[Samba] Cannot join SAMBA domain from XP/2K

Nathan Howard nhoward at brokers-online.co.uk
Tue Sep 21 10:05:02 GMT 2004 

deff wrote:
> On Saturday 18 September 2004 21:31, Alexei Monastyrnyi wrote:
> 
>>And what was the result of that struggle?
>>Didi you make it work?
>>
> 
> Yes, I did. In some other thread someone mentioned that it is mandatory to put 
> all users and machines accounts to ou=People due to some weird samba design 
> decision. However, it isn't mentioned in any howto, neither official nor 
> idealx's, and samba doesn't complain about it in any way either. Too 
> bad...for me.


Actually it is mentioned in the samba guide:
Chapter 6:
http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html

1/2 way down the page just before table 6.2 there is a "Note"

==quote==
  In the following examples, as the LDAP database is initialized, we do 
create a container for Computer (machine) accounts. In the Samba-3 
smb.conf files, specific use is made of the People container, not the 
Computers container, for domain member accounts. This is not a mistake; 
it is a deliberate action that is necessitated by the fact that there is 
a bug in Samba-3 that prevents it from being able to search the LDAP 
database for computer accounts if they are placed in the Computers 
container. By placing all machine accounts in the People container, we 
are able to side-step this bug. It is expected that at some time in the 
future this problem will be resolved. At that time, it will be possible 
to use the Computers container in order to keep machine accounts 
separate from user accounts.
==endquote==


However the samba Howto is very vaugue
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2533197

Under "Accounts and Group Management"

==quote==
  Machine accounts are managed with the sambaSamAccount objectclass, 
just like users accounts. However, it is up to you to store those 
accounts in a different tree of your LDAP namespace. You should use 
“ou=Groups,dc=quenya,dc=org” to store groups and 
“ou=People,dc=quenya,dc=org” to store users. Just configure your NSS and 
PAM accordingly (usually, in the /etc/openldap/sldap.conf  configuration 
file).
==endquote==

I am having similar symptoms as well although I am using the same 
container for both Users and Computers.

The symptoms being "User not found" when trying to join domain from 2k 
box. I'm still investigating at the moment although this worked fine 
with samba 3.0.4 with exactly same config.

Samba is now 3.0.7
Not sure about the IDELX scripts as they came with the samba gentoo 
package so i'm about to look to see what version they really are.

Nathan

More information about the samba mailing list