[Samba] XP Joining Samba Domain

Buchan Milne bgmilne at cae.co.za
Tue May 20 17:50:50 GMT 2003

Hash: SHA1

_Chris McKeever_ wrote:
> Here is my log file when I try to join a new computer (XP) as well as the
> ldap entry for it
> I have tried with the account pre-existing and with the account not
> existing, and I get the same error.

Is this joining to the PDC or the BDC?

> Please Note: that authenticating with an already joined machine works
> and that the other machine is called marketing-x so I know that the hyphen
> is not the issue.
> Can anyone help me with this, I am going in circles.
> -----------------------------
> ldap_connect_system: Binding to ldap server as "cn=ldap,dc=prupref,dc=com"
> [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
>   ldap_connect_system: succesful connection to the LDAP server
> [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
>   ldap_search_one_user: searching
> for:[(&(uid=marketing-y$)(objectclass=sambaAccount))]
> [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(756)
>   Setting entry for user: marketing-y$
> [2003/05/20 09:44:13, 0] passdb/pdb_ldap.c:pdb_update_sam_account(1104)
>   failed to modify user with uid = marketing-y$ with: No such object

In one join operation, you should see two subsequent LDAP searches,
seperated by a running of the add user script (you may hav to bump the
log level even higher to see this).

If both fail, it means either
1)The DN your BDC uses does not have write access to the LDAP master
where it wants to put the new account.
2)Replication does not work
3)Replication does not work fast enough.

> dn: uid=marketing-y$,ou=Computers,dc=prupref,dc=com
> objectClass: top
> objectClass: posixAccount
> objectClass: sambaAccount
> uidNumber: 501

This seems a very low uid, is this uid unique?

> gidNumber: 1010
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> uid: marketing-y$
> pwdLastSet: 1053442890
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: marketing-y$
> cn: marketing-y$
> rid: 2002
> primaryGroupID: 3021
> acctFlags: [W          ]

Any system adding a machine account (except the *_nua backends in
samba3) will check for an account, run the add user script, and check
for an account again. But also note, that there must be a system account
(ie 'getent passwd marketing-y$' should return the new entry). If your
/etc/ldap.conf is incorrectly set on the BDC, it may not pick up the new

If you still don't come right, either post the important settings from
smb.conf and /etc/ldap.conf on all DC's, or mail me the files off-list.


- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer.

More information about the samba mailing list