[Samba] Member Server in Active Directory

Daniel Ramaley daniel.ramaley at DRAKE.EDU
Wed Jun 16 14:57:57 GMT 2004


Well, there has been no response to this problem yet. However, i have 
stumbled upon the solution myself. I am posting it in the hope that the 
solution is archived so others may see it.

As previously posted, this command gives an error:
    # /usr/local/samba/bin/net ads join -U Cowles-Admin
    Cowles-Admin's password: 
    [2004/06/16 09:49:33, 0] libads/ldap.c:ads_add_machine_acct(1006)
      Host account for cowl-backup already exists - modifying old
    account
    [2004/06/16 09:49:33, 0] libads/ldap.c:ads_join_realm(1336)
      ads_add_machine_acct: No such object
    ads_join_realm: No such object

However, if the OU that the pre-existing machine account is appended to 
the command line, it works:
    # /usr/local/samba/bin/net ads join -U Cowles-Admin \
    "Cowles Library\Computers\testing"
    Cowles-Admin's password: 
    [2004/06/16 09:51:21, 0] libads/ldap.c:ads_add_machine_acct(1006)
      Host account for cowl-backup already exists - modifying old
    account
    Using short domain name -- DRAKE
    Joined 'COWL-BACKUP' to realm 'DRAKE.EDU'

I haven't done any testing yet, but so far it looks OK.

On Tuesday 15 June 2004 09:31 am, Daniel Ramaley wrote:
>I have a very similar problem. I just joined the list yesterday with
> the intent of asking about it, after failure to find a solution via
> Google. Here's the info on the problem:
>
>I have Samba 3.0.4 compiled from source running on OpenBSD 3.5.
>Cowles-Admin is the name of a user that has administrative access to
> an OU. I do not have administrator access to the entire Active
> Directory tree. I created a computer account in Active Directory
> called cowl-backup that the Samba server should use.
>
>For now i've been working with a fairly simple smb.conf:
>[global]
>    workgroup = DRAKE
>    realm = DRAKE.EDU
>    netbios name = cowl-backup
>    security = ads
>    password server = *
>    encrypt passwords = yes
>    private dir = /etc/samba/private
>
>I believe i have Kerberos set up correctly since the command
>    # /usr/local/kerberos/bin/kinit Cowles-Admin at DRAKE.EDU
>runs just fine and after running it i can use smbclient to browse
> shares without bring prompted for a password. For example, this
> command to connect to Cowles-Admin's profile share works correctly:
>    # /usr/local/samba/bin/smbclient '\\Cowles-Library\Cowles-Admin' \
>      -U Cowles-Admin -k
>
>I've created an account for the computer (cowl-backup) in AD. When i
> try to join i get an error. Here's what happens:
>    # /usr/local/samba/bin/net ads join -U Cowles-Admin
>    Cowles-Admin's password:
>    [2004/06/14 09:56:02, 0] libads/ldap.c:ads_add_machine_acct(1006)
>      Host account for cowl-backup already exists - modifying old
>    account
>    [2004/06/14 09:56:02, 0] libads/ldap.c:ads_join_realm(1336)
>      ads_add_machine_acct: No such object
>    ads_join_realm: No such object
>Using Google i was able to find a few others who had this problem, but
>no solution. If anyone here knows how to fix this, i would appreciate
>knowing about it. Thanks in advance.
>
>On Monday 14 June 2004 05:50 pm, M Maki wrote:
>>I'm trying to join a  Samba 3.0.4 (compiled from source on Debian) to
>> an Active Directory as a member server. I believe Kerberos is
>> configured correctly as kinit creates a ticket for the realm.
>> Executables appear to have support for Kerberos and LDAP (smbd -b |
>> grep KRB and grep LDAP) return OK.
>>
>>When I try to join the AD with
>>   net ads join -U myadminusername
>>I'm prompted for my password but then get:
>>   libads/ldap.c:ads_add_machine_acct(1006)
>>   Host account for inpsamo-debian already exists - modifying old
>> account libads/ldap.c:ads_join_realm(1336)
>>   ads_add_machine_acct: No such object
>>   ads_join_realm: No such object
>>
>>I only have admin rights for an ou of the Active Directory. Here is a
>> Windows LDP search of my ou:
>>
>>ldap_search_s(ld, "DC=pwr,DC=int,DC=edited,DC=com", 2, "(ou=SAMO)",
>> attrList, 0, &msg)
>>Result <0>: (null)
>>Matched DNs:
>>
>>Getting 1 entries:
>>>> Dn: OU=SAMO,OU=Mediterranean Coast
>>
>>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
>>	2> objectClass: top; organizationalUnit;
>>	1> ou: SAMO;
>>	1> description: SAMO;
>>	1> distinguishedName: OU=SAMO,OU=Mediterranean Coast
>>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
>>	1> name: SAMO;
>>	1> canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast
>> Network/SAMO;
>>
>>I guess my question is could it be how my realm is configured
>>(PWR.INT.EDITED.COM) or what else could keep me from joining the
>> directory?
>>
>>Current smb.conf:
>>[global]
>>   unix charset = LOCALE
>>   workgroup = PWR
>>   realm = PWR.INT.EDITED.COM
>>   server string = Samba 3.0.2
>>   security = ADS
>>   username map = /etc/samba/smbusers
>>   log level = 1
>>   syslog = 0
>>   log file = /var/log/samba/%m
>>   max log size = 50
>>   printcap name = CUPS
>>   ldap ssl = no
>>   idmap uid = 10000-20000
>>   idmap gid = 10000-20000
>>   template primary group = "Domain Users"
>>   template shell = /bin/bash
>>   winbind separator = +
>>   printing = cups
>>
>>[homes]
>>   comment = Home Directories
>>   valid users = %S
>>   read only = No
>>   browseable = No
>>
>>Thanks for any ideas...
>>
>>Mike
>
>--
>----------------------------------------------------------------------
>-- Dan Ramaley
>Digital Media Library Specialist
>(515) 271-1934
>Cowles Library 140, Drake University

-- 
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University



More information about the samba mailing list