[Samba] Problem with pdbedit during add machine account

John H Terpstra jht at samba.org
Wed Aug 6 13:32:11 GMT 2008 

On Wednesday 06 August 2008 04:51:19 Michał Adamczyk wrote:
> Hi,
>
> I have running LDAP + SAMBA as PDC on gentoo and I have problem with
> adding machine account.
>
> Whem I try add machine account with pdbedit -am 'hostname' I have this
> error:
>
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE.KENS.PL))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE.KENS.PL))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> Cannot locate Unix account for hostname$

How is your /etc/ldap.conf file configured? Do you have the following in this 
file?:

nss_base_passwd        ou=People,ou=Users,dc=yourzone,dc=org?one
nss_base_passwd        ou=Computers,ou=Users,dc=yourzone,dc=org?one
nss_base_shadow        ou=People,ou=Users,dc=yourzone,dc=org?one
nss_base_shadow        ou=Computers,ou=Users,dc=yourzone,dc=org?one
nss_base_group            ou=Groups,dc=yourzone,dc=org?one

Instead of searching each directory sub-tree, you could do a sub-search from 
the top down, like this:

nss_base_passwd	dc=yourzone,dc=org?sub
nss_base_shadow	dc=yourzone,dc=org?sub
nss_base_group            ou=Groups,dc=yourzone,dc=org?one


> I added first machine account with smbldap-useradd -w 'localhost'
> (host has been created in LDAP tree in right ou),

There is no need to do the above.  Samba never refers to itself 
as "localhost".

> the /etc/nsswitch.conf looks like these:
>
> passwd:     ldap
> shadow:     ldap
> group:      ldap

For the above you might want:

passwd: files ldap
shadow: files ldap
group: files ldap

This permits resolution of system accounts at boot time and before LDAP is 
enabled.

> hosts:       files dns
> networks:    files dns
>
> services:    db files
> protocols:   db files
> rpc:         db files
> ethers:      db files
> netmasks:    files
> netgroup:    files
> bootparams:  files
>
> automount:   files
> aliases:     files
>
> But sill the same error.
>
> That error disappers after change /etc/nsswitch.conf to:
>
> passwd:      compat
> shadow:      compat
> group:       compat

The compat model is good, but then you need to add to your /etc/nsswitch.conf 
file:

passwd_compat:  ldap
group_compat:   ldap

>
> and run: adduser hostname$
> and then: pdbedit -am 'hostname'
>
> Also it works fine when I use: smbldap-useradd 'localhost$', but then
> I have mixed Users and Computers, and I dont want this kind of mess.
>
> My questions are: Why I must create Unix account for machine account
> before pdbedit create it? Why pdbedit doesn't see Unix accounts for
> computures in ou=Computers, only in ou=Users?
>
> --
> Best Regards,
>
> Michał Adamczyk

Cheers,
John T.

More information about the samba mailing list