-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
| Subject: | [Samba] join domain - ou=people searched for machine accounts? | From: | jo / ak <[EMAIL PROTECTED]> | Date: | Sun, 15 Aug 2004 22:12:19 +0200 | To: | [EMAIL PROTECTED] | | When I try to join a domain from a win2k client to a samba 3.0.5 | PDC, I get the message "User not found". I use ldapsam, which | works fine in all other respects. | | The strange thing is that the smbldap-useradd scripts terminates | with 0, the machine account is created under "ou=systems" in the | ldap database - all looks fine. Then a ldap search is triggered | with a base "ou=people", nothing is found, and the error | occurs. | | As workaround, I used smbldap-useradd without the "-w". The | entry | is created under "ou=people", and the join is finished | sucessfully. | | | [2004/08/15 21:29:27, 3] | rpc_server/srv_samr_nt.c:_samr_create_user(2245) | _samr_create_user: Running the command | `/usr/local/sbin/smbldap-useradd -w "at-4$"' gave 0 | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293) | Finding user at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223) | Trying _Get_Pwnam(), username as lowercase is at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239) | Trying _Get_Pwnam(), username as uppercase is AT-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247) | Checking combinations of 0 uppercase letters in at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251) | Get_Pwnam_internals didn't find user [at-4$]! | | | | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND | dn="CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE" method=128 | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97 | err=0 text= | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD | dn="UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE" | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105 | err=0 text= | Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND | Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH | base="ou=People,dc=akweb,dc=de" scope=1 | filter="(&(objectClass=posixAccount)(uid= | at-4$))" | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT | tag=101 err=0 text= | Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND | Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH | base="ou=People,dc=akweb,dc=de" scope=1 | filter="(&(objectClass=posixAccount)(uid= | AT-4$))" | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT | tag=101 err=0 text= | Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed | Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed |
This is nss_ldap trying to do the equivalent of 'getent passwd AT-4$', since that is what samba asked (samba needs to have a uid for the machine at present).
| from smb.conf | | passdb backend = ldapsam:ldap://at-12 | add user script = /usr/local/sbin/smbldap-useradd -a -m | "%u" | add machine script = /usr/local/sbin/smbldap-useradd -w | "%u" | ldap suffix = dc=akweb,dc=de | ldap machine suffix = ou=Systems | ldap user suffix = ou=People | ldap group suffix = ou=Groups
At present, you need to configure your nss_ldap that it searches in both the user suffix and the machine suffix for user accounts ... with your current directory layout, the only option (AFAIK) is to have a suffix of dc=akweb,dc=de and a scope of sub in your nss_ldap ldap.conf.
Regards, Buchan
- -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.Eng RHCE (803004789010797) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBIPdhrJK6UGDSBKcRAnBBAKCmFv1cASFI/88waYKNzqok4r1CKQCfYYwA qoLZd7nywbnenIczeq4mdZI= =+hrb -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
