Re: [Samba] join domain - ou=people searched for machine accounts?

Mon, 16 Aug 2004 05:54:04 -0700

This is a very very VERY often asked question in this forum, and documented in bugzilla. Computer accounts need to be in the same OU as user accounts. Some (within the samba team) call it a design issue, others (outside the samba team) call it a bug.

Perhaps next time you could try the search? 

jo / ak wrote:

When I try to join a domain from a win2k client to a samba 3.0.5
PDC, I get the message "User not found". I use ldapsam, which
works fine in all other respects.

The strange thing is that the smbldap-useradd scripts terminates
with 0, the machine account is created under "ou=systems" in the
ldap database - all looks fine. Then a ldap search is triggered
with a base "ou=people", nothing is found, and the error
occurs.

As workaround, I used smbldap-useradd without the "-w". The
entry
is created under "ou=people", and the join is finished
sucessfully.


[2004/08/15 21:29:27, 3]
rpc_server/srv_samr_nt.c:_samr_create_user(2245)
 _samr_create_user: Running the command
`/usr/local/sbin/smbldap-useradd -w "at-4$"' gave 0
[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293)
 Finding user at-4$
[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223)
 Trying _Get_Pwnam(), username as lowercase is at-4$
[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239)
 Trying _Get_Pwnam(), username as uppercase is AT-4$
[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247)
 Checking combinations of 0 uppercase letters in at-4$
[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251)
 Get_Pwnam_internals didn't find user [at-4$]!



Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND
dn="CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE" method=128
Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97
err=0 text=
Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD
dn="UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE"
Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105
err=0 text=
Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND
Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed
Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH
base="ou=People,dc=akweb,dc=de" scope=1
filter="(&(objectClass=posixAccount)(uid=
at-4$))"
Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT
tag=101 err=0 text=
Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND
Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed
Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH
base="ou=People,dc=akweb,dc=de" scope=1
filter="(&(objectClass=posixAccount)(uid=
AT-4$))"
Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT
tag=101 err=0 text=
Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed
Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed

from smb.conf

       passdb backend = ldapsam:ldap://at-12
       add user script = /usr/local/sbin/smbldap-useradd -a -m
"%u"
       add machine script = /usr/local/sbin/smbldap-useradd -w
"%u"
       ldap suffix = dc=akweb,dc=de
       ldap machine suffix = ou=Systems
       ldap user suffix = ou=People
       ldap group suffix = ou=Groups





--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to