[Samba] Cannot join Win XP SP2 client to domain

Jason Baker jbaker at glastender.com
Tue May 15 19:42:28 GMT 2007 

Thomas,
I have some more info:
I CD'd into my SMB-LDAP scripts directory (the IdealX scripts) and ran 
/./smbldap-useradd -w test$ /and received the following error:

    Could not find base dn, to get next uidNumber at
    /etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283.

I would have to believe the reason I cannot add a machine to the domain 
remotely from the client is because of this script failing (see smb.conf)

    [global]
            unix charset = LOCALE
            workgroup = mydomain
            netbios name = myserver
            server string = Domain Controller running %v
            interfaces = eth1, lo
            bind interfaces only = yes
            os level = 255
            preferred master = yes
            local master = yes
            domain master = yes
            security = user
            time server = yes
            username map = /etc/samba/smbusers
            wins support = yes
            encrypt passwords = yes
            pam password change = yes
            name resolve order = wins bcast hosts
            winbind nested groups = no
            passdb backend = ldapsam:"ldap://127.0.0.1 ldap://myserver"
            ldap passwd sync = Yes
            ldap suffix = dc=myserver,dc=com
            ldap admin dn = cn=Manager,dc=myserver,dc=com
            ldap ssl = no
            ldap group suffix = ou=Groups
            ldap user suffix = ou=People
            ldap machine suffix = ou=People
            ldap idmap suffix = ou=Idmap
            idmap backend = ldap:ldap://127.0.0.1/
            idmap uid = 10000-20000
            idmap gid = 10000-20000
            map acl inherit = yes
            add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
            #delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
            add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
            add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
            #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
            add user to group script =
    /etc/smbldap-tools/smbldap-groupmod -m "%u" "%g"
            delete user from group script =
    /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
            set primary group script =
    /etc/smbldap-tools/smbldap-usermod -g "%g" "%u"
            domain logons = yes
            log file = /var/log/samba/log.%m
            log level = 1
            syslog = 0
            max log size = 50
            #smb ports = 139 445
            smb ports = 139
            hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
            # User profiles and home directories
            logon drive = U:
            logon path = \\%L\profiles\%U
            logon script = %U.bat
            large readwrite = no
            read raw = no
            write raw = no
            printcap name = /etc/printcap
            load printers = no
            printing =
            template shell = /bin/false
            winbind use default domain = no


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



Thomas Ußmüller wrote:
> Dear Jason,
>
> Thanks a lot. This solved my problem.
>
> When creating the user and machine accounts directly with LDAP 
> everything works fine. But when either trying to directly connect the 
> machine (i.e. without creating the account manually) or when using the 
> User Manager for domains, it doesn't work.
>
> I have noticed that the smbldap script create the accounts in my 
> directory. But interestingly the SambaSamAccount objectclass is not 
> added by the scripts. Is this behaviour normal? Shall the scripts or 
> samba add the attributes?
>
> I think one possible solution might be to modify the scripts, so that 
> they add the needed objectclass/ attributes. What do the others in the 
> group think about that solution?
>
> Maybe you can tell me a bit more about your server. Which backend do 
> you use? Do you use the smbldap scripts as well? Maybe we can find the 
> similarities in our machines which cause the problem and fix it.
>
> Regards
> Thomas
>
> Jason Baker schrieb:
>>> When trying to join the client to the domain I get an error message 
>>> that the user does not exist (although connecting to the shares 
>>> works with this username). Furthermore the user has the 
>>> SeMachineAccountPrivilege set. 
>> I had this same problem. I ended up creating the machine accounts via 
>> the LDAP Account Manager. I never did figure out why I cannot add a 
>> machine to the domain through the Windows Network ID Wizard. Have you 
>> tried to create the machine account manually on the server, and then 
>> join the machine to the domain?

More information about the samba mailing list