The Samba-Bugzilla – Bug 3848
Join by Windows XP clients fail
Last modified: 2006-06-21 04:01:55 UTC
With 3.0.23rc1 I can't join Windows XP clients to the domain.
Same configuration with 3.0.22 works perfectly fine.
It fails with "Access Denied".
Searching the level 10 debug log for NT_STATUS_ACCESS_DENIED reveals:
[2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_modify(1377)
Failed to modify dn: uid=ws035$,ou=Computers,dc=andolan, error: No such attribute (modify/delete: displayName: no such value)
[2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0
[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84)
[2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
0000 status: NT_STATUS_ACCESS_DENIED
Then I tried patching smbldap-useradd to include a displayName, but the message kept appearing in the log.
It does create the LDAP machine account through /usr/sbin/smbldap-useradd -w ws035$
I'm trying it with an account that is both a global admin user (admin users = @"Domain Admins") and is a member of group Domain Admins that has SeMachineAccountPrivilege.
I'm attaching two logs, 3.0.22 domain join log and 3.0.23rc3 domain join log.
Created attachment 1970 [details]
3.0.22 level 10 log domain join by XP client
Created attachment 1971 [details]
3.0.23rc3 level 10 log domain join by XP client
Could test 3.0.23rc2? I think I remember volker fixing
a bug here.
Sorry. I see you already did. I'll look at the logs.
My bad, typo, didn't try 3.0.23rc1, only 3.0.23rc3.
Okay, I know what's going on. Thanks for testing this! Stay tuned....
Created attachment 1972 [details]
fix for pdb_ldap
Can you try the attached patch? I did not test it, as I don't have a full LDAP setup handy right now, but I'm pretty confident it fixes it.
Meanwhile I'm setting up a LDAP DC...
Thanks for testing this!
Ok, checked in the fix with r16427
I love you guys, patch available within 3 hours!
Works for me.