bump I'd prefer to not have to put machine accounts into the People OU for all the obvious reasons, but I may be forced to in order to have the end-user (e.g. our customer) experience to be a smooth one.
Any idea on what might cause the behavior I am seeing described on the 13th below? Thanks for any help! -- Bill Arlofski Reverse Polarity, LLC On 06/13/12 18:55, Bill Arlofski wrote: > Hi Everyone. > > I have run across an issue that is driving me crazy. This is a new deployment > of Samba v3.6.5 with openldap v2.4.30 and smbldap-tools v0.9.8 > > > When trying to join the domain, on the first attempt the machine account is > properly created in the correct ou - e.g. ou=Computers,dc=domain,dc=local > > But the "failed to join domain" pop-up with reason of "The user name could not > be found" is displayed (which really means the machine name was not found in > LDAP) and of course the machine is not yet a domain member. > > However, a 2nd attempt to join the domain with the same credentials, > immediately after the failure results in a "Welcome to the X domain" and the > machine is now a domain member. > > > Setting the openldap slapd loglevel to 416 to show the queries during this > process reveals the following: > > On 1st join attempt Samba searches the whole directory from dc=domain,dc=local > with a scope of 2 (sub) for uid=MyMachine, objectClass=sambaSamAccount. > > It of course does not find it, so the smbldap-useradd script is called and the > machine account is properly added to ou=Computers. > > Then Samba immediately searches _ONLY_ ou=People,dc=domain,dc=local for the > newly created machine account and of course does not find it. And the "failed > to join domain" pop-up is displayed on the WinXP machine. > > On the second join attempt, Samba _ONLY_ searches > ou=Computers,dc=domain,dc=local, which is where it SHOULD search for machines > as defined everywhere in my configs and it finds the machine and the machine > successfully joins the domain. > > If I set all configs - samba, smbldap etc to be such that computers are in the > "People" organizational unit, then joining the domain works on the first try, > every time. > > Also, if I un-join the domain, but leave the machine account in LDAP in > ou=Computers and then re-join the domain, this always works on first try too > since Samba's initial scope 2 "sub" search of the directory starting at the > top will find the machine account under ou=Computers. > > Can someone offer guidance as to why during the new machine creation process > (joining a domain) Samba does not look for the machine in the defined machines > ou but always in the People ou? > > Thank you in advance for any help on this! > > -- > Bill Arlofski > Reverse Polarity, LLC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
