[Samba] Samba LDAP and add machine script problems

[Keith Robertson]

I have done some further investigation and this is what I found.  If I
change the uidNumber of
"uid=Administrator,ou=Users,dc=somedomain,dc=org" to 0 Samba will add
a computer to ou=Computers.  However, it will still return an error to
the XP machine that is attempting to join the domain.  The error code
is "The user name could not be found".

I plowed through the Samba logs and found this interesting tidbit,
though I'm not sure what to make of it.  Any help analyzing it would
be greatly appreciated.

//---- Begin log
2005/01/21 15:11:08, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2250)
  _samr_create_user: Running the command
`/var/lib/samba/sbin/smbldap-useradd.pl -w 'amp$'' gave 0
[2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam(293)
  Finding user amp$
[2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is amp$
[2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(239)
  Trying _Get_Pwnam(), username as uppercase is AMP$
[2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(247)
  Checking combinations of 0 uppercase letters in amp$
[2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals didn't find user [amp$]!
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_create_user 
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642)
          0000 data1: 00000000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642)
          0004 data2: 00000000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint16(613)
          0008 data3: 0000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint16(613)
          000a data4: 0000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint8s(729)
          000c data5: 00 00 00 00 00 00 00 00 
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642)
      0014 access_granted: 00000000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642)
      0018 user_rid : 00000000
[2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
      001c status: NT_STATUS_NO_SUCH_USER
[2005/01/21 15:11:08, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578)
  api_rpcTNP: called samr successfully
//---- End log


>> 
>> I'm trying to integrate Openldap with Samba version 3.0.10.  I have
>> populated my LDAP server via smbldap-populate.pl and I've gotten
PAM to recognize
>> LDAP as an authentication mechanism.  Thus, I can add a user with smbldap-
>> useradd.pl and su to that user.

>Can you do a straight login / ssh as that new user?

Yes

>> The problem I am having is when I attempt to add a computer from MS
>> Windoze XP.
>> When I attempt to join my domain XP prompts me for a user ID and password.
>> If I
>> enter a user ID of "root" with either my box's actual root password or the
>> password for the LDAP user
>> "uid=Administrator,ou=Users,dc=somedomain,dc=org"
>> I get the following: "unknown user or bad password".  I suppose this
>> makes sense
>> because there are only two users in ou=Users (Administrator and nobody)
>> neither
>> of which is "root".  Alternatively, if I attempt to join the domain
>> with a user ID
>> of "Administrator" I get "Access is denied".

>Somewhere in those howto's and example books that JHT, et al, has written he
>says to set the uid of the Administrator to 0.  what UID does your
>administrator have?  I believe from vague memory that the smbldap-populate
>script automatically sets the uid of the Administrator to 0.  Just use
>smbldap-passwd Administrator to make sure that the password is set. then try
>adding your Machine again.  This worked for me last night when I got the
>same error.

>tell us what happens.

>Regards Geoff.