[Samba] Member Server in Active Directory
Daniel Ramaley
daniel.ramaley at DRAKE.EDU
Wed Jun 16 14:57:57 GMT 2004
Well, there has been no response to this problem yet. However, i have
stumbled upon the solution myself. I am posting it in the hope that the
solution is archived so others may see it.
As previously posted, this command gives an error:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password:
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cowl-backup already exists - modifying old
account
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
However, if the OU that the pre-existing machine account is appended to
the command line, it works:
# /usr/local/samba/bin/net ads join -U Cowles-Admin \
"Cowles Library\Computers\testing"
Cowles-Admin's password:
[2004/06/16 09:51:21, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cowl-backup already exists - modifying old
account
Using short domain name -- DRAKE
Joined 'COWL-BACKUP' to realm 'DRAKE.EDU'
I haven't done any testing yet, but so far it looks OK.
On Tuesday 15 June 2004 09:31 am, Daniel Ramaley wrote:
>I have a very similar problem. I just joined the list yesterday with
> the intent of asking about it, after failure to find a solution via
> Google. Here's the info on the problem:
>
>I have Samba 3.0.4 compiled from source running on OpenBSD 3.5.
>Cowles-Admin is the name of a user that has administrative access to
> an OU. I do not have administrator access to the entire Active
> Directory tree. I created a computer account in Active Directory
> called cowl-backup that the Samba server should use.
>
>For now i've been working with a fairly simple smb.conf:
>[global]
> workgroup = DRAKE
> realm = DRAKE.EDU
> netbios name = cowl-backup
> security = ads
> password server = *
> encrypt passwords = yes
> private dir = /etc/samba/private
>
>I believe i have Kerberos set up correctly since the command
> # /usr/local/kerberos/bin/kinit Cowles-Admin at DRAKE.EDU
>runs just fine and after running it i can use smbclient to browse
> shares without bring prompted for a password. For example, this
> command to connect to Cowles-Admin's profile share works correctly:
> # /usr/local/samba/bin/smbclient '\\Cowles-Library\Cowles-Admin' \
> -U Cowles-Admin -k
>
>I've created an account for the computer (cowl-backup) in AD. When i
> try to join i get an error. Here's what happens:
> # /usr/local/samba/bin/net ads join -U Cowles-Admin
> Cowles-Admin's password:
> [2004/06/14 09:56:02, 0] libads/ldap.c:ads_add_machine_acct(1006)
> Host account for cowl-backup already exists - modifying old
> account
> [2004/06/14 09:56:02, 0] libads/ldap.c:ads_join_realm(1336)
> ads_add_machine_acct: No such object
> ads_join_realm: No such object
>Using Google i was able to find a few others who had this problem, but
>no solution. If anyone here knows how to fix this, i would appreciate
>knowing about it. Thanks in advance.
>
>On Monday 14 June 2004 05:50 pm, M Maki wrote:
>>I'm trying to join a Samba 3.0.4 (compiled from source on Debian) to
>> an Active Directory as a member server. I believe Kerberos is
>> configured correctly as kinit creates a ticket for the realm.
>> Executables appear to have support for Kerberos and LDAP (smbd -b |
>> grep KRB and grep LDAP) return OK.
>>
>>When I try to join the AD with
>> net ads join -U myadminusername
>>I'm prompted for my password but then get:
>> libads/ldap.c:ads_add_machine_acct(1006)
>> Host account for inpsamo-debian already exists - modifying old
>> account libads/ldap.c:ads_join_realm(1336)
>> ads_add_machine_acct: No such object
>> ads_join_realm: No such object
>>
>>I only have admin rights for an ou of the Active Directory. Here is a
>> Windows LDP search of my ou:
>>
>>ldap_search_s(ld, "DC=pwr,DC=int,DC=edited,DC=com", 2, "(ou=SAMO)",
>> attrList, 0, &msg)
>>Result <0>: (null)
>>Matched DNs:
>>
>>Getting 1 entries:
>>>> Dn: OU=SAMO,OU=Mediterranean Coast
>>
>>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
>> 2> objectClass: top; organizationalUnit;
>> 1> ou: SAMO;
>> 1> description: SAMO;
>> 1> distinguishedName: OU=SAMO,OU=Mediterranean Coast
>>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
>> 1> name: SAMO;
>> 1> canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast
>> Network/SAMO;
>>
>>I guess my question is could it be how my realm is configured
>>(PWR.INT.EDITED.COM) or what else could keep me from joining the
>> directory?
>>
>>Current smb.conf:
>>[global]
>> unix charset = LOCALE
>> workgroup = PWR
>> realm = PWR.INT.EDITED.COM
>> server string = Samba 3.0.2
>> security = ADS
>> username map = /etc/samba/smbusers
>> log level = 1
>> syslog = 0
>> log file = /var/log/samba/%m
>> max log size = 50
>> printcap name = CUPS
>> ldap ssl = no
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> template primary group = "Domain Users"
>> template shell = /bin/bash
>> winbind separator = +
>> printing = cups
>>
>>[homes]
>> comment = Home Directories
>> valid users = %S
>> read only = No
>> browseable = No
>>
>>Thanks for any ideas...
>>
>>Mike
>
>--
>----------------------------------------------------------------------
>-- Dan Ramaley
>Digital Media Library Specialist
>(515) 271-1934
>Cowles Library 140, Drake University
--
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University
More information about the samba
mailing list