Fwd: Re: [Samba] smbpasswd fails to add machine account with ldapsam

Christoph Rudorff christoph at wtal.de
Tue Nov 18 12:51:43 GMT 2003 

,--------------- Weitergeleitete Nachricht (Anfang)

 Betreff: Re: [Samba] smbpasswd fails to add machine account with ldapsam
 Absender: Christoph Rudorff 
 Datum: Mon, 17 Nov 2003 19:58:19 +0100
 Newsgruppe: linux.samba

 Pirkka Luukkonen wrote:
 
 > Hi!
 > 
 > I am seeing other users with the same problem as I have. 
 
 confirmed.
 
 > My samba also fails to add machine accounts. 
 
 Here it works (samba 3.0.0 Mandrake 9.2). I can create machine accounts on
 the fly. But if I switch to ldap backend, joining a domain fails. Windows
 finally says: "account not found" (english to german to english
 translation).
 
 But samba called the smbldap-useradd.pl and it made the correct entry to
 ldap - posixAccount, no sambaSamAccount. The related lines are commented
 out in the Perl script: "# Objectclass sambaSAMAccount is now added
 directly by samba when joigning the domain (for samba3)" - obviously not.
 
 So far all seems quite ok, but then windows (I guess) tries to login with
 the new account and fails. So most interesting is the ldap.log:
 
 [...]
 Nov 17 16:57:58 Monster slapd[24668]: conn=345 fd=27 ACCEPT from
 IP=127.0.0.1:35799 (IP=0.0.0.0:389)
 Nov 17 16:57:58 Monster slapd[9932]: conn=345 op=0 BIND
 dn="cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de" method=128
 Nov 17 16:57:58 Monster slapd[9932]: conn=345 op=0 BIND
 dn="cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de" mech=simple ssf=0
 Nov 17 16:57:58 Monster slapd[9932]: conn=345 op=0 RESULT tag=97 err=0
text=
 Nov 17 16:57:58 Monster slapd[9932]: conn=345 op=1 ADD
 dn="uid=nopliz$,ou=Hosts,dc=mki,dc=fh-duesseldorf,dc=de"
 Nov 17 16:57:59 Monster slapd[9932]: conn=345 op=1 RESULT tag=105 err=0
 text=
 Nov 17 16:57:59 Monster slapd[24668]: conn=342 fd=25 closed
 Nov 17 16:57:59 Monster slapd[24668]: conn=344 fd=28 closed
 
 So far so happy but then:
 
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=3 SRCH
 base="ou=People,dc=mki,dc=fh-duesseldorf,dc=de" scope=1
 filter="(&(objectClass=posixAccount)(uid=nopliz$))"
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=3 SRCH attr=uid
 userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
 description objectClass
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=3 SEARCH RESULT tag=101
 err=0 nentries=0 text=
 Nov 17 16:57:59 Monster slapd[404]: conn=345 op=2 UNBIND
 Nov 17 16:57:59 Monster slapd[404]: conn=345 fd=27 closed
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=4 SRCH
 base="ou=People,dc=mki,dc=fh-duesseldorf,dc=de" scope=1
 filter="(&(objectClass=posixAccount)(uid=NOPLIZ$))"
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=4 SRCH attr=uid
 userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
 description objectClass
 Nov 17 16:57:59 Monster slapd[9932]: conn=341 op=4 SEARCH RESULT tag=101
 err=0 nentries=0 text=
 Nov 17 16:57:59 Monster slapd[24668]: conn=339 fd=10 closed
 Nov 17 16:57:59 Monster slapd[24668]: conn=341 fd=26 closed
 
 ou=People ?!?!?!? Wrong! In our case must be ou=Hosts.
 
 Also the samba documentation makes me wonder:
 
 "ldap machine suffix (G)
         It specifies where machines should be added to the ldap tree."
 
 Ok, samba adds at the correct place but how about lookup? Even if I enter
 some nonsense values to all suffixes, samba always ask "ou=People". 
 
 I guess its time for a bug report.
 
 
 chris

`--------------- Weitergeleitete Nachricht (Ende)

More information about the samba mailing list