Hi.
I've been struggling with this also. Our add machine script is a PHP script.
It basically adds this in LDAP:
dn: uid=testing$,ou=machines,dc=falw,dc=vu,dc=nl
objectClass: top
objectClass: person
objectClass: posixAccount
uid: testing$
sn: testing$
cn: testing$
loginShell: /bin/false
homeDirectory: /dev/null
uidNumber: 60000
gidNumber: 65000
description: Joined on mm-dd-YYYY by userid
No more, no less. After the machine said it was successfully joined, Samba
added these attributes all by himself:
objectClass: sambaSamAccount
sambaAcctFlags: [W ]
sambaNTPassword:: xxxxx
sambaPwdCanChange: 1174918415
sambaPwdLastSet: 1174918415
sambaSID:: yyyyy
(so there's what the entry in LDAP should look like.)
I found out that in our setup (Solaris 9, OpenLDAP), I had to put in a 'sleep'
of 10 seconds at the end of the add machine script. I know this sounds lame,
but it was the only way machines could be joined to the domain successfully.
Maybe you should experiment some with a sleep too.
-Remy
Pat Riehecky wrote:
Blast.
My workstation account looks like the following after my failure to join
the domain.
dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
cn: testing$
uid: testing$
uidNumber: 1006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
I built up a Fedora 8 box and pointed it at my LDAP server and I still
cannot su down to that user. I figured using the graphical tool for
setting up pam_ldap would eliminate whatever mistake I have made that I
just cannot seem to find. But it too cannot su down to testing$.
I just removed and reinstalled samba, now more stuff is not working. I
am going to assume my test box is just too hosed up and leave it at
that. When I get around to rebuilding it I will almost certainly have
this problem again since I don't know what caused it I am doomed to
repeat it....
Thanks for all the help
Pat
On Thu, 2008-02-28 at 13:08 -0600, Adam Williams wrote:
see, I can su -l to my account:
[EMAIL PROTECTED] ~]# su -l domain2\$
su: warning: cannot change directory to /dev/null: Not a directory
-sh: /dev/null/.profile: Not a directory
-sh-3.2$
and its info is:
dn: uid=domain2$,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
objectClass: posixAccount
objectClass: account
objectClass: top
objectClass: sambaSamAccount
uid: domain2$
uidNumber: 2003
gidNumber: 514
homeDirectory: /dev/null
cn: domain2$
sambaSID: S-1-5-21-2139886109-2393431639-217723040-1017
displayName: domain2$
sambaAcctFlags: [W ]
sambaNTPassword: 890AE051A9ADB4707CD86824CF76F9B4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
