[Samba] join domain - ou=people searched for machine accounts?
Paul Gienger
pgienger at ae-solutions.com
Mon Aug 16 12:52:25 GMT 2004
This is a very very VERY often asked question in this forum, and
documented in bugzilla. Computer accounts need to be in the same OU as
user accounts. Some (within the samba team) call it a design issue,
others (outside the samba team) call it a bug.
Perhaps next time you could try the search?
jo / ak wrote:
>When I try to join a domain from a win2k client to a samba 3.0.5
>PDC, I get the message "User not found". I use ldapsam, which
>works fine in all other respects.
>
>The strange thing is that the smbldap-useradd scripts terminates
>with 0, the machine account is created under "ou=systems" in the
>ldap database - all looks fine. Then a ldap search is triggered
>with a base "ou=people", nothing is found, and the error
>occurs.
>
>As workaround, I used smbldap-useradd without the "-w". The
>entry
>is created under "ou=people", and the join is finished
>sucessfully.
>
>
>[2004/08/15 21:29:27, 3]
>rpc_server/srv_samr_nt.c:_samr_create_user(2245)
> _samr_create_user: Running the command
>`/usr/local/sbin/smbldap-useradd -w "at-4$"' gave 0
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293)
> Finding user at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223)
> Trying _Get_Pwnam(), username as lowercase is at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239)
> Trying _Get_Pwnam(), username as uppercase is AT-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247)
> Checking combinations of 0 uppercase letters in at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251)
> Get_Pwnam_internals didn't find user [at-4$]!
>
>
>
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND
>dn="CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE" method=128
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97
>err=0 text=
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD
>dn="UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE"
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105
>err=0 text=
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND
>Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH
>base="ou=People,dc=akweb,dc=de" scope=1
>filter="(&(objectClass=posixAccount)(uid=
>at-4$))"
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT
>tag=101 err=0 text=
>Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND
>Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH
>base="ou=People,dc=akweb,dc=de" scope=1
>filter="(&(objectClass=posixAccount)(uid=
>AT-4$))"
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT
>tag=101 err=0 text=
>Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed
>Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed
>
>from smb.conf
>
> passdb backend = ldapsam:ldap://at-12
> add user script = /usr/local/sbin/smbldap-useradd -a -m
>"%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w
>"%u"
> ldap suffix = dc=akweb,dc=de
> ldap machine suffix = ou=Systems
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
>
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list