[Samba] Re: joining a domain (ldap)

[Curtis Grote]

Michael,
I think you need the 'add machine script' parameter in your smb.conf. You
may also want to consider the add user and group scripts. The examples I
used were the smbldap_tools scripts. I also was unable to get a machine
account added until I created an ldap user of 'root', because I think root
is used by samba to perform the machine add, which is actually a user add
with a '$' appended to the name.
Curtis Grote
Memorial Hospital

On Thu, 18 Dec 2003 14:11:50 +0000, Michael Knigge wrote:

> All,
> 
> I try to add a computer to a PDC running SAMBA 3.0 (client is Windows 
> NT 4.0 SP5). I want all the user- and machine accounts stored on my 
> LDAP server.
> 
> When I try to join the domain I just get the error message "The 
> machine account for this computer either does not exist or is not 
> accessible".
> 
> When I look on my LDAP-Server, I see that SAMBA has not created an 
> account for my computer. Why?
> 
> This is my first step into LDAP and also PDC so let me describe what 
> I've done so far:
> 
> 
> My LDAP-Server is configured like this:
> 
> dc=set-software,dc=de
>   +- cn=admin      (My LDAP-Admin)
>   +- ou=Computer   (for Machine accounts)
>   +- ou=User       (for SAMBA and UNIX-Users)
>      +- uid=Administrator
>      +- uid=nobody
>      +- uid=root
>   +- ou=Group      (for SAMBA and UNIX-Groups)
>   +- sambaDomainName=S.E.T.
> 
> 
> 
> And this is my smb.conf:
> 
> 
> [global]
> log level       = 10 passdb:10 auth:10 winbind:10
> workgroup       = S.E.T.
> netbios name    = KIRK
> server string   = Captain Kirk (SAMBA %v on %h)
> account         = nobody
> invalid users   = root
> guest ok        = no
> keep alive      = 30
> os level        = 65
> security        = user
> obey pam restrictions   = yes
> printing        = bsd
> printcap name   = /etc/printcap
> load printers   = no
> printer admin   = mk
> bind interfaces only    = yes
> interfaces      = eth1
> hosts allow     = 192.168.199.0/255.255.255.0
> socket options  = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 
> SO_RCVBUF=4096
> wins support    = yes
> domain logons   = yes
> domain master   = yes
> local master    = yes
> preferred master= yes
> logon drive     = U:
> logon home      = \\KIRK\home
> logon path      = \\KIRK\profile
> encrypt passwords       = true
> passdb backend  = ldapsam:ldap://localhost
> time server     = yes
> dns proxy       = no
> oplocks         = yes
> fake oplocks    = no
> level2 oplocks  = yes
> dead time       = 15
> read raw        = yes
> write raw       = yes
> getwd cache     = yes
> dos filetime resolution = yes
> case sensitive  = no
> default case    = lower
> preserve case   = yes
> 
> short preserve case     = yes
> dos charset     = CP850
> unix charset    = ISO8859-1
> lm announce     = yes
> lm interval     = 60
> max log size    = 1000
> passwd program  = /usr/bin/passwd %u
> passwd chat     = *Enter\snew\sUNIX\spassword:* %n\n 
> *Retype\snew\sUNIX\spassword:* %n\n .
> 
> ldap suffix          = "dc=set-software,dc=de"
> ldap user suffix     = "ou=User"
> ldap machine suffix  = "ou=Computer"
> ldap admin dn        = "cn=admin,dc=set-software,dc=de"
> 
> [netlogon]
> path       = /home/netlogon
> public     = no
> read only  = yes
> browseable = no
> locking    = no
> guest ok   = yes
> 
> [profile]
> path            = /home/profile
> read only       = no
> browseable      = no
> create mode     = 0600
> directory mode  = 0700
> 
> 
> [home]
> path            = /home/%U
> read only       = no
> create mode     = 0600
> directory mode  = 0700
> 
> 
> Hope someone can help me!
> 
> Thank you,
>   Michael