[Samba] Samba 3 + LDAP as PDC join domain problem
Jacky C.K Tsoi
cktsoi at nyss.edu.hk
Tue Aug 3 03:04:34 GMT 2004
I'm using LDAP only, no NIS or other password backends. The OU are
different for users and computers (ou=People & ou=Computer).
I've tried to comment out both lines, and tried that I'm able to "finger"
those computer accounts in the prompt. However, the problem persist and I
still need to enter the password twice.
I've tried to set the log level = 6 but seems no useful information can be
found, how can I set Samba to log more information about my problem?
_____
From: Christian.Wittmer at intercomponentware.com
[mailto:Christian.Wittmer at intercomponentware.com]
Sent: Monday, August 02, 2004 6:06 PM
To: Jacky C.K Tsoi
Subject: Re: [Samba] Samba 3 + LDAP as PDC join domain problem
"Jacky C.K Tsoi" <cktsoi at nyss.edu.hk>
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org
30.07.2004 06:45
To: samba at lists.samba.org
cc:
Subject: [Samba] Samba 3 + LDAP as PDC join domain problem
>Hi all,
>I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work correctly.
>However, while my Windows 200x workstation join the domain, I need to join
it
>twice. Here is what I do:
>1. Go to Computer properties -> Computer Name -> Change
>2. Enter the new domain name
>3. Enter Administrator and password
>then, it will return me that the user name cannot be found.
I had the same problem.
Are you using "nis" or only LDAP as backend ?
Do you use diferent OU's for Users and Machines? (e.g. ou=People and
ou=Machines)?
If not using NIS. check /etc/ldap.conf and comment as follows
#nss_base_shadow
#nss_base_passwd
because if you're using different OU's and using the above two lines
uncommented. The "Machine" you want to join will be searched in ou=People
and that's why you get an "User not found". By commenting the two "nss_..."
lines the Machine you want to join will be then searched in the correct OU.
And there will be no error anymore in joining a machine to DOMAIN.
>I've checked the LDAP directory that the computer account is created
>successfully without any problem. So, I click OK again and enter the
>Administrator account password again, and it success.
Set you LDAP to a higher LOGLEVEL and you will see what I Tried to explain.
>So, I'd like to know, why I need to do it twice even though the computer
>account is already created successfully at the fist time?
>Thanks a lot.
No Matter
Christian
---
Jacky C.K Tsoi
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list