[Samba] Adding a machine; I think I am onto something

Jim jcllings at tsunamicomm.net
Sat Jan 18 22:57:00 GMT 2003 

Parameters are:
Samba 2.2.7a PDC setup with LDAP includeing posix authentication for Linux.

OK, the tutorial I've based my setup on is the Mandrake tutorial found 
at http://www.mandrakesecure.net/en/docs/ldap-auth.php
Works great for autenticateing Linux from LDAP but it is really sparse 
on the Samba side of things.  Esepcially when it comes to adding machine 
trust accounts.

So anyway I have some theories I would like verified.
I've found that I can add a posix based machine name and that works fine 
BUT it only works in ou=People.  The system cannot find a machine 
account in ou=Computers.

Seems to me that several things have occured:
> Jan 18 14:08:42 enigma smbd[12254]: [2003/01/18 14:08:42, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) 
> Jan 18 14:08:42 enigma smbd[12254]:   LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries. 

1. Search for a uid=spartack$ which also has objectclass=sambaAccount.

> Jan 18 14:08:42 enigma smbd[12254]: [2003/01/18 14:08:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) 

2. Get the password.

> Jan 18 14:08:42 enigma smbd[12254]:   get_md4pw: Workstation spartack$: no account in domain 

3. Can't find the account.(of course because the user has not been added
by the 'add user script' setting in smb.conf yet.)

> Jan 18 14:08:49 enigma smbd[12255]: [2003/01/18 14:08:49, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) 
> Jan 18 14:08:49 enigma smbd[12255]:   LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries. 
> Jan 18 14:08:50 enigma smbd[12255]: [2003/01/18 14:08:50, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) 
> Jan 18 14:08:50 enigma smbd[12255]:   User spartack$ does not exist in system password file (usually /etc/passwd). Cannot add account without 
> a valid local system user. 

4. Try again only execute the 'add user script' first.

Theoretically, it did not find one because there is no objectClass 
sambaAccount in the entry HOWEVER, I know from previous attempts it does 
find the posix only Computer account when it is placed in ou=People.  Is 
there perhaps a different search performed the fist time around despite 
the log entry or is my understanding of 
"(&(uid=spartack_)(objectclass=sambaAccount))" flawed?

So am I on target here?  I can solve the problem if I can understand it. :-)

More information about the samba mailing list