Author Topic: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied  (Read 11393 times)

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied
« Reply #30 on: December 02, 2010, 10:20:37 am »
pgarcia

Note that the one thing I forgot to mention above is that I did an update of the Zentyal components so that they are the latest available. There are updates available for an installed 2.0-2 system.

I've gone through the ticket you raised on this problem (now at http://trac.zentyal.org/ticket/2542) but I still don't understand your setup. Do you want to have one server as a PDC master (a windows 2003 box?) and another as a Samba PDC slave (known as a Backup Domain controller - BDC)? Is the BDC combined with the LDAP master or is this another server?

Note that a Samba PDC is only designed to work with a Samba BDC and mixing things with a Windows PDC is likely to be complicated and may not work. See the options here:
     http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
If you want redundancy the better option might be to have two Zentyal servers one as Samba PDC/LDAP master and the other as Samba BDC/LDAP slave.

Note that the script that adds the client PC (or machine as it is known in LDAP) is called smbldap-useradd according to your smb.conf file but it has no reference that I can see:
     http://manpages.ubuntu.com/manpages/lucid/en/man8/smbldap-useradd.8.html
to a separate host. Presumably if you wanted to set LDAP as a separate server you would have to equip the Samba PDC as an LDAP client with a connection pointing to the ldaps port of the LDAP master.

Note that the only experience I have is with one server that is an LDAP master and Samba PDC master combined.

bamalam

Sonrry i think i mixed some terms.

I have master LDAP (without PDC, not sharing files ) and the second one is Slave LDAP/Samba PDC with sharing files and domain controller.

I use the last version of File Sharing 2.0.5 and the Users and Groups 2.0.7

Thanks for help us

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #31 on: December 02, 2010, 10:33:19 am »
got the same error ...

use 1.4 dude lol  :P domain logins work perfectly with our setup

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #32 on: December 02, 2010, 11:07:22 am »
got the same error ...

use 1.4 dude lol  :P domain logins work perfectly with our setup

I have more features  working on 2.0 .. i can't downgrande my system.

bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #33 on: December 02, 2010, 11:34:56 am »
eboxbuggy

Sorry it is not working out. Did you update your 2.0 installation? I used aptitude from the command prompt to do the upgrade of package information and then did the update from the Zentyal web interface.

It still sounds like an admin rights issue. Just to confirm if that is the problem could you please show a section of your LDAP output. This is done by using the slapcat -l <ldif out filename> from the command prompt. We need to see the ou=Computer entry and that should indicate that the Domain Admins are the ones with permission so show the Domain Admins entry and then show the entry for the user that you are using to add in the computer. Please post logs from the server as well not just from the PC.

pgarcia
I can't understand why you have the setup the way you outline - it doesn't make sense if you have two servers available why not make one the Samba/LDAP master and the other as the backup for the Samba as well as the LDAP. If you want to configure things this way there are clues in the Samba HOWTO that I referenced in a previous post. If you still want to keep things as they are though there are clues as to how you would set things up in this as well - note the idmap backend and passdb backend entries the smb.conf file for some of the examples. Always remember that Zentyal makes use of templates so you don't normally edit config files. I'm not near my server at the moment so I can't tell if there is a a Zentyal system is set up the right way for backup servers.

bamalam

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #34 on: December 02, 2010, 03:53:40 pm »
eboxbuggy

Sorry it is not working out. Did you update your 2.0 installation? I used aptitude from the command prompt to do the upgrade of package information and then did the update from the Zentyal web interface.

It still sounds like an admin rights issue. Just to confirm if that is the problem could you please show a section of your LDAP output. This is done by using the slapcat -l <ldif out filename> from the command prompt. We need to see the ou=Computer entry and that should indicate that the Domain Admins are the ones with permission so show the Domain Admins entry and then show the entry for the user that you are using to add in the computer. Please post logs from the server as well not just from the PC.

Yes i have updated to the last version.

Here I have posted all the logs and config: http://trac.zentyal.org/ticket/2542

Code: [Select]
Computers, server02
dn: ou=Computers,dc=server02
ou: Computers
objectClass: organizationalUnit

# Idmap, server02
dn: ou=Idmap,dc=server02
ou: Idmap
objectClass: organizationalUnit

# servidor$, Computers, server02
dn: uid=servidor$,ou=Computers,dc=server02
objectClass: top
objectClass: account
objectClass: posixAccount
cn: servidor$
uid: servidor$
uidNumber: 2114
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

# casa$, Computers, server02
dn: uid=casa$,ou=Computers,dc=server02
objectClass: top
objectClass: account
objectClass: posixAccount
cn: casa$
uid: casa$
uidNumber: 2115
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
-------------------------------
....
# Domain Admins, Groups, server02
dn: cn=Domain Admins,ou=Groups,dc=server02
cn: Domain Admins
gidNumber: 512
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: admin_dominios
memberUid: dominios
displayName: Domain Admins
sambaGroupType: 2
sambaSID: S-1-5-21-3818554400-921237426-3143208535-512

eboxbuggy
pgarcia
I can't understand why you have the setup the way you outline - it doesn't make sense if you have two servers available why not make one the Samba/LDAP master and the other as the backup for the Samba as well as the LDAP. If you want to configure things this way there are clues in the Samba HOWTO that I referenced in a previous post. If you still want to keep things as they are though there are clues as to how you would set things up in this as well - note the idmap backend and passdb backend entries the smb.conf file for some of the examples. Always remember that Zentyal makes use of templates so you don't normally edit config files. I'm not near my server at the moment so I can't tell if there is a a Zentyal system is set up the right way for backup servers.

bamalam


I have a setup more complex with more slaves and in differents locations so I use one like master ldap and the others like slave/samba pdc


thanks




bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #35 on: December 03, 2010, 12:59:08 pm »
pgarcia

The advice on configuration of Samba with different arrangements of LDAP is shown at:
    http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#id2566941
Note what it has to say about joining a PC using a LDAP slave server. You have to use a LDAP master. For this reason you need to add LDAP master address on the Samba server. So in the smb.conf file as mentioned in my last post and in the document referenced, you need the references to your LDAP master:
Code: [Select]
passdb backend = ldapsam:"ldaps://master ldaps://slave"
idmap backend = ldap:"ldaps://master ldaps://slave"

Where you replace the master and slave in the above with the IP addresses of your LDAP servers. If the master LDAP server is not a Zentyal one you need to consider whether the ou references like Groups and Users match those that the Zentyal Samba server needs (for example __USERS__ reference).

bamalam

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #36 on: December 04, 2010, 07:57:35 am »
eboxbuggy

Sorry it is not working out. Did you update your 2.0 installation? I used aptitude from the command prompt to do the upgrade of package information and then did the update from the Zentyal web interface.
Yes I did all upgrades both on GUI and CLI

It still sounds like an admin rights issue. Just to confirm if that is the problem could you please show a section of your LDAP output. This is done by using the slapcat -l <ldif out filename> from the command prompt. We need to see the ou=Computer entry and that should indicate that the Domain Admins are the ones with permission so show the Domain Admins entry and then show the entry for the user that you are using to add in the computer. Please post logs from the server as well not just from the PC.
Yes it seems the XP Workstations do not recognize the users as "DOMAIN ADMINS". Aside from this I think one of the reasons why it doesn't work is that LDAP refuses to create the "CLIENT WORKSTATION (winxp-client$). Manually adding these do not work smbldap-useradd -w -i computer-name

COMPUTERS
Quote
# Computers, ldap.server
dn: ou=Computers,dc=ldap,dc=server
ou: Computers
objectClass: organizationalUnit
DOMAIN ADMIN
Quote
# Domain Admins, Groups, ldap.server
dn: cn=Domain Admins,ou=Groups,dc=ldap,dc=server
cn: Domain Admins
gidNumber: 512
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Domain Admins
sambaGroupType: 2
sambaSID: S-1-1-12-1234567890-123456789-1234567890-512
ADMINISTRATOR
Quote
# Administrators, Groups, ldap.server
dn: cn=Administrators,ou=Groups,dc=ldap,dc=server
cn: Administrators
gidNumber: 544
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Administrators
sambaGroupType: 5
sambaSID: S-1-1-12-544
USER1
Quote
# user1, Users, ldap.server
dn: uid=user1,ou=Users,dc=ldap,dc=server
cn: XP Admin
uid: user1
sn: Admin
loginShell: /bin/bash
uidNumber: 2003
gidNumber: 1901
homeDirectory: /home/user1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: sambaSamAccount
eboxSha1Password: {SHA}/4UYBy6LjMknx5sbDaoVkBTVLmA=
eboxMd5Password: {MD5}c8jbnP1BLrmCG+YIFd7wtA==
eboxLmPassword: DC5926EC70745A46AAD3B435B51404EE
eboxNtPassword: 6AF7AC71414E614500FE2F3E353BC37A
eboxDigestPassword: {MD5}IyoSB7+tJk/gzG2A1R/PqQ==
eboxRealmPassword: {MD5}232a1207bfad264fe0cc6d80d51fcfa9
givenName: XP
sambaProfilePath: \\SERVER\profiles\user1
sambaHomePath: \\SERVER\homes\user1
sambaSID: S-1-1-12-1234567788990-123456789-1234567890-5006
sambaPrimaryGroupSID: S-1-1-12-1234567890-123456789-1234567890-513
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1291280759
sambaKickoffTime: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
sambaAcctFlags:
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdCanChange: 0
USERS GROUP
Quote
# Domain Users, Groups, ldap.server
dn: cn=Domain Users,ou=Groups,dc=ldap,dc=server
cn: Domain Users
gidNumber: 513
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Domain Users
sambaGroupType: 2
sambaSID: S-1-1-12-1234567890-123456789-1234567890-513
« Last Edit: December 04, 2010, 08:00:36 am by eboxbuggy »

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #37 on: December 04, 2010, 08:18:18 am »
tail -n 20 /var/log/syslog
Code: [Select]
Dec  4 15:14:16 PDCSERVER smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:16 PDCSERVER slapd[2623]: connection_read(13): no connection!
Dec  4 15:14:16 PDCSERVER slapd[2623]: connection_read(13): no connection!
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: last message repeated 2 times
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaSID) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (memberUid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uniqueMember) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uniqueMember) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: last message repeated 5 times
Dec  4 15:14:17 PDCSERVER smbd_audit: user1|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:17 PDCSERVER slapd[2623]: connection_read(13): no connection!
tail /var/log/messages
Code: [Select]
Dec  4 15:14:16 PDCSERVER smbd_audit: user1|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:16 PDCSERVER smbd_audit: user11|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:17 PDCSERVER smbd_audit: user11|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:17 PDCSERVER  smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #38 on: December 04, 2010, 08:26:47 am »
At least pgarcia you have your computers created in LDAP. servidor$ and casa$ ... any computer name I make does not get added.

I made two of the XP VM computer names "servidor" and "casa" LOL didn't work either ... probably since mi ordenador no entiende español LOL ;D

edit: used google translate
« Last Edit: December 04, 2010, 08:31:17 am by eboxbuggy »

bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #39 on: December 07, 2010, 08:13:14 pm »
pgarcia
Did you try my suggestions? Note that I would not recommend that you have a $ character in any server name. The $ is used by Samba/Windows itself.

eboxbuggy
Looking at your LDAP output the thing I find strange is the parts of the dn that are currently:
    dc=ldap,dc=server
because these should be more typically (where it is only a local system and not accessible from the internet):
    dc=<server-name>,dc=<site-name>,dc=local
where for example my <server-name> is tim-z1 and <site-name> is cmc

The server-name corresponds with my hostname.

Where this is causing you problems is in the entry in your user for sambaProfilePath and sambaHomePath:
Code: [Select]
sambaProfilePath: \\SERVER\profiles\user1
sambaHomePath: \\SERVER\homes\user1
which should be your server-name so in my case it reads:
Code: [Select]
sambaProfilePath: \\tim-z1\profiles\user1
sambaHomePath: \\tim-z1\homes\user1

Looking through your logs there are errors where PDCSERVER is referred to so at some time this is what you had instead of SERVER at some stage. Note that in Linux/Unix, case is important and you shouold use lower case for names. There is a displayName field in LDAP which is usually the upper case name of the computer with a $ at the end which is automatically there when the PC is added successfully to the domain. I suggest if changing the profile paths above doesn't work that you consider a fresh install.

bamalam

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #40 on: December 08, 2010, 03:35:04 pm »
At least pgarcia you have your computers created in LDAP. servidor$ and casa$ ... any computer name I make does not get added.

I made two of the XP VM computer names "servidor" and "casa" LOL didn't work either ... probably since mi ordenador no entiende español LOL ;D

edit: used google translate

jajajja, nice try!!

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #41 on: December 08, 2010, 03:37:51 pm »
pgarcia
Did you try my suggestions? Note that I would not recommend that you have a $ character in any server name. The $ is used by Samba/Windows itself.

eboxbuggy
Looking at your LDAP output the thing I find strange is the parts of the dn that are currently:
    dc=ldap,dc=server
because these should be more typically (where it is only a local system and not accessible from the internet):
    dc=<server-name>,dc=<site-name>,dc=local
where for example my <server-name> is tim-z1 and <site-name> is cmc

The server-name corresponds with my hostname.

Where this is causing you problems is in the entry in your user for sambaProfilePath and sambaHomePath:
Code: [Select]
sambaProfilePath: \\SERVER\profiles\user1
sambaHomePath: \\SERVER\homes\user1
which should be your server-name so in my case it reads:
Code: [Select]
sambaProfilePath: \\tim-z1\profiles\user1
sambaHomePath: \\tim-z1\homes\user1

Looking through your logs there are errors where PDCSERVER is referred to so at some time this is what you had instead of SERVER at some stage. Note that in Linux/Unix, case is important and you shouold use lower case for names. There is a displayName field in LDAP which is usually the upper case name of the computer with a $ at the end which is automatically there when the PC is added successfully to the domain. I suggest if changing the profile paths above doesn't work that you consider a fresh install.

bamalam


I spent several days off, because Z is stressing me too. In a moment I will prove what I am told

thanks

pgarcia

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #42 on: December 08, 2010, 05:51:40 pm »
pgarcia
Did you try my suggestions? Note that I would not recommend that you have a $ character in any server name. The $ is used by Samba/Windows itself.


Hi all,

I've tried but still gives me the same error

Code: [Select]
==> casa <==
[2010/12/08 17:40:32,  0] lib/util_sock.c:738(write_data)
[2010/12/08 17:40:32,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2010/12/08 17:40:32,  0] smbd/process.c:62(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)

The character $ is a error of copy/paste from console, I dont have this character on my server name

Here I have a attached log of "messages", "smbd" , "casa" and "192.168.1.131"  : http://trac.zentyal.org/attachment/ticket/2542/error_pdc.txt
« Last Edit: December 08, 2010, 07:13:56 pm by pgarcia »

bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #43 on: December 08, 2010, 09:29:56 pm »
pgarcia

Sorry I have only come across this now, but have you seen:
   http://trac.zentyal.org/wiki/Document/HowTo/EBoxMasterSlaveSetup
particularly the section referred to as Slave. I can see why eboxbuggy used that term in the title of this topic now. I don't know if it is fully relevant to version 2.0 of Zentyal but looking at my firewall I see that LDAP connections are not allowed thru by default. It would need to be enabled, at least for internal networks. The other thing to remember is to have the slave LDAP synchronised to the master after the master is set up - should be checkable using an output (from slapcat) of the LDAP db from each server and comparing them. Another thing to remember is that the use of ldaps protocol that I suggested may complicate things so perhaps ldap should be used as the connection protocol (although not secure) because as you can see from my everything in one server, it is used internally:
Code: [Select]
adminuser@tim-z1:~$ netstat -ta |grep ldap
tcp        0      0 *:ldap                  *:*                     LISTEN
tcp        0      0 *:ldaps                 *:*                     LISTEN
tcp        0      0 localhost:ldap          localhost:35582         ESTABLISHED
tcp        0      0 localhost:35582         localhost:ldap          ESTABLISHED
tcp        0      0 localhost:ldap          localhost:36043         ESTABLISHED
tcp        0      0 localhost:36043         localhost:ldap          ESTABLISHED
tcp6       0      0 [::]:ldap               [::]:*                  LISTEN
tcp6       0      0 [::]:ldaps              [::]:*                  LISTEN
adminuser@tim-z1:~$
See if you can see the connections between your master and slave LDAP servers using a command similar to the above to prove that the links are there.

It might be helpful if you provide more log information. Look for relevant lines at the tail of the messages log and/or syslog. Also what sort of error is reported in the PC logs at C:\Windows\Debug where the relevant file should be netlogon. See the sort of error output that eboxbuggy provides.

As to the other endpoint errors appearing - here are my logs around the time of my first successful join of a domain on 2010/11/26:
Code: [Select]
[2010/11/18 23:21:18,  0] lib/util_sock.c:738(write_data)
[2010/11/18 23:21:18,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2010/11/18 23:21:18,  0] smbd/process.c:62(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/11/26 19:51:46,  0] lib/util_sock.c:738(write_data)
[2010/11/26 19:51:46,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2010/11/26 19:51:46,  0] smbd/process.c:62(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/11/26 19:51:48,  1] smbd/service.c:1063(make_connection_snum)
  laurence-f1 (192.168.192.224) connect to service profiles initially as user bamalam (uid=0, gid=1901) (pid 4083)
[2010/11/26 19:51:48,  1] smbd/service.c:1063(make_connection_snum)
  laurence-f1 (192.168.192.224) connect to service netlogon initially as user bamalam (uid=2002, gid=1901) (pid 4083)
[2010/11/26 19:51:53,  1] smbd/service.c:1063(make_connection_snum)
  laurence-f1 (192.168.192.224) connect to service bamalam initially as user bamalam (uid=2002, gid=1901) (pid 4083)
[2010/11/26 19:51:59,  1] smbd/service.c:1240(close_cnum)
  laurence-f1 (192.168.192.224) closed connection to service profiles
[2010/11/26 19:51:59,  1] smbd/service.c:1240(close_cnum)
  laurence-f1 (192.168.192.224) closed connection to service netlogon
[2010/11/26 19:51:59,  1] smbd/service.c:1240(close_cnum)
  laurence-f1 (192.168.192.224) closed connection to service bamalam
[2010/11/26 19:52:06,  1] smbd/service.c:1063(make_connection_snum)
  laurence-f1 (192.168.192.224) connect to service bamalam initially as user bamalam (uid=2002, gid=1901) (pid 4083)
[2010/11/26 19:52:06,  1] smbd/service.c:1063(make_connection_snum)
  laurence-f1 (192.168.192.224) connect to service netlogon initially as user bamalam (uid=2002, gid=1901) (pid 4083)
[2010/11/26 19:54:47,  0] printing/print_cups.c:103(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused

You can see that some of the same endpoint errors don't seem to have made a difference to a successful outcome.

Finally as brought to my attention by the problems of eboxbuggy,  the sambaProfilePath and sambaHomePath should be correct and the samba server reachable from the LDAP servers.

bamalam

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied
« Reply #44 on: December 08, 2010, 09:59:26 pm »
eboxbuggy

Sorry, I seemed to have let my understanding of the type of setup that you have slip with references that I made in my last post to you. I'm working from the handicap of working on an all-in-one server. Your edit to the very first post showing the IP addresses helps clarify things.

A lot of what I said in my last post to pgarcia above still applies to you. The most important thing is this link:
   http://trac.zentyal.org/wiki/Document/HowTo/EBoxMasterSlaveSetup
particularly the section referred to as Slave.  As I said, I don't know if it is fully relevant to version 2.0 of Zentyal but looking at my firewall I see that LDAP connections are not allowed thru by default. So check out the firewall rules and check the links and so on with netstat. Also check that you can resolve the host name for the Samba server referred to in sambaProfilePath and sambaHomePath using at least a ping.

bamalam