[Samba] Cannot join domain Samba PDC with ldap

Scott Lovenberg scott.lovenberg at gmail.com
Tue Jan 22 04:40:30 GMT 2008 

On Jan 21, 2008 11:31 PM, Scott Lovenberg <scott.lovenberg at gmail.com> wrote:

> On Jan 21, 2008 12:24 PM, Gary Martin <gm4rtin at gmail.com> wrote:
>
> > I have built a Samba PDC with a ldap backend following the Howto:Samba
> > documentation <http://directory.fedoraproject.org/wiki/Howto:Samba >.
> > I am using Fedora 8 with Samba 3.0.28 and FDS 1.1.    I think I have a
> > working Samba PDC with a FDS backend.  I can add users with smbpasswd
> > -a but I can not connect to the domain.  The connection fails
> > complaining about the user name or password.  I have tried using a
> > member of the Domain Admin group and a Administrator account rid 500.
> > I believe that this is a problem with the machine account but I am not
> > sure how to fix it.  What user should I be using to add workstations
> > to the domain, a member of the 'Domain Admins' or the Administrator
> > user?  What type of "add machine scripts" should I have?  Thanks.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
> Did you do a smbpasswd for root?  I always forget to do that and machine
> accounts... that's where I'd start looking.  I'm not sure on the add machine
> script, I'm running slackware which has a screwed up machine script -
> something non standard, IIRC.
>
> --
> Peace and Blessings,
> -Scott.
> "Of course, that's just my opinion; I could be wrong"
> -Dennis Miller


Sorry, I misread your post.  You have to add the computer using either:) 1.)
root/password, OR 2.) Administrator/password, with Administrator being
mapped to root in your user.map (or whatever you chose to call it - I've
seen a few names for it).

A computer can only be added using uid=0, AKA root.  Also, using ldap,
you'll have to use whichever ldap password script in place of smbpasswd for
root (ldappasswd, I think is the idealx script if you're using that).  I
think you'll be using ldapuseradd -m to add a machine account, and it should
add the dollar sign to the end.  Finally, make sure that you not only add
these accounts, but use the -e flag to enable them as well!
-- 
Peace and Blessings,
-Scott.
"Of course, that's just my opinion; I could be wrong"
-Dennis Miller

More information about the samba mailing list