[Samba] Can't join Samba-LDAP PDC

Bousquet Francois Francois.Bousquet at cgi.ca
Wed Aug 11 18:45:03 GMT 2004


I am trying to join a windows server (Nt4 or 2K) to a Samba-LDAP PDC. 

Error message on Windows : The machine account for this computer either does
not exist or is inaccessible.

log.smbd : 

[2004/08/10 22:29:03, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [dc=prod,dc=blc,dc=com], filter =>
[(&(uid=NC1981WTX03$)(objectclass=sambaSamAccount))], scope => [2]
[2004/08/10 22:29:03, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1157)
  ldapsam_getsampwnam: Unable to locate user [NC1981WTX03$] count=0


It creates a computer object in ldap with smbldap-useradd script from
www.idealx.org but Samba seems to search for sambaSamAccount on this object,
which is not a class of the newly created computer object.

I read that Samba is supposed to modify the object and add the
SambaSAMAccount, but my Samba isn`t doing that.

Here is my configure :
./configure --prefix=/soft/samba3 --with-ldap --with-ldapsam

Samba version 3.0.4
OpenLDAP 2.2.13

This is my smb.conf :

[global]
workgroup = INET_PROD
netbios name = ub1981wfx01
server string = Samba LDAP-PDC INET_PROD
security = user
encrypt passwords = Yes
passdb backend = ldapsam:ldap://ub1981wfx01
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
domain logons = Yes

add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%g'
'%u'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'

ldap suffix = dc=prod,dc=blc,dc=com
ldap machine suffix = ou=Computers
ldap user suffix    = ou=Users
ldap group suffix   = ou=Groups
ldap idmap suffix   = ou=Users

ldap filder = (uid=%u)
ldap delete dn = yes

#ldap admin dn = cn=miniadmin,ou=DSA,dc=prod,dc=blc,dc=com
ldap admin dn = cn=Manager,dc=prod,dc=blc,dc=com
#ldap ssl = start_tls
ldap passwd sync = Yes

idmap backend = ldap:ldap://ub1981wfx01
idmap uid = 15000-20000
idmap gid = 15000-20000

winbind separator = +

[data]
comment = Data
path = /tmp
read only = Yes
guest ok = Yes






More information about the samba mailing list