" ldapsam:editposix"-Is as I can tell not a good solution whenever I tried this it did not Work right. And there is nowhere a good and new howto about this feature. No description goes into the depth.
----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: [email protected] Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Mike Brady Gesendet: Mittwoch, 23. Februar 2011 09:17 An: Jon Detert Cc: [email protected] Betreff: Re: [Samba] problem joining WinXP machine to samba PDC+LDAP environment Quoting Jon Detert <[email protected]>: > On Mon, Feb 21, 2011 at 4:15 PM, Mike Brady > <[email protected]> wrote: >> Quoting Jon Detert <[email protected]>: >> >>> Hello, >>> >>> I can't join a winxp box to my samba domain. I just have one samba >>> server, meant to act as a PDC for domain='CHI'. >>> Any ideas how to troubleshoot and/or remedy? >>> >>> Thanks, >>> >>> Jon >>> >>> Context: >>> ------------ >>> samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'. >>> smbldap-tools v0.9.6. >>> I 'populated' the ldap with 'smbldap-populate'. >>> >>> I try to join the winxp box, authenticating to the domain as user >>> 'jdetert', which is a member of the 'Administrators' group: >>> # smbldap-groupshow Administrators >>> dn: cn=Administrators,ou=Groups,dc=infinityhealthcare,dc=com >>> objectClass: top,posixGroup,sambaGroupMapping >>> gidNumber: 544 >>> cn: Administrators >>> description: Netbios Domain Members can fully administer the >>> computer/sambaDomainName >>> sambaSID: S-1-5-32-544 >>> sambaGroupType: 5 >>> displayName: Administrators >>> memberUid: jdetert,root >>> >>> What happens: >>> ---------------------- >>> a failure dialog window pops up on the winxp box with this message: >>> 'The following error occurred attempting to join the domain "CHI": >>> The user name could not be found.' > > -- snip -- > >> I am working through a similar setup at the moment. >> >> Looking at the smbldap-useradd source, status 9 is "user must not exist in >> LDAP", so I assume from that that the workstation userid already exists? > > > Turns out you are correct. So, I deleted the 'user'="testfsclient$" > from the ou=Computers, and retried, but it failed with the same error, > and it re-created the user object. > > Any ideas how/why joining the domain is not fully working? > > Thanks, > > Jon > Jon A couple more things: 1) smbldap-populate initializes the sambaGroupType for all the S-1-5-32-* SIDs to 5. This is incorrect. It should be 4, but this probably isn't causing this issue. 2) I think that root needs to be in the Domain Admins group in order to join a machine to the domain, not the Administrators group which is a local group. At least that is how I am set up. 3) Depending on the details of your implementation you may not need to use smbldap-tools at all. Have a look at the ldapsam:editposix and ldapsam:trusted on the smb.conf man page. Note that using ldapsam:editposix is one case where winbind is required on a Samba PDC. Mike ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
