[Samba] ldapsam_compat - join workstation to domain problem

Tirone Nel tironen at clubtech.co.za
Wed Oct 8 11:33:47 GMT 2003

Hi all!

Is there anybody using Samba 3 with the ldapsam_compat backend that is able
to add Windows 2000/XP workstations to their domain successfully that could
please share details of their setup with me (perhaps anybody who was
initially involved with testing it)?

Please can you give me all the relevant group mappings and relevant LDAP
entries (eg. uid=administrator, etc) you have used in order for this
function to work.  I'm positive that I've followed the smb-ldap-3-howto to
the letter and for some reason I am still receiving the "No mapping between
account names and security IDs was done" upon workstation join.  I have
checked logs on level 10 and really can't find the problem.  I must've
missed something indeed!

Tirone Nel
Systems Administrator
Club Technology

-----Original Message-----
From: samba-bounces+tironen=clubtech.co.za at lists.samba.org
[mailto:samba-bounces+tironen=clubtech.co.za at lists.samba.org] On Behalf Of
Tirone Nel
Sent: 07 October 2003 13:53
To: samba at lists.samba.org

Hi there

I am using Samba 3.0 release with the ldapsam_compat backend until we are
ready to migrate to the new LDAP samba schema.  Using the same "root" LDAP
user (and smbldap-tools) that Samba 2.28 allowed me to add workstations to
the domain successfully, I receive a new error - "No mapping between account
names and security IDs was done".  When I switch to the domain running on
Samba 2, it then joins the user perfectly.

I have used the smb-ldap-3-howto as my guideline.  The LDAP "root" user's
uidNumber and gidNumber are both 0.  The primaryGroupID is 512 and the rid
is 1000 (I even tried using the name "Administrator" as per the
aforementioned howto, but that made no difference anyway).

I have mapped the group - [localsid]-512 to the "admins" group (gidNumber
0).  I even tried mapping the group [localsid]-1001 to admins group too, but
got the same error.

I am at my wit's end, as I have scoured google, the Samba mailing lists, the
howto's, documentation, etc, and have found no record of this existing
error.  What could the problem be?

On a side note, I did run a test after converting to a ldapsam v3 and ended
up with the same error!  So it's not the fact that I'm using ldapsam_compat.
I have tried adding multiple workstations and it is not caused from any
capital letters (as per the same error message appearing apparently in some
Samba 2.x setups).

Tirone Nel
Systems Administrator
Club Technology

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list