[Samba] Machine accounts searching People

Curtis Grote cgrote at memhosp.com
Wed Dec 17 21:45:28 GMT 2003

Using Samba 3.0.1 as PDC with LDAP backend under SuSE 8.2.
When I try to add a machine account at my windows NT workstation using
user 'root' and password, - which I have added to ldap using:
smbldap-useradd.pl -a root -u 0
I get message on NT 'The machine account for this computer either does not
exist or is inaccessible'. The /var/log/messages show that the machine
account was indeed added successfully, but the subsequent searches are
looking for my machine name 'silver$' under cn=People. Any ideas why?

Curtis Grote
Memorial Hospital

slapd[18277]: ACCEPT from IP= (IP=:: 389)
slapd[18277]: conn=24 op=0 BIND dn="cn=admin,dc=pmmc,dc=com" method=128
slapd[18277]: conn=24 op=0 AUTHZ dn="cn=admin,dc=pmmc,dc=com" mech=simple ssf=0
slapd[18277]: conn=24 op=0 RESULT tag=97 err=0 text=
slapd[18278]: conn=24 op=1 ADD dn="uid=silver$,ou=Computers,dc=pmmc,dc=com"
slapd[18278]: conn=24 op=1 RESULT tag=105 err=0 text=
slapd[18277]: conn=24 op=2 UNBIND
slapd[18277]: conn=24 fd=27 closed
slapd[18275]: conn=23 fd=26 closed
slapd[18275]: conn=19 fd=25 closed
slapd[18278]: conn=18 op=5 SRCH base="ou=People,dc=pmmc,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=silver$))"
slapd[18278]: conn=18 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[18277]: conn=18 op=6 SRCH base="ou=People,dc=pmmc,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=SILVER$))"
slapd[18277]: conn=18 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[18278]: conn=17 op=9 SRCH base="dc=pmmc,dc=com" scope=2 filter="(&(&(uid=SILVER$)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"
slapd[18278]: conn=17 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[18277]: conn=17 op=10 SRCH base="ou=Groups,dc=pmmc,dc=com" scope=2 filter="(&(objectClass=sambaGroupMapping)(|(displayName=SILVER$)(cn=SILVER$)))"
slapd[18277]: conn=17 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[18278]: conn=18 op=7 SRCH base="ou=Groups,dc=pmmc,dc=com" scope=2 filter="(&(objectClass=posixGroup)(cn=SILVER$))"
slapd[18278]: conn=18 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[18275]: conn=17 fd=7 closed
slapd[18275]: conn=18 fd=24 closed 

        security = user
        encrypt passwords = Yes

# Domain Master settings
        preferred master = yes
        domain master = yes
        local master = yes
        domain logons = yes
        logon path = \\%N\profiles\%u
        logon drive = X:
        logon home = \\kemosabe\%u\winprofile
        logon script = login.cmd

        debug level = 2

        idmap backend = ldap:ldap://localhost
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = no
        winbind enum groups = no

passdb backend = ldapsam:ldap://kemosabe.pmmc.com
ldap admin dn="cn=admin,dc=pmmc,dc=com"
ldap ssl = off
ldap delete dn = no
ldap passwd sync = yes
ldap suffix = dc=pmmc,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap idmap suffix = dc=pmmc,dc=com

passwd program = /home/sambaldap/smbldap-passwd.pl '%u'

add user script = /home/sambaldap/smbldap-useradd.pl -m '%u'
delete user script = /home/sambaldap/smbldap-userdel.pl '%u'
add group script = /home/sambaldap/smbldap-groupadd.pl '%g'
delete group script = /home/sambaldap/smbldap-groupdel.pl '%g'
add user to group script = /home/sambaldap/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script = /home/sambaldap/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /home/sambaldap/smbldap-usermod.pl -g '%g' '%u'
add machine script = /home/sambaldap/smbldap-useradd.pl -a -w -d /dev/null -g 553 -c 'Machine Account' -s /bin/false %m

More information about the samba mailing list