[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?

[Adam Williams]

> | [globals]
> |   debug level = 10
> | When it doesn't let you in does it say Domain Unavailable or just that
> | your username/password is incorrect?
> No.  It just says "Access Denied."  Gimme a sec.  I'll recreate the
> error for precision...   Note the following:  I've already added the
> machine manually, not that it matters having tried it both ways.
> OK.... Here is what it says exactly:
> The following error occurred attepting to join the domain "J9STARR":
> Access is denied.

Ah ha!  Your getting this while attempting to join the domain?

1.) You have a posixAccount object the corresponds to the [%m || "$"]?
2.) That posixAccount is NOT also a sambaSamAccount
3.) That object is under you ou=System Accounts or equivalent ou
--What ldap machine suffix = says
4.) Your logged into the workstation as the **LOCAL** Administrator
5.) You've made NONE/ZERO/ZIP network connections before attempting to
join the domian?
i.e. You boot, login, and attempt to join the domain with NO
intermediary steps.
6.) "net getlocalsid" on the purported PDC returns a PDC like SID?
-->[root@littleboy /root]# net getlocalsid
-->SID for domain BARBEL is: S-1-5-21-2037442776-3290224752-88127236
--See the lack of a RID
7.) You have a uid=root object in your Dit and that object ***IS** a
sambaSamAccount (it's RID doesn't matter, should be 1000 following
normal conventions, but whatever).
-->[root@littleboy /root]# pdbedit -u root
-->root:0:root
--It is OK for root to also be in /etc/passwd, don't worry about it.
8.) root is a memberuid attribute of your Domain Administrators group.
(or the root account object's dn is a member attribute of the group
object if your using RFC2307bis).
-->[root@littleboy /root]# id root
-->uid=0(root) gid=0(root)
-->groups=0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel),
-->*****4(admins)***** <- the Domain Administrators group
9.) Your domain administrators group has a SID of PDC-SID || "-512"
-->[root@littleboy /root]# net groupmap list | grep Admin
-->Domain Admins (S-1-5-21-2037442776-3290224752-88127236-512) -> admins
--And of course, this SID does match the PDC SID?
10.) You have WIS support enabled on the PDC and the client has that set
as the WINS server?
11.) Your attempting to join the domain using the following procedure -
-->Start \ Settings \ Control Panel \ System \ Network Identification \
-->Properties \ select Domain\ enter BACKBONE\ OK \ Enter root and root
-->password
--Where BACKBONE is of course, the name of your domain, the above is
cut-n-pasted from Morrison Industries ED Manual.



> Now just accessing the shares, I can go:
> My Network Places | View Workgroup Computers | Microsoft Windows Network
> (found under "Other Places" in the sidebar) | J9starr

Well, it shows up there, which is a good sign.

> It lets me access J9starr | Samba Server 3.01 (Enigma)| Public but it
> will not let me write to it.  (\\Enigma\public)
> If I go J9starr | Samba Server 3.01 (Enigma)| Homes it says the network
> path is not available.

And your sure that the home directory for the user your trying to
connect as is actually valid?  And you have -
[homedir]
  comment = Home Directory
  path = %H
  read only = no
  browseable = yes
- defined in smb.conf?

> If I go J9starr | Samba Server 3.01 (Enigma)| Netlgon I get a login box
> but it says

Right, your not a member of the domain (yet)

> "ENIGMA\netlogon is not available. You might not have permission to use
> this network resource.  Contact the administrator of this server to find
> out if you have access permissions. Multiple connections to a server or
> shared resource using more than one username, are not allowed.
> Disconnect all previous connections to the server or shared resource and
> try again."
> So in order to sever those connections I try restarting the server, at
> which point I get "The network path was not found."

This is CORRECT Winbloze behaviour, believe it or not.