Well, there has been no response to this problem yet. However, i have
stumbled upon the solution myself. I am posting it in the hope that the
solution is archived so others may see it.
As previously posted, this command gives an error:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password:
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cowl-backup already exists - modifying old
account
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
However, if the OU that the pre-existing machine account is appended to
the command line, it works:
# /usr/local/samba/bin/net ads join -U Cowles-Admin \
Cowles Library\Computers\testing
Cowles-Admin's password:
[2004/06/16 09:51:21, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cowl-backup already exists - modifying old
account
Using short domain name -- DRAKE
Joined 'COWL-BACKUP' to realm 'DRAKE.EDU'
I haven't done any testing yet, but so far it looks OK.
On Tuesday 15 June 2004 09:31 am, Daniel Ramaley wrote:
I have a very similar problem. I just joined the list yesterday with
the intent of asking about it, after failure to find a solution via
Google. Here's the info on the problem:
I have Samba 3.0.4 compiled from source running on OpenBSD 3.5.
Cowles-Admin is the name of a user that has administrative access to
an OU. I do not have administrator access to the entire Active
Directory tree. I created a computer account in Active Directory
called cowl-backup that the Samba server should use.
For now i've been working with a fairly simple smb.conf:
[global]
workgroup = DRAKE
realm = DRAKE.EDU
netbios name = cowl-backup
security = ads
password server = *
encrypt passwords = yes
private dir = /etc/samba/private
I believe i have Kerberos set up correctly since the command
# /usr/local/kerberos/bin/kinit [EMAIL PROTECTED]
runs just fine and after running it i can use smbclient to browse
shares without bring prompted for a password. For example, this
command to connect to Cowles-Admin's profile share works correctly:
# /usr/local/samba/bin/smbclient '\\Cowles-Library\Cowles-Admin' \
-U Cowles-Admin -k
I've created an account for the computer (cowl-backup) in AD. When i
try to join i get an error. Here's what happens:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password:
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cowl-backup already exists - modifying old
account
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
Using Google i was able to find a few others who had this problem, but
no solution. If anyone here knows how to fix this, i would appreciate
knowing about it. Thanks in advance.
On Monday 14 June 2004 05:50 pm, M Maki wrote:
I'm trying to join a Samba 3.0.4 (compiled from source on Debian) to
an Active Directory as a member server. I believe Kerberos is
configured correctly as kinit creates a ticket for the realm.
Executables appear to have support for Kerberos and LDAP (smbd -b |
grep KRB and grep LDAP) return OK.
When I try to join the AD with
net ads join -U myadminusername
I'm prompted for my password but then get:
libads/ldap.c:ads_add_machine_acct(1006)
Host account for inpsamo-debian already exists - modifying old
account libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
I only have admin rights for an ou of the Active Directory. Here is a
Windows LDP search of my ou:
ldap_search_s(ld, DC=pwr,DC=int,DC=edited,DC=com, 2, (ou=SAMO),
attrList, 0, msg)
Result 0: (null)
Matched DNs:
Getting 1 entries:
Dn: OU=SAMO,OU=Mediterranean Coast
Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
2 objectClass: top; organizationalUnit;
1 ou: SAMO;
1 description: SAMO;
1 distinguishedName: OU=SAMO,OU=Mediterranean Coast
Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
1 name: SAMO;
1 canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast
Network/SAMO;
I guess my question is could it be how my realm is configured
(PWR.INT.EDITED.COM) or what else could keep me from joining the
directory?
Current smb.conf:
[global]
unix charset = LOCALE
workgroup = PWR
realm = PWR.INT.EDITED.COM
server string = Samba 3.0.2
security = ADS
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
printcap name = CUPS
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template primary group = Domain Users
template shell = /bin/bash
winbind separator = +
printing = cups
[homes]
comment = Home Directories
valid users