[Samba] XP Joining Samba Domain

_Chris McKeever_ tech-mail at prupref.com
Tue May 20 19:07:01 GMT 2003 

Buchan..thanks again for the support!

 
> _Chris McKeever_ wrote:
> > Here is my log file when I try to join a new computer (XP) 
> as well as the
> > ldap entry for it
> > I have tried with the account pre-existing and with the account not
> > existing, and I get the same error.
> >
> 
> Is this joining to the PDC or the BDC?

Those logs are from when it tries to join the BDC when the machine account
_already_ exists

> 
> > Please Note: that authenticating with an already joined 
> machine works
> fine.
> > and that the other machine is called marketing-x so I know 
> that the hyphen
> > is not the issue.
> >
> > Can anyone help me with this, I am going in circles.
> >
> > -----------------------------
> > ldap_connect_system: Binding to ldap server as 
> "cn=ldap,dc=prupref,dc=com"
> > [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
> >   ldap_connect_system: succesful connection to the LDAP server
> > [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
> >   ldap_search_one_user: searching
> > for:[(&(uid=marketing-y$)(objectclass=sambaAccount))]
> > [2003/05/20 09:44:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(756)
> >   Setting entry for user: marketing-y$
> > [2003/05/20 09:44:13, 0] 
> passdb/pdb_ldap.c:pdb_update_sam_account(1104)
> >   failed to modify user with uid = marketing-y$ with: No such object
> 
> In one join operation, you should see two subsequent LDAP searches,
> seperated by a running of the add user script (you may hav to bump the
> log level even higher to see this).
> 
> If both fail, it means either
> 1)The DN your BDC uses does not have write access to the LDAP master
> where it wants to put the new account.

When trying to join via the BDC without a machine account already, it
populates the master ldap and BDC$ getent passwd does return the new machine
.... would write access be a cause of joining failure if the machine account
already exists?

> 2)Replication does not work

replication is working

> 3)Replication does not work fast enough.
> 
possibly, but this does not explain why it fails when the machine account is
already set-up in the LDAP


> > dn: uid=marketing-y$,ou=Computers,dc=prupref,dc=com
> > objectClass: top
> > objectClass: posixAccount
> > objectClass: sambaAccount
> > uidNumber: 501
> 
> This seems a very low uid, is this uid unique?
> 

yes...my user accounts start at 1000 original linux users (passwd) end under
100


> > gidNumber: 1010
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description: Computer
> > uid: marketing-y$
> > pwdLastSet: 1053442890
> > logonTime: 0
> > logoffTime: 2147483647
> > kickoffTime: 2147483647
> > pwdCanChange: 0
> > pwdMustChange: 2147483647
> > displayName: marketing-y$
> > cn: marketing-y$
> > rid: 2002
> > primaryGroupID: 3021
> > acctFlags: [W          ]
> 
> Any system adding a machine account (except the *_nua backends in
> samba3) will check for an account, run the add user script, and check
> for an account again. But also note, that there must be a 
> system account
> (ie 'getent passwd marketing-y$' should return the new entry). If your
> /etc/ldap.conf is incorrectly set on the BDC, it may not pick 
> up the new
> account.

getent passwd marketing-y$ on the BDC correctly sees the account (either if
it is pre-existing or if the add user script from the BDC creates it)


> 
> If you still don't come right, either post the important settings from
> smb.conf and /etc/ldap.conf on all DC's, or mail me the files 
> off-list.
> 

Additional Comment:

I added it via the PDC and it worked fine...afterwards it authenticates from
the BDC without a hitch, so there is something not correct with it trying to
let it join (with or wothout the machine account existing)





> Regards,
> Buchan
> 
> - --
> |--------------Another happy Mandrake Club member--------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
> Stellenbosch Automotive Engineering         http://www.cae.co.za
> GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
> 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE+ymr6rJK6UGDSBKcRAkFfAJkBsuFActsIMh0IXu0kFwCPVTPMCgCfZsCu
> hcUhr6zHgprl4BaO8FTGVSs=
> =4KFz
> -----END PGP SIGNATURE-----
> 
> ******************************************************************
> Please click on http://www.cae.co.za/disclaimer.htm to read our
> e-mail disclaimer.
> ******************************************************************
>

More information about the samba mailing list