[Samba] smbldap-tools not playing nice w/ samba ?

[Joaquin]

Ben Davis wrote:

> Please help!
>
> I'm having a difficult time getting a machine to join my domin.  Samba 
> sucessfully adds the machine account using the smbldap-useradd -w 
> script,  but I get the error "The user name could not be found".
>
> Here's what it looks like it's doing in the ldap logs:  
> 1. There's a login as cn=Manager, which searches for the root account, 
> and then for a bunch of gidNumbers.  It then searches for the machine$ 
> with a sambaSamAccount objectclass, and exits.
>
> 2. It then reconnects anonymously and searches for machine$ and 
> MACHINE$ twice (no results).
> 3. After that it connects again as cn=Manager and and searches for the 
> machine$ under posixAccount (still no restuls).  It then finally adds 
> the entry for machine$  but without the sambaSamAccount objectclass.
>
> After that there are no more LDAP queries.   What could be causing the 
> error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you have 
only a search here for the users account. The trick is to add a second 
nss_base_password line pinting to the machines tree of LDAP. And then works.