Kosa Attila
2006-04-05 12:40:31 UTC
Hello!
Debian Sarge, samba 3.0.14a-3sarge1.
smb.conf (vonatkozo resze):
os level = 255
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
logon drive = y:
logon path = \\%L\profilent
logon home = \\%L\%U
logon script = %U.bat
allow trusted domains = yes
machine password timeout = 604800
ldap gazda dn = "cn=gazda,dc=in,dc=domain,dc=hu"
ldap ssl = on
ldap filter = (uid=%u)
ldap suffix = dc=in,dc=domain,dc=hu
ldap user suffix = ou=Users,ou=OxObjects
ldap group suffix = ou=Groups,ou=OxObjects
ldap machine suffix = ou=Computers
ldap delete dn = no
ldap replication sleep = 5000
ldap passwd sync = yes
ldap timeout = 15
passdb backend = ldapsam:"ldap://localhost"
add machine script = /usr/local/sbin/x.sh %u
A /usr/local/sbin/x.sh tartalma:
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LANG=C
LC_CTYPE=C
LC_COLLATE=C
LC_TIME=C
LC_ALL=C
UU=`get-unused 10000 uid`
SIDUU=$[$UU*2]
SIDUU=$[$SIDUU+1000]
SS=S-1-5-21-1234567890-123456789-1234567890
LMPW=`mkntpwd -L $1`
NTPW=`mkntpwd -N $1`
(
echo "dn: uid=$1,ou=Computers,dc=in,dc=domain,dc=hu"
echo "objectClass: top"
echo "objectClass: inetOrgPerson"
echo "objectClass: posixAccount"
echo "objectClass: sambaSamAccount"
echo "cn: $1"
echo "sn: $1"
echo "uid: $1"
echo "uidNumber: $UU"
echo "gidNumber: 10003"
echo "displayName: $1"
echo "homeDirectory: /dev/null"
echo "loginShell: /bin/false"
echo "description: Computer"
echo "sambaSID: $SS-$SIDUU"
echo "sambaPrimaryGroupSID: $SS-515"
echo "sambaLMPassword: $LMPW"
echo "sambaNTPassword: $NTPW"
echo "sambaAcctFlags: [W ]"
echo "sambaKickoffTime: 2147483647"
echo "sambaLogonTime: 0"
echo "sambaLogoffTime: 2147483647"
echo "sambaPwdCanChange: 0"
echo "sambaPwdLastSet: 0"
echo "sambaPwdMustChange: 0"
echo ""
echo "dn: cn=ldpmachine,ou=Groups,ou=OxObjects,dc=in,dc=domain,dc=hu"
echo "changetype: modify"
echo "add: memberUid"
echo "memberUid: $1"
echo ""
) | ldapmodify -a -x -w jelszo -H ldap://localhost -D 'cn=gazda,dc=in,dc=domain
,dc=hu' 1>/dev/zero 2>&1
exit 0
A demo gepen a "net rpc join -U teszt001" parancs kiadasakor a
kovetkezo log keletkezik a pdc-n 10-es debug level-en:
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=in,dc=domain,dc=hu], filter => [(&(uid=demo$)(objectclass=sambaSamAccount))], scope => [2]
[2006/04/05 12:04:25, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334)
ldapsam_getsampwnam: Unable to locate user [demo$] count=0
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (10000, 10000) - sec_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam(293)
Finding user demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(239)
Trying _Get_Pwnam(), username as uppercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [demo$]!
[2006/04/05 12:04:25, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311)
_samr_create_user: can add this account : True
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(10000, 10000) : sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/04/05 12:04:25, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/local/sbin/x.sh demo$' gave 0
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam(293)
Finding user demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals did find user [demo$]!
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_username(617)
pdb_set_username: setting username demo$, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_fullname(698)
pdb_set_full_name: setting full name demo$, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833)
pdb_set_unix_homedir: setting home dir /dev/null, was NULL
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_domain(644)
pdb_set_domain: setting domain domain, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-1234567890-123456789-1234567890-21002
[2006/04/05 12:04:25, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1234567890-123456789-1234567890-21002 from rid 21002
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/04/05 12:04:25, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [ou=Groups,ou=OxObjects,dc=in,dc=domain,dc=hu], filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=10003))], scope => [2]
[2006/04/05 12:04:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 10003
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580)
pdb_set_group_sid: setting group sid S-1-5-21-1234567890-123456789-1234567890-515
[2006/04/05 12:04:25, 10] passdb/passdb.c:pdb_init_sam_new(372)
pdb_init_sam_new: no RID specified. Generating one via old algorithm
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-1234567890-123456789-1234567890-21002
[2006/04/05 12:04:25, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1234567890-123456789-1234567890-21002 from rid
21002
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=in,dc=domain,dc=hu], filter => [(&(uid=demo$)(objectclass=sambaSamAccount))], scope => [2]
[2006/04/05 12:04:25, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1781)
ldapsam_add_sam_account: User 'demo$' already in the base, with samba attributes
[2006/04/05 12:04:25, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
could not add user/computer demo$ to passdb. Check permissions?
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (10000, 10000) - sec_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_create_user
[2006/04/05 12:04:25, 6] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_pol_hnd user_pol
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0000 data1: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0004 data2: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint16(613)
0008 data3: 0000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint16(613)
000a data4: 0000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint8s(729)
000c data5: 00 00 00 00 00 00 00 00
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0014 access_granted: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0018 user_rid : 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
001c status: NT_STATUS_ACCESS_DENIED
# net groupmap list
Domain Users (S-1-5-21-1234567890-123456789-1234567890-513) -> ldapusers
Domain Admins (S-1-5-21-1234567890-123456789-1234567890-512) -> ntgazda
Domain Guest (S-1-5-21-1234567890-123456789-1234567890-514) -> ldapguest
Domain Machine (S-1-5-21-1234567890-123456789-1234567890-515) -> ldpmachine
# getent passwd teszt001
teszt001:x:10000:10000:TESZT 001_user:/home/teszt001/:/bin/bash
# getent group ntgazda
ntgazda:x:10001:teszt001
# net rpc rights list ntgazda -U teszt001
Password:
SeMachineAccountPrivilege
A demo gepen kozben ez latszik:
# net rpc join -U teszt001
Password:
Creation of workstation account failed
User specified does not have administrator privileges
Unable to join domain DOMAIN.
# ldapsearch -x
...
# demo$, Computers, in.domain.hu
dn: uid=demo$,ou=Computers,dc=in,dc=domain,dc=hu
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: demo$
sn: demo$
uid: demo$
uidNumber: 10001
gidNumber: 10003
displayName: demo$
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
sambaSID: S-1-5-21-1234567890-123456789-1234567890-21002
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-1234567890-515
sambaAcctFlags: [W ]
sambaKickoffTime: 2147483647
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdMustChange: 0
...
# net rpc join -U teszt001
Password:
Joined domain DOMAIN.
Ha kozvetlenul az elso parancs kiadasa utan (a demo gepen)
azonnal kiadom ujra ugyanazt a parancsot, akkor mar sikeresen
belep a demo gep a tartomanyba. Viszont a demo gep accountja az
elso parancs kiadasakor letrejon. Mar probaltam nscd-vel, es nscd
nelkul is.
Nem ertem, hogy miert nem tudja beleptetni elso alkalommal a demo
gepet. Tudna valaki segiteni, hogy mit nem veszek eszre? Sajnos a
google-lel nem segitett :(
Debian Sarge, samba 3.0.14a-3sarge1.
smb.conf (vonatkozo resze):
os level = 255
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
logon drive = y:
logon path = \\%L\profilent
logon home = \\%L\%U
logon script = %U.bat
allow trusted domains = yes
machine password timeout = 604800
ldap gazda dn = "cn=gazda,dc=in,dc=domain,dc=hu"
ldap ssl = on
ldap filter = (uid=%u)
ldap suffix = dc=in,dc=domain,dc=hu
ldap user suffix = ou=Users,ou=OxObjects
ldap group suffix = ou=Groups,ou=OxObjects
ldap machine suffix = ou=Computers
ldap delete dn = no
ldap replication sleep = 5000
ldap passwd sync = yes
ldap timeout = 15
passdb backend = ldapsam:"ldap://localhost"
add machine script = /usr/local/sbin/x.sh %u
A /usr/local/sbin/x.sh tartalma:
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LANG=C
LC_CTYPE=C
LC_COLLATE=C
LC_TIME=C
LC_ALL=C
UU=`get-unused 10000 uid`
SIDUU=$[$UU*2]
SIDUU=$[$SIDUU+1000]
SS=S-1-5-21-1234567890-123456789-1234567890
LMPW=`mkntpwd -L $1`
NTPW=`mkntpwd -N $1`
(
echo "dn: uid=$1,ou=Computers,dc=in,dc=domain,dc=hu"
echo "objectClass: top"
echo "objectClass: inetOrgPerson"
echo "objectClass: posixAccount"
echo "objectClass: sambaSamAccount"
echo "cn: $1"
echo "sn: $1"
echo "uid: $1"
echo "uidNumber: $UU"
echo "gidNumber: 10003"
echo "displayName: $1"
echo "homeDirectory: /dev/null"
echo "loginShell: /bin/false"
echo "description: Computer"
echo "sambaSID: $SS-$SIDUU"
echo "sambaPrimaryGroupSID: $SS-515"
echo "sambaLMPassword: $LMPW"
echo "sambaNTPassword: $NTPW"
echo "sambaAcctFlags: [W ]"
echo "sambaKickoffTime: 2147483647"
echo "sambaLogonTime: 0"
echo "sambaLogoffTime: 2147483647"
echo "sambaPwdCanChange: 0"
echo "sambaPwdLastSet: 0"
echo "sambaPwdMustChange: 0"
echo ""
echo "dn: cn=ldpmachine,ou=Groups,ou=OxObjects,dc=in,dc=domain,dc=hu"
echo "changetype: modify"
echo "add: memberUid"
echo "memberUid: $1"
echo ""
) | ldapmodify -a -x -w jelszo -H ldap://localhost -D 'cn=gazda,dc=in,dc=domain
,dc=hu' 1>/dev/zero 2>&1
exit 0
A demo gepen a "net rpc join -U teszt001" parancs kiadasakor a
kovetkezo log keletkezik a pdc-n 10-es debug level-en:
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=in,dc=domain,dc=hu], filter => [(&(uid=demo$)(objectclass=sambaSamAccount))], scope => [2]
[2006/04/05 12:04:25, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334)
ldapsam_getsampwnam: Unable to locate user [demo$] count=0
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (10000, 10000) - sec_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam(293)
Finding user demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(239)
Trying _Get_Pwnam(), username as uppercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [demo$]!
[2006/04/05 12:04:25, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311)
_samr_create_user: can add this account : True
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(10000, 10000) : sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/04/05 12:04:25, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/local/sbin/x.sh demo$' gave 0
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam(293)
Finding user demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is demo$
[2006/04/05 12:04:25, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals did find user [demo$]!
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_username(617)
pdb_set_username: setting username demo$, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_fullname(698)
pdb_set_full_name: setting full name demo$, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833)
pdb_set_unix_homedir: setting home dir /dev/null, was NULL
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_domain(644)
pdb_set_domain: setting domain domain, was
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-1234567890-123456789-1234567890-21002
[2006/04/05 12:04:25, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1234567890-123456789-1234567890-21002 from rid 21002
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/04/05 12:04:25, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/04/05 12:04:25, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [ou=Groups,ou=OxObjects,dc=in,dc=domain,dc=hu], filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=10003))], scope => [2]
[2006/04/05 12:04:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 10003
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580)
pdb_set_group_sid: setting group sid S-1-5-21-1234567890-123456789-1234567890-515
[2006/04/05 12:04:25, 10] passdb/passdb.c:pdb_init_sam_new(372)
pdb_init_sam_new: no RID specified. Generating one via old algorithm
[2006/04/05 12:04:25, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-1234567890-123456789-1234567890-21002
[2006/04/05 12:04:25, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1234567890-123456789-1234567890-21002 from rid
21002
[2006/04/05 12:04:25, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=in,dc=domain,dc=hu], filter => [(&(uid=demo$)(objectclass=sambaSamAccount))], scope => [2]
[2006/04/05 12:04:25, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1781)
ldapsam_add_sam_account: User 'demo$' already in the base, with samba attributes
[2006/04/05 12:04:25, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
could not add user/computer demo$ to passdb. Check permissions?
[2006/04/05 12:04:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (10000, 10000) - sec_ctx_stack_ndx = 0
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_create_user
[2006/04/05 12:04:25, 6] rpc_parse/parse_prs.c:prs_debug(82)
000000 smb_io_pol_hnd user_pol
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0000 data1: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0004 data2: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint16(613)
0008 data3: 0000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint16(613)
000a data4: 0000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint8s(729)
000c data5: 00 00 00 00 00 00 00 00
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0014 access_granted: 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_uint32(642)
0018 user_rid : 00000000
[2006/04/05 12:04:25, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
001c status: NT_STATUS_ACCESS_DENIED
# net groupmap list
Domain Users (S-1-5-21-1234567890-123456789-1234567890-513) -> ldapusers
Domain Admins (S-1-5-21-1234567890-123456789-1234567890-512) -> ntgazda
Domain Guest (S-1-5-21-1234567890-123456789-1234567890-514) -> ldapguest
Domain Machine (S-1-5-21-1234567890-123456789-1234567890-515) -> ldpmachine
# getent passwd teszt001
teszt001:x:10000:10000:TESZT 001_user:/home/teszt001/:/bin/bash
# getent group ntgazda
ntgazda:x:10001:teszt001
# net rpc rights list ntgazda -U teszt001
Password:
SeMachineAccountPrivilege
A demo gepen kozben ez latszik:
# net rpc join -U teszt001
Password:
Creation of workstation account failed
User specified does not have administrator privileges
Unable to join domain DOMAIN.
# ldapsearch -x
...
# demo$, Computers, in.domain.hu
dn: uid=demo$,ou=Computers,dc=in,dc=domain,dc=hu
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: demo$
sn: demo$
uid: demo$
uidNumber: 10001
gidNumber: 10003
displayName: demo$
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
sambaSID: S-1-5-21-1234567890-123456789-1234567890-21002
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-1234567890-515
sambaAcctFlags: [W ]
sambaKickoffTime: 2147483647
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdMustChange: 0
...
# net rpc join -U teszt001
Password:
Joined domain DOMAIN.
Ha kozvetlenul az elso parancs kiadasa utan (a demo gepen)
azonnal kiadom ujra ugyanazt a parancsot, akkor mar sikeresen
belep a demo gep a tartomanyba. Viszont a demo gep accountja az
elso parancs kiadasakor letrejon. Mar probaltam nscd-vel, es nscd
nelkul is.
Nem ertem, hogy miert nem tudja beleptetni elso alkalommal a demo
gepet. Tudna valaki segiteni, hogy mit nem veszek eszre? Sajnos a
google-lel nem segitett :(
--
Udvozlettel
Zsiga
Udvozlettel
Zsiga