Hello, Thank you for the replies, I will try the first, but in regards to your reply Ray, as soon as I do that, the domain member complains of NT_STATUS_ACCESS_DENIED, but the errors are removed from the Domain Controller.
Regards, Bryan -----Original Message----- From: Ray Klassen [mailto:[email protected]] Sent: 16 February 2009 17:08 To: John Drescher Cc: Bryan Celentano; Samba mailing list Subject: Re: [Samba] Strange issue with Samba + LDAP + Domain Member I get around this by including nss_base_passwd ou=Computers,dc=mydomain,dc=com?one in /etc/ldap.conf if nss_ldap isn't looking in your computers tree for passwd entries, it will never see them as unix accounts. On Sun, Feb 15, 2009 at 1:27 PM, John Drescher <[email protected]> wrote: > On Sun, Feb 15, 2009 at 12:27 PM, Bryan Celentano > <[email protected]> wrote: >> Hey, >> >> >> >> I keep posting but no replies yet, this is a new issue, the rest I seem to >> have fixed. >> >> >> >> I have an odd issue: >> >> >> >> * When I do net rpc join the PDC creates the account, and puts it into >> LDAP, which looks fine. >> * I then can access the domain and winbind works fine from the Domain >> Member server. >> * On the PDC I see the following error: "pdb_get_group_sid: Failed to >> find Unix account for member$" >> * So I had a look into the nss_ldap and found it wasn't searching the >> ou=computers, so I added this in, and the error goes. >> * Then I have a new issue, the domain member and winbind fails with >> NT_ACCESS_DENIED. >> * So I remove the nss_ldap entry for the ou=computers and it all works >> again. >> >> >> >> Has anyone come across this issue? Any help would be great. >> > > Yes. I have this issue (and have had it for at least 5 years) using > the smbldap-tools. To workaround I now just precreate an account using > LAM (http://lam.sourceforge.net/) and then all is well with the PDC > join. The previous workaround was to create a user for the machine > account on the pdc first in the /etc/passwd. > > John > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > This message has been scanned for malware by SurfControl plc. www.surfcontrol.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
