[Samba] Samba 3 + LDAP as PDC join domain problem

Jacky C.K Tsoi cktsoi at nyss.edu.hk
Tue Aug 3 03:04:34 GMT 2004 

I'm using LDAP only, no NIS or other password backends.  The OU are
different for users and computers (ou=People & ou=Computer).
 
I've tried to comment out both lines, and tried that I'm able to "finger"
those computer accounts in the prompt.  However, the problem persist and I
still need to enter the password twice.
 
I've tried to set the log level = 6 but seems no useful information can be
found, how can I set Samba to log more information about my problem?
 
 

  _____  

From: Christian.Wittmer at intercomponentware.com
[mailto:Christian.Wittmer at intercomponentware.com] 
Sent: Monday, August 02, 2004 6:06 PM
To: Jacky C.K Tsoi
Subject: Re: [Samba] Samba 3 + LDAP as PDC join domain problem





	"Jacky C.K Tsoi" <cktsoi at nyss.edu.hk> 
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org 


30.07.2004 06:45 


        
        To:        samba at lists.samba.org 
        cc:         
        Subject:        [Samba] Samba 3 + LDAP as PDC join domain problem



>Hi all,

>I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work correctly.
>However, while my Windows 200x workstation join the domain, I need to join
it 
>twice. Here is what I do:

>1. Go to Computer properties -> Computer Name -> Change
>2. Enter the new domain name
>3. Enter Administrator and password

>then, it will return me that the user name cannot be found. 
I had the same problem. 
Are you using "nis" or only LDAP as backend ? 
Do you use diferent OU's for Users and Machines? (e.g. ou=People and
ou=Machines)? 
If not using NIS. check /etc/ldap.conf and comment as follows 

#nss_base_shadow 
#nss_base_passwd 

because if you're using different OU's and using the above two lines
uncommented. The "Machine" you want to join will be searched in ou=People
and that's why you get an "User not found". By commenting the two "nss_..."
lines the Machine you want to join will be then searched in the correct OU.
And there will be no error anymore in joining a machine to DOMAIN. 

>I've checked the LDAP directory that the computer account is created 
>successfully without any problem.  So, I click OK again and enter the 
>Administrator account password again, and it success. 
Set you LDAP to a higher LOGLEVEL and you will see what I Tried to explain.

>So, I'd like to know, why I need to do it twice even though the computer 
>account is already created successfully at the fist time?

>Thanks a lot. 

No Matter 
Christian


---
Jacky C.K Tsoi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list