WinXP joining Samba domain - one last hurdle (I hope)

English Network/Internet
1

Hello,

I have configured an OpenSuSe 11.0 server with Samba 3.2 and backend using openLDAP.

I added a workstation account and user account for my XP computer to the unix and samba configuration.

I then joined the Samba domain from the XP system using the root credentials when prompted. After the reboot of the XP system when I try to log into the domain I get a message stating “the domain controller for mydomain cannot be found”.

There is a netlogon 5719 event on the XP system indicating:
No Domain Controller is available for domain mydomain due to the following:
A device attached to the system is not functioning

I looked on the SuSe system and found a log under /var/log/samba named workstationname.log. In this file I find this:
[2008/09/06 14:20:51, 2] lib/smbldap.c:smbldap_open_connection(772)
smbldap_open_connection: connection opened
[2008/09/06 14:20:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: workstation$
[2008/09/06 14:20:51, 0] lib/smbldap.c:smbldap_open(1005)
smbldap_open: cannot access LDAP when not root…

So I am wondering if I have an LDAP issue, maybe ACL related???

I went through 3 or 4 pages of google search and didn’t find anything that resolved my issue.

Can someone point me in the right direction to get this problem resolved? It would be greatly appreciated!

2

correction the error i get when I try to log into the domain is the domain cannot be found – not the domain controller.

3

additional info:

if I do a nltest /dsgetdc:mydomain from the xp system I get a valid response

 DC: \\mydc

Address: \mydc
Dom Nam: mydomain

nslookup of mydc returns the correct ip address, I can ping by fqdn.

If I do a \mydc
etlogon from start run it does pull up the netlogon share.

nbtstat -a mydc returns valid netbios entries

4

bladstriker wrote:

>
> Hello,
>
> I have configured an OpenSuSe 11.0 server with Samba 3.2 and backend
> using openLDAP.
>
> I added a workstation account and user account for my XP computer to
> the unix and samba configuration.
>
> I then joined the Samba domain from the XP system using the root
> credentials when prompted. After the reboot of the XP system when I try
> to log into the domain I get a message stating “the domain controller
> for mydomain cannot be found”.
>
> There is a netlogon 5719 event on the XP system indicating:
> No Domain Controller is available for domain mydomain due to the
> following:
> A device attached to the system is not functioning
>
> I looked on the SuSe system and found a log under /var/log/samba named
> workstationname.log. In this file I find this:
> [2008/09/06 14:20:51, 2] lib/smbldap.c:smbldap_open_connection(772)
> smbldap_open_connection: connection opened
> [2008/09/06 14:20:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: workstation$
> [2008/09/06 14:20:51, 0] lib/smbldap.c:smbldap_open(1005)
> smbldap_open: cannot access LDAP when not root…
>
> So I am wondering if I have an LDAP issue, maybe ACL related???
>
> I went through 3 or 4 pages of google search and didn’t find anything
> that resolved my issue.
>
> Can someone point me in the right direction to get this problem
> resolved? It would be greatly appreciated!
>
bladstriker;

  1. Do the times in the log correspond to when you jointed the domain or when you
    tried to logon?
  2. Have you checked that smbd is running as root ( ps -Af | grep smb )?
  3. Have you read Chapter 5 of “Samba-3 by Example”? Look either here:
    /usr/share/doc/packages/samba or here: http://samba.org/samba/ .

    P. V.
    Cogito cogito ergo cogito sum.
5

  1. they correspond to when I try to log into the domain from the xp system.

  2. yes smb is running as root

  3. I am reviewing the chapter and I must be missing something as when I try to do the ldapsearch on step8 of the LDAP directory initialization steps I am getting an error stating insufficient access.

ldapsearch -x -b “dc=my,dc=domain” “(ObjectClass=*)”

extended LDIF

LDAPv3

base <dc=my,dc=domain> with scope subtree

filter: (ObjectClass=*)

requesting: ALL

search result

search: 2
result: 50 Insufficient access

numResponses: 1

6

Here is a snipet of the netlogon log file

09/06 18:12:18 [SESSION] mydomain: NlDiscoverDc: Found DC \mydc
09/06 18:12:18 [CRITICAL] NlSessionSetup: Fall back to Authenticate2
09/06 18:12:18 [SESSION] mydomain: NlSetStatusClientSession: Set connection status to 0
09/06 18:12:18 [CRITICAL] NlGetNt4TrustedDomainList: \mydc: LsaEnumerateTrustedDomains failed: c0000001
09/06 18:12:18 [CRITICAL] mydomain: NlSessionSetup: NlUpdateDomainInfo failed 0xC0000001
09/06 18:12:18 [MISC] Eventlog: 5719 (1) “mydomain” 0xc0000001 c0000001 …

7

bladstriker wrote:

>
> 1. they correspond to when I try to log into the domain from the xp
> system.
>
> 2. yes smb is running as root
>
> 3. I am reviewing the chapter and I must be missing something as when
> I try to do the ldapsearch on step8 of the LDAP directory initialization
> steps I am getting an error stating insufficient access.
>
> ldapsearch -x -b “dc=my,dc=domain” "(ObjectClass=)"
>
> # extended LDIF
> #
> # LDAPv3
> # base <dc=my,dc=domain> with scope subtree
> # filter: (ObjectClass=)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 50 Insufficient access
>
> # numResponses: 1
>
bladstriker;

You might want to post your question on the user list at www.samba.org and/or
use Google on the error messages. There should be an openldap log that might
also have information to help you troubleshoot this.

P. V.
Cogito cogito ergo cogito sum.