joining to domain of current head

Bradley W. Langhorst brad at langhorst.com
Thu Aug 1 13:56:01 GMT 2002 

the HEAD code seems to have reverted to automagic
machine account creation... I thought that was disabled - thus the
addition of the add machine script parameter.
I think I like the automagic add better but we can only have one...

if i put a valid script like this in smb.conf

add machine script = /usr/sbin/smbldap-useradd.pl -w %u

domain joining fails with this in the logs (level 3)
  api_rpcTNP: rpc command: SAMR_CREATE_USER
[2002/08/01 16:49:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/08/01 16:49:21, 3] smbd/uid.c:push_conn_ctx(279)
  push_conn_ctx(101) : conn_ctx_stack_ndx = 0
[2002/08/01 16:49:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching
for:[(&(uid=pedersen$)(objectclass=sambaAccount))]
[2002/08/01 16:49:21, 3] smbd/sec_ctx.c:pop_sec_ctx(395)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/08/01 16:49:21, 3]
rpc_server/srv_samr_nt.c:_api_samr_create_user(2292)
  _api_samr_create_user: Running the command
`/usr/sbin/smbldap-useradd.pl -w pedersen$' gave 0
[2002/08/01 16:49:21, 3]
rpc_server/srv_samr_nt.c:_api_samr_create_user(2304)
  attempting to create non-unix account pedersen$
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching
for:[(&(uid=pedersen$)(objectclass=sambaAccount))]
[2002/08/01 16:49:21, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1527)
  User already in the base, with samba properties
[2002/08/01 16:49:21, 0]
rpc_server/srv_samr_nt.c:_api_samr_create_user(2321)
  could not add user/computer pedersen$ to passdb.  Check permissions?
[2002/08/01 16:49:21, 3]
rpc_server/srv_pipe_hnd.c:free_pipe_context(548)

it looks like the logic has a problem...
it calls the add script - gets a 0 (=success i think)
but then it tries to add again
then it finds that the user is already there but
STILL tries to do the add and finally fails...

with an invalid script like this

add machine script = /usr/sbin/smbldap-usershow.pl %u

i can join the domain 

here is the log for the successful join
  api_rpcTNP: rpc command: SAMR_CREATE_USER
[2002/08/01 16:03:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/08/01 16:03:24, 3] smbd/uid.c:push_conn_ctx(279)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2002/08/01 16:03:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching
for:[(&(uid=pedersen$)(objectclass=sambaAccount))]
[2002/08/01 16:03:24, 3] smbd/sec_ctx.c:pop_sec_ctx(395)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/08/01 16:03:24, 3]
rpc_server/srv_samr_nt.c:_api_samr_create_user(2292)
  _api_samr_create_user: Running the command
`/usr/sbin/smbldap-usershow.pl pedersen$' gave 1
[2002/08/01 16:03:24, 3]
rpc_server/srv_samr_nt.c:_api_samr_create_user(2304)
  attempting to create non-unix account pedersen$
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching
for:[(&(uid=pedersen$)(objectclass=sambaAccount))]
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching for:[uid=pedersen$]
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1558)
  Adding new user
[2002/08/01 16:03:24, 2] passdb/pdb_ldap.c:init_ldap_from_sam(901)
  Setting entry for user: pedersen$
[2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:03:29, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:03:29, 3] passdb/pdb_ldap.c:search_top_nua_rid(1081)
  ldapsam_get_next_available_nua_rid: searching
for:[(&(uid=*)(objectclass=sambaAccount))]
[2002/08/01 16:03:29, 2] passdb/pdb_ldap.c:search_top_nua_rid(1100)
  search_top_nua_rid: 20 entries in the base!
...(removed user entries)
[2002/08/01 16:03:30, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching for:[rid=31002]
[2002/08/01 16:03:30, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1597)
  added: uid = pedersen$ in the LDAP database
[2002/08/01 16:03:30, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255)
  ldap_open_connection: connection opened
[2002/08/01 16:03:30, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398)
  ldap_connect_system: succesful connection to the LDAP server
[2002/08/01 16:03:30, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410)
  ldapsam_search_one_user: searching
for:[(&(uid=pedersen$)(objectclass=sambaAccount))]
[2002/08/01 16:03:30, 3] passdb/pdb_ldap.c:init_sam_from_ldap(656)
  Entry found for user: pedersen$

that puts this
dn: uid=pedersen$,dc=bitc,dc=unh,dc=edu
objectClass: sambaAccount
uid: pedersen$
rid: 31002
primaryGroupID: 513
pwdLastSet: 1028232210
displayName: PEDERSEN$
cn: PEDERSEN$
logonTime: 0
logoffTime: 0
kickoffTime: 0
pwdCanChange: 0
pwdMustChange: 1030046610
lmPassword: 744205497EBC66D8F73B5FA33D3BEC92
ntPassword: 6A666B809DDB872A0D3DC689EE0AF5A0
acctFlags: [W          ]

in the ldap server

my script puts this 

dn: uid=pedersen$,ou=Computers,dc=bitc,dc=unh,dc=edu
cn: pedersen$
uid: pedersen$
uidNumber: 2001
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
objectClass: top
objectClass: posixAccount
objectClass: sambaAccount
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
acctFlags: [W          ]
lmPassword: E6C22E3F158ACB1AE72C57EF50F76A05
ntPassword: 405508F135143FD1B331BC461DA9A7C6
rid: 5002
primaryGroupID: 0

in the ldap server

More information about the samba-technical mailing list