SOLVED !!! I found in a closed samba bug that NT workstations need the gid=513, but I in my smbldap.conf the defaultComputerGid=515.
I think it's strange, to have a machine account in the Domain Users, not in Domain Computers, but anyway... And for W2K and XP it does not matter if the gid is 513 or 515. I send an e-mail to Mr. Carter suggesting to put it the Samba3-Howto. I hope my "tip" help others too, cause It takes me 3 or 4 days to be solved. Bye. On 10/5/06, Marcelo Terres <[EMAIL PROTECTED]> wrote:
Hi again. I found my error in Samba3-HOWTO: " The Machine Trust Account Is Not Accessible "When I try to join the domain I get the message, "The machine account for this computer either does not exist or is not accessible." What's wrong?" This problem is caused by the PDC not having a suitable Machine Trust Account. If you are using the add machine script method to create accounts, then this would indicate that it has not worked. Ensure the domain admin user system is working. " The problem is that is not working just in NT workstations. W2K e XP works great. So, it's not a problem with the smbldap-tools scripts. Looks like a samba bug. I tried again with 3.0.22 and 3.0.23c. Any ideas ? Thanks, On 10/4/06, Marcelo Terres <[EMAIL PROTECTED]> wrote: > Hi. > > I'm having a big trouble. > > We migrate a NT PDC to a Samba PDC. No problems in migration. Everything works fine. > > The problem is: I can't add a NT machine to Domain. Simply does not work. XP and W2K works great. > > I started using Debian Sarge Package 3.0.14. In this version I could not manage groups using the Domain User Manager from NT. So I updated to 3.0.23c packages from samba.org. Same problem with adding a NT machine, but the User Manager now works. > > I tried the 3.0.22 from backports.org but with the same problem. > > The behaviour changes depending of the version of Samba. I'm using smbldap-useradd (0.9.2) in the add machine script. > > In 3.0.14 I saw in logs this error: > 2006/10/04 13:03:42, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) > ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) > > > In 3.0.22 the error is similar, but because the LDAP timed out, looks like the account is created and NT thinks that it joined in the domain, but when I tried to login does not work. Look the logs: > > 2006/10/04 14:28:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873) > ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) > [2006/10/04 14:28:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (12384, 513) - sec_ctx_stack_ndx = 0 > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 924 > [2006/10/04 14:28:38, 3] smbd/process.c:process_smb(1194) > Transaction 21 of length 132 > [2006/10/04 14:28:38, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 3026) conn 0x83cd180 > [2006/10/04 14:28:38, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 > [2006/10/04 14:28:38, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name > [2006/10/04 14:28:38, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7494) > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 > [2006/10/04 14:28:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(2237) > api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER > [2006/10/04 14:28:38, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:38, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 1 try! > [2006/10/04 14:28:39, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:39, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 2 try! > [2006/10/04 14:28:40, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:40, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 3 try! > [2006/10/04 14:28:41, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:41, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 4 try! > [2006/10/04 14:28:42, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:42, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 5 try! > [2006/10/04 14:28:43, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:43, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 6 try! > [2006/10/04 14:28:44, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:44, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 7 try! > [2006/10/04 14:28:45, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:45, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 8 try! > [2006/10/04 14:28:46, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:46, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 9 try! > [2006/10/04 14:28:47, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:47, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 10 try! > [2006/10/04 14:28:48, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:48, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 11 try! > [2006/10/04 14:28:49, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:49, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 12 try! > [2006/10/04 14:28:50, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:50, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 13 try! > [2006/10/04 14:28:51, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:51, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 14 try! > [2006/10/04 14:28:52, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:52, 1] lib/smbldap.c:another_ldap_try(1051) > Connection to LDAP server failed for the 15 try! > [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_search_suffix(1346) > smbldap_search_suffix: Problem during the LDAP search: modify/delete: sambaPrimaryGroupSID: no such value (Time limit exceeded) > [2006/10/04 14:28:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 -- Marcelo H. Terres [EMAIL PROTECTED]
-- Marcelo H. Terres [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
