbraAccount,amavisAccount,posixAccount,sambaSamAccount
    zimbraId: 3b832a17-132c-49af-95c3-46a1219c13df
    zimbraMailStatus: enabled
    zimbraMailDeliveryAddress: adminsmb4@vulcan.com
    uid: adminsmb4
    mail: adminsmb4@vulcan.com
    cn: Admin SMB4
    zimbraMailTransport: lmtp:fajar102.vulcan.com:7025
    zimbraMailHost: fajar102.vulcan.com
    sn: SMB4
    This is the error that in samba log:
    Code:
    Jul  5 13:49:07 fajar102 smbd[22231]: [2007/07/05 13:49:07, 3] smbd/service.c:make_connection_snum(950)
    Jul  5 13:49:07 fajar102 smbd[22231]:   acer-centrino (192.168.1.237) connect to service IPC$ initially as user adminsmb4 (uid=20001, gid=20003) (pid 22231)
    
    Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
    Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
    Jul  5 13:49:08 fajar102 smbd[22231]:   Returning domain sid for domain VULCAN.COM -> S-1-5-21-1439140547-2811502038-3238742711
    
    Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
    Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] lib/util_seaccess.c:se_access_check(250)
    Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] lib/util_seaccess.c:se_access_check(251)
    Jul  5 13:49:08 fajar102 smbd[22231]:   se_access_check: user sid is S-1-5-21-1439140547-2811502038-3238742711-41002
    
    Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_CREATE_USER
    Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] smbd/sec_ctx.c:push_sec_ctx(208)
    
    Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
    Jul  5 13:49:09 fajar102 smbd[22231]:   _samr_create_user: Running the command `/usr/local/bin/smbldap-useradd -w acer-centrino$' gave 3
    Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 3] passdb/pdb_interface.c:pdb_default_create_user(384)
    Jul  5 13:49:09 fajar102 smbd[22231]:   pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER
    Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
    Jul  5 13:49:09 fajar102 smbd[22231]:   pop_sec_ctx (20001, 20003) - sec_ctx_stack_ndx = 0
    From windowxp, the error was:
    Your computer could not be joined to the domain because the following error has occured: The user name could not be found

    Anyone has able to overcome this?
    Thanks.

  2. #2
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    With reduced log level:
    Code:
    Jul  5 14:07:13 fajar102 smbd[24518]: [2007/07/05 14:07:13, 0] lib/util_sock.c:write_data(562)
    Jul  5 14:07:13 fajar102 smbd[24518]:   write_data: write failure in writing to client 192.168.1.237. Error Connection reset by peer
    Jul  5 14:07:13 fajar102 smbd[24518]: [2007/07/05 14:07:13, 0] lib/util_sock.c:send_smb(769)
    Jul  5 14:07:13 fajar102 smbd[24518]:   Error writing 4 bytes to client. -1. (Connection reset by peer)
    Jul  5 14:07:14 fajar102 smbd[24519]: [2007/07/05 14:07:14, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2224)
    Jul  5 14:07:14 fajar102 smbd[24519]:   ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1439140547-2811502038-3238742711-512)): count=2
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (member) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:14 fajar102 slapd[19349]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)
    Jul  5 14:07:25 fajar102 smbd[24519]: [2007/07/05 14:07:25, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
    Jul  5 14:07:25 fajar102 smbd[24519]:   _samr_create_user: Running the command `/usr/local/bin/smbldap-useradd -w acer-centrino$' gave 3

  3. #3
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Code:
    fajar102:~ # smbldap-useradd -w acer$
    Could not find base dn, to get next uidNumber at /usr/local/bin//smbldap_tools.pm line 1046.

  4. #4
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Talking It should be on the FAQ

    Hello,
    After several days of searching the forum using all kinds of keywords, finally I found the solution:

    It's on http://www.zimbra.com/forums/adminis...-accounts.html

    Oh boy! I'm so glad. Now, the I can join windowsxp to my Zimbra domain.
    The writer is correct, since the howto is written for Ubuntu, the user add script cannot be used for Opensuse. In Opensuse, it should be:
    Code:
    add user script = /usr/sbin/useradd -m %u
    add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u
    I think it should be on the FAQ

  5. #5
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    useradd should not be used for samba/ldap. use the ldap scripts that come with samba - on some distros you might have to search for them but they should be there somewhere. adding computer to domain has always been a little flakey but check your root/administrator ldap entry is working and is being recognised as a domain admin and your computer entry should add ok. older versions of samba used to have a bug that reported an error but if you look the computer entry is actually added to the tree.

    i find these packages are well built and up-to-date, often much more so than distro packages:
    Enterprise Samba: samba-enterprise

    samba updates frequently and often fix many bugs that often don't get backported to distro packages.

Similar Threads

  1. LDAP and Samba
    By numkem in forum Administrators
    Replies: 12
    Last Post: 02-11-2009, 12:12 PM
  2. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  3. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 06:38 PM
  4. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 06:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •