Ok, additional information: I am using LDAP as a unix password backend, so I shouldn't be needing the /etc/passwd for a machine account. The smbldap-useradd.pl -w script adds an account correctly, and both posixAccount and sambaSAMAccount is set. When this is done, I get again, "access is denied" when I try to join the domain, with the valid SID user. It doesn't seem to join correctly on the operation when it actually creates the account, however I can see nothing wrong with the account itself. Here is an auto-created account: (smbldap-useradd.pl -w %u)
dn: uid=main$,ou=Machines,o=AstarothInc,c=NO objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: main$ sn: main$ uid: main$ uidNumber: 1003 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer I have all the scripts in place, but manually only the add machine script works. I don't think I need the others for the operation I am trying, though. The thing is, if I do have an account in /etc/passwd called "main$" when I try to join, the auto-created ldap entry looks very very different: dn: uid=main$,ou=Machines,o=AstarothInc,c=NO uid: main$ sambaSID: S-1-5-21-2523409155-1094959098-2360343008-3006 sambaPrimaryGroupSID: S-1-5-21-2523409155-1094959098-2360343008-1201 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account The error upon joining is still the same, username could not be found; however, subsequent attempts to join give the error "access is denied." I'm going nuts. Regards Tarjei ----- Original Message ----- From: "Andrew Bartlett" <[EMAIL PROTECTED]> To: "Tarjei Bitust�yl" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, November 09, 2003 10:08 AM Subject: Re: [Samba] samba 3 LDAP/PDC problem - adding WXP account On Sun, 2003-11-09 at 19:40, Tarjei Bitust�yl wrote: > Hi, > > I've finally gotten my LDAP password backend up and running, and finally figured out the SID 1000/1001 thing for Samba admin. > However I'm unable to join the workstation to my domain. I'm not sure what you mean about the '1000/1001' thing. Root should be given the special sid '-500' if at all possible, as that is 'administrator'. > Using any random user in the WXP dialogue, I get the "Access is Denied" error. Fair enough. > Using the user with sambasid and sambagroupsid s-*-1000/s-*-1001, I get the error "The Username could not be found". This error is probably not referring to the login user, as that one is validated (I get another error if I type in a wrong password), so I assume it's the machine account user that it is looking for. > > I have however tried adding the machine account using both LAM and smbpasswd -a -m, but no difference. > > The debug log says everything is successful? > I'm at a loss. Does anyone have a hint as to what is wrong here? Do you have the add user scripts in place? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
