[Samba] join domain - ou=people searched for machine accounts?
Buchan Milne
bgmilne at obsidian.co.za
Mon Aug 16 18:05:21 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Subject:
| [Samba] join domain - ou=people searched for machine accounts?
| From:
| jo / ak <jo at akweb.de>
| Date:
| Sun, 15 Aug 2004 22:12:19 +0200
| To:
| samba at lists.samba.org
|
| When I try to join a domain from a win2k client to a samba 3.0.5
| PDC, I get the message "User not found". I use ldapsam, which
| works fine in all other respects.
|
| The strange thing is that the smbldap-useradd scripts terminates
| with 0, the machine account is created under "ou=systems" in the
| ldap database - all looks fine. Then a ldap search is triggered
| with a base "ou=people", nothing is found, and the error
| occurs.
|
| As workaround, I used smbldap-useradd without the "-w". The
| entry
| is created under "ou=people", and the join is finished
| sucessfully.
|
|
| [2004/08/15 21:29:27, 3]
| rpc_server/srv_samr_nt.c:_samr_create_user(2245)
| _samr_create_user: Running the command
| `/usr/local/sbin/smbldap-useradd -w "at-4$"' gave 0
| [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293)
| Finding user at-4$
| [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223)
| Trying _Get_Pwnam(), username as lowercase is at-4$
| [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239)
| Trying _Get_Pwnam(), username as uppercase is AT-4$
| [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247)
| Checking combinations of 0 uppercase letters in at-4$
| [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251)
| Get_Pwnam_internals didn't find user [at-4$]!
|
|
|
| Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND
| dn="CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE" method=128
| Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97
| err=0 text=
| Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD
| dn="UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE"
| Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105
| err=0 text=
| Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND
| Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed
| Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH
| base="ou=People,dc=akweb,dc=de" scope=1
| filter="(&(objectClass=posixAccount)(uid=
| at-4$))"
| Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT
| tag=101 err=0 text=
| Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND
| Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed
| Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH
| base="ou=People,dc=akweb,dc=de" scope=1
| filter="(&(objectClass=posixAccount)(uid=
| AT-4$))"
| Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT
| tag=101 err=0 text=
| Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed
| Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed
|
This is nss_ldap trying to do the equivalent of 'getent passwd AT-4$',
since that is what samba asked (samba needs to have a uid for the
machine at present).
| from smb.conf
|
| passdb backend = ldapsam:ldap://at-12
| add user script = /usr/local/sbin/smbldap-useradd -a -m
| "%u"
| add machine script = /usr/local/sbin/smbldap-useradd -w
| "%u"
| ldap suffix = dc=akweb,dc=de
| ldap machine suffix = ou=Systems
| ldap user suffix = ou=People
| ldap group suffix = ou=Groups
At present, you need to configure your nss_ldap that it searches in both
the user suffix and the machine suffix for user accounts ... with your
current directory layout, the only option (AFAIK) is to have a suffix of
dc=akweb,dc=de and a scope of sub in your nss_ldap ldap.conf.
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBIPdhrJK6UGDSBKcRAnBBAKCmFv1cASFI/88waYKNzqok4r1CKQCfYYwA
qoLZd7nywbnenIczeq4mdZI=
=+hrb
-----END PGP SIGNATURE-----
More information about the samba
mailing list