Hi, if you create a new user with luseradd, is this new user immediately available? Or do you have to wait some time between the following two commands:
> /usr/sbin/luseradd -g "Domain Computers" -c "Machine" -s /bin/false -d /dev/null -n -M testuser > id testuser Mark On Fri, May 19, 2006 at 01:13:21PM +0200, Felipe Alfaro Solana wrote: > Hi. > > I'm having some trouble when trying to join a SAMBA machine, acting as > a member server, to a NT-style domain server managed by a SAMBA PDC > using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6 > on Red Hat Enterprise Linux 4.1 Update 3 for AMD64. > > When trying to add the member server to the domain, it fails with an > error message. However, if I try to add it again, the operation > succeeds. > > The first try to add the member server fails with this error message: > > [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password > [2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319) > Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED > > Unable to join domain CENTRAL. > > I can see the SAMBA machine account has been created: > > [EMAIL PROTECTED] ~]# pdbedit -L > Administrator:0:Domain Administrator > member$:10001:Machine > > Then, immediately, I try to add the member server, once again: > > [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password > Joined domain CENTRAL. > > Both, the member server and PDC are using nss_ldap. > Thus: > > [EMAIL PROTECTED] ~]# id Administrator > uid=0(root) gid=0(root) groups=0(root) > > The smb.conf for the PDC is: > > [global] > > # Store SAMBA data into an LDAP backend > passdb backend = ldapsam:ldap://ldap/ > ldap admin dn = cn=Directory Manager > ldap suffix = dc=central > ldap user suffix = ou=People > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > > # Scripts for managing users and computers > add user script = /usr/sbin/luseradd -g "Domain Users" %u > delete user script = /usr/sbin/luserdel -r %u > add group script = /usr/sbin/lgroupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/lgroupmod -A %u %g > delete user from group script = /usr/sbin/lgroupmod -R %u %g > add machine script = /usr/sbin/luseradd -g "Domain Computers" -c > "Machine" -s /bin/false -d /dev/null -n -M "%u" > > workgroup = CENTRAL > netbios name = NDS1 > server string = CENTRAL Samba Domain Controller > > load printers = no > > log file = /var/log/samba/%m.log > > security = user > encrypt passwords = yes > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > os level = 35 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > logon path = > > wins support = yes > > The smb.conf for the member server is: > > [global] > > workgroup = CENTRAL > server string = CENTRAL File Server > netbios name = FS1 > log file = /var/log/samba/%m.log > max log size = 50 > security = domain > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > Any ideas? > Thank you very much. > -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
