[Samba] smbldap-tools not playing nice w/ samba ?

Ben Davis ben at xsusio.com
Thu Apr 7 14:19:15 GMT 2005

Joaquin wrote:

> Ben Davis wrote:
>> Please help!
>> I'm having a difficult time getting a machine to join my domin.  
>> Samba sucessfully adds the machine account using the smbldap-useradd 
>> -w script,  but I get the error "The user name could not be found".
>> Here's what it looks like it's doing in the ldap logs:  1. There's a 
>> login as cn=Manager, which searches for the root account, and then 
>> for a bunch of gidNumbers.  It then searches for the machine$ with a 
>> sambaSamAccount objectclass, and exits.
>> 2. It then reconnects anonymously and searches for machine$ and 
>> MACHINE$ twice (no results).
>> 3. After that it connects again as cn=Manager and and searches for 
>> the machine$ under posixAccount (still no restuls).  It then finally 
>> adds the entry for machine$  but without the sambaSamAccount 
>> objectclass.
>> After that there are no more LDAP queries.   What could be causing 
>> the error I'm getting?
> If you have a Machines= suffix different as the Users= suffix, the 
> problem is in the ldap.conf settings. Nothing to do with the 
> smbldap-tools. The smbldap-tools creates only a posix entry in the 
> Machines tree, leaving to samba the addition of the SambaSamAccount 
> class to the machine entry. The problem is that Samba relies in the 
> ldap.conf config to search for the machine account. Usually, you have 
> only a search here for the users account. The trick is to add a second 
> nss_base_password line pinting to the machines tree of LDAP. And then 
> works.
Yeah,  I read about that earlier and changed my  nss_base_password line 
to read:

nss_base_passwd       dc=pca-wichita,dc=com?sub

(that is my base dn).  The problem is that in the slapd logs,  the LAST 
thing happens before I get the error is samba ADDS the posix machine 
account.  It does nothing after that. Here's the slapd log of all 
operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP= (IP=
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify it's 
objectClass, or anything like that. What's going on here?

More information about the samba mailing list