[Samba] samba3 + ldap pdbedit machine trust account problem

David Butterworth david at economicoutlook.net
Wed Nov 5 20:48:25 GMT 2003 

Please help,

I am experiencing a weird error when trying to join a winXP Pro
workstation to my samba3 + LDAP Domain.

When I specify the account to on my system that has uid 0, I receive a
user account cannot be found error.

Now I know this isnt the case since I can browse the samba server with
this account. Note: it is in tdbsam not ldap

When I look for the machine account in the ldap directory, it has
created a posix account without the sambaSamAccount entries ???

I then tried to manually create the sambaSamAccount entries using 
pdbedit which failed. Output futher down.

I have had this stuff working before, but this time I am running
a slightly more complex ldap tree structure. As the output below shows
it can find the machine account entry but then can't insert the
sambaSAMAccount entries to go with it.

Thanks in advance.
David

-------------------------------------------------------
Output from pdbedit

austin scripts # pdbedit -a -m -u cc1
INFO: Current debug levels:
  all: True/10
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
doing parameter workgroup = WA.INTRANET
doing parameter netbios name = AUSTIN
handle_netbios_name: set global_myname to: AUSTIN
doing parameter server string = Samba Server %v
doing parameter printcap name = cups
doing parameter load printers = yes
doing parameter printing = cups
doing parameter log file = /var/log/samba3/log.%m
doing parameter max log size = 50
doing parameter map to guest = bad user
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter smb passwd file = /etc/samba/private/smbpasswd
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter interfaces = 192.168.1.0/24
doing parameter local master = yes
doing parameter os level = 33
doing parameter domain master = yes
doing parameter preferred master = yes
doing parameter domain logons = yes
doing parameter logon script = %U.bat
doing parameter logon path = \\%L\Profiles\%U
doing parameter logon home = \\%L\%U\.profile
doing parameter add user script =
/usr/share/samba/scripts/smbldap-useradd.pl '%u'
doing parameter delete user script =
/usr/share/samba/scripts/smbldap-userdel.pl '%u'
doing parameter add user to group script =
/usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
doing parameter delete user from group script =
/usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
doing parameter set primary group script =
/usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
doing parameter add group script =
/usr/share/samba/scripts/smbldap-groupadd.pl '%g' &&
/usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/
{print $2}'
doing parameter delete group script =
/usr/share/samba/scripts/smbldap-userdel.pl '%g'
doing parameter add machine script =
/usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g 'Domain
Computers' -c 'Machine Account' -s /bin/false %u
doing parameter passdb backend = ldapsam:ldap://austin.intranet tdbsam
guest
doing parameter ldap admin dn = cn=root,dc=coolorcosy,dc=com,dc=au
doing parameter ldap ssl = start_tls
doing parameter ldap suffix = dc=coolorcosy,dc=com,dc=au
doing parameter ldap user suffix = ou=People,dc=coolorcosy,dc=com,dc=au
doing parameter ldap machine suffix = ou=Computers,ou=WA,ou=Locations
doing parameter ldap group suffix = ou=Groups,ou=WA,ou=Locations
doing parameter ldap passwd sync = Yes
doing parameter wins support = yes
doing parameter dns proxy = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Trying to load: ldapsam:ldap://austin.intranet
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://austin.intranet (ldapsam)
Found pdb backend ldapsam
Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WA.INTRANET))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WA.INTRANET))]
smbldap_open_connection: ldap://austin.intranet
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://austin.intranet as
"cn=root,dc=coolorcosy,dc=com,dc=au"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://austin.intranet has a valid init
Trying to load: tdbsam
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="AUSTIN"
Trying to load: ldapsam:ldap://austin.intranet
Attempting to find an passdb backend to match
ldapsam:ldap://austin.intranet (ldapsam)
Found pdb backend ldapsam
Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WA.INTRANET))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WA.INTRANET))]
smbldap_open_connection: ldap://austin.intranet
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://austin.intranet as
"cn=root,dc=coolorcosy,dc=com,dc=au"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://austin.intranet has a valid init
Trying to load: tdbsam
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
pdb_set_username: setting username cc1$, was
pdb_set_group_sid: setting group sid
S-1-5-21-1902893797-2275535870-1801580251-515
pdb_set_group_sid_from_rid:
        setting group sid S-1-5-21-1902893797-2275535870-1801580251-515
from rid 515
smbldap_search_suffix: searching
for:[(&(uid=cc1$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching for:[(uid=cc1$)]
ldapsam_add_sam_account: User exists without samba attributes: adding
them
init_ldap_from_sam: Setting entry for user: cc1$
smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [<does not
exist>]
smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>]
smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>]
smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>]
smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>]
smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>]
ldapsam_modify_entry: Failed to modify user dn=
uid=cc1$,ou=Computers,ou=WA,ou=Locations,dc=coolorcosy,dc=com,dc=au
with: Object class violation
        object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = cc1$ (dn =
uid=cc1$,ou=Computers,ou=WA,ou=Locations,dc=coolorcosy,dc=com,dc=au)Unable to add machine! (does it already exist?)

More information about the samba mailing list