At 05:56 AM 5/23/2005, Flatfender wrote:
On 5/22/05, Chuck Theobald <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have some machines (winXP and win2k) that cannot join my domain. Others
> I have joined to the domain. I am using the smbldap-tools 0.8.9 with an
> add machine script as follows:
>
> add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u"
>
> The LDAP entity gets created with objectClasses top, inetOrgPerson, and
> posixAccount. My impression is that samba then comes along and changes the
> entity, turning it into an account, sambaSamAccount object. This process
> has succeeded in some four machines I have tried, but other machines fail
> this final conversion. I get an error "The user name could not be found"
> at the machine. All of these machines were joined to the same domain
> previously run by Totalnet Advanced Server, so the machines themselves are
> configured to be capable of joining. The only pattern I can discern is
> that the machines on which this occurs have names of 8 characters or more,
> though a machine that did join the domain has a name of 8 characters, so I
> am not sure that this is relevant.
>
> Any ideas as to where I can look to begin to track this down? I can
> manually create the machine accounts, but am leary of doing so due to the
> requirement of having unique SIDs.
>
> Thanks,
>
> Chuck Theobald
> System Administrator
> The Robert and Beverly Lewis Center for Neuroimaging
> University of Oregon
> P: 541-346-0343
> F: 541-346-0345
Chuck,
I had this same problem, I would look at how your nss_ldap/nsswitch is
working.
Matt
What should I be looking for? My nsswitch.conf file is as follows:
#
# /etc/nsswitch.dns:
#
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
passwd: files ldap
group: files ldap
shadow: files ldap
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files
printers: user files
auth_attr: files
prof_attr: files
project: files
I ended up taking a modified version of Tonni's advice, letting the smbldap
tools do what they could, then running useradd, smbpasswd, then userdel (to
clean up my /etc/passwd file) for each machine. Fortunate to not have too
many of these.
I like the smbldap tools, but they seem to not finish the job. Why leave a
posixAccount object hanging out there, trusting to Samba to convert it to a
sambaSamAccount object? Why not interface to smbpasswd?
Cheers,
Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
