[Samba] Samba 3 + LDAP as PDC join domain problem

[Christian.Wittmer at intercomponentware.com]

"Jacky C.K Tsoi" <cktsoi at nyss.edu.hk>
Sent by: 
samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org
30.07.2004 06:45

 
        To:     samba at lists.samba.org
        cc: 
        Subject:        [Samba] Samba 3 + LDAP as PDC join domain problem


>Hi all,

>I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work 
correctly.
>However, while my Windows 200x workstation join the domain, I need to 
join it 
>twice. Here is what I do:

>1. Go to Computer properties -> Computer Name -> Change
>2. Enter the new domain name
>3. Enter Administrator and password

>then, it will return me that the user name cannot be found.
I had the same problem.
Are you using "nis" or only LDAP as backend ?
Do you use diferent OU's for Users and Machines? (e.g. ou=People and 
ou=Machines)?
If not using NIS. check /etc/ldap.conf and comment as follows

#nss_base_shadow
#nss_base_passwd

because if you're using different OU's and using the above two lines 
uncommented. The "Machine" you want to join will be searched in ou=People 
and that's why you get an "User not found". By commenting the two 
"nss_..." lines the Machine you want to join will be then searched in the 
correct OU. And there will be no error anymore in joining a machine to 
DOMAIN.

>I've checked the LDAP directory that the computer account is created 
>successfully without any problem.  So, I click OK again and enter the 
>Administrator account password again, and it success.
Set you LDAP to a higher LOGLEVEL and you will see what I Tried to 
explain.

>So, I'd like to know, why I need to do it twice even though the computer 
>account is already created successfully at the fist time?

>Thanks a lot.

No Matter
Christian


---
Jacky C.K Tsoi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba