[Samba] joining a domain (ldap)

Thu Dec 18 14:11:50 GMT 2003

All,

I try to add a computer to a PDC running SAMBA 3.0 (client is Windows 
NT 4.0 SP5). I want all the user- and machine accounts stored on my 
LDAP server.

When I try to join the domain I just get the error message "The 
machine account for this computer either does not exist or is not 
accessible".

When I look on my LDAP-Server, I see that SAMBA has not created an 
account for my computer. Why?

This is my first step into LDAP and also PDC so let me describe what 
I've done so far:

My LDAP-Server is configured like this:

dc=set-software,dc=de
  +- cn=admin      (My LDAP-Admin)
  +- ou=Computer   (for Machine accounts)
  +- ou=User       (for SAMBA and UNIX-Users)
     +- uid=Administrator
     +- uid=nobody
     +- uid=root
  +- ou=Group      (for SAMBA and UNIX-Groups)
  +- sambaDomainName=S.E.T.

And this is my smb.conf:

[global]
log level       = 10 passdb:10 auth:10 winbind:10
workgroup       = S.E.T.
netbios name    = KIRK
server string   = Captain Kirk (SAMBA %v on %h)
account         = nobody
invalid users   = root
guest ok        = no
keep alive      = 30
os level        = 65
security        = user
obey pam restrictions   = yes
printing        = bsd
printcap name   = /etc/printcap
load printers   = no
printer admin   = mk
bind interfaces only    = yes
interfaces      = eth1
hosts allow     = 192.168.199.0/255.255.255.0
socket options  = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 
SO_RCVBUF=4096
wins support    = yes
domain logons   = yes
domain master   = yes
local master    = yes
preferred master= yes
logon drive     = U:
logon home      = \\KIRK\home
logon path      = \\KIRK\profile
encrypt passwords       = true
passdb backend  = ldapsam:ldap://localhost
time server     = yes
dns proxy       = no
oplocks         = yes
fake oplocks    = no
level2 oplocks  = yes
dead time       = 15
read raw        = yes
write raw       = yes
getwd cache     = yes
dos filetime resolution = yes
case sensitive  = no
default case    = lower
preserve case   = yes

short preserve case     = yes
dos charset     = CP850
unix charset    = ISO8859-1
lm announce     = yes
lm interval     = 60
max log size    = 1000
passwd program  = /usr/bin/passwd %u
passwd chat     = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

ldap suffix          = "dc=set-software,dc=de"
ldap user suffix     = "ou=User"
ldap machine suffix  = "ou=Computer"
ldap admin dn        = "cn=admin,dc=set-software,dc=de"

[netlogon]
path       = /home/netlogon
public     = no
read only  = yes
browseable = no
locking    = no
guest ok   = yes

[profile]
path            = /home/profile
read only       = no
browseable      = no
create mode     = 0600
directory mode  = 0700

[home]
path            = /home/%U
read only       = no
create mode     = 0600
directory mode  = 0700

Hope someone can help me!

Thank you,
  Michael