[Samba] smbldap-tools not playing nice w/ samba ?

Joaquin Villanueva joaquin at liga-acb.es
Thu Apr 7 15:08:34 GMT 2005

I had the same problem here. The change you've made was the same. Going 
up to the root level of LDAP and set a sub search. No way. The solution 
was to put TWO nss_base_passwd lines:

nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one

Try it and let me know...

Ben Davis wrote:
> Joaquin wrote:
>> Ben Davis wrote:
>>> Please help!
>>> I'm having a difficult time getting a machine to join my domin.  
>>> Samba sucessfully adds the machine account using the smbldap-useradd 
>>> -w script,  but I get the error "The user name could not be found".
>>> Here's what it looks like it's doing in the ldap logs:  1. There's a 
>>> login as cn=Manager, which searches for the root account, and then 
>>> for a bunch of gidNumbers.  It then searches for the machine$ with a 
>>> sambaSamAccount objectclass, and exits.
>>> 2. It then reconnects anonymously and searches for machine$ and 
>>> MACHINE$ twice (no results).
>>> 3. After that it connects again as cn=Manager and and searches for 
>>> the machine$ under posixAccount (still no restuls).  It then finally 
>>> adds the entry for machine$  but without the sambaSamAccount 
>>> objectclass.
>>> After that there are no more LDAP queries.   What could be causing 
>>> the error I'm getting?
>> If you have a Machines= suffix different as the Users= suffix, the 
>> problem is in the ldap.conf settings. Nothing to do with the 
>> smbldap-tools. The smbldap-tools creates only a posix entry in the 
>> Machines tree, leaving to samba the addition of the SambaSamAccount 
>> class to the machine entry. The problem is that Samba relies in the 
>> ldap.conf config to search for the machine account. Usually, you have 
>> only a search here for the users account. The trick is to add a 
>> second nss_base_password line pinting to the machines tree of LDAP. 
>> And then works.
> Yeah,  I read about that earlier and changed my  nss_base_password 
> line to read:
> nss_base_passwd       dc=pca-wichita,dc=com?sub
> (that is my base dn).  The problem is that in the slapd logs,  the 
> LAST thing happens before I get the error is samba ADDS the posix 
> machine account.  It does nothing after that. Here's the slapd log of 
> all operations of the last connection before the error occurs:
> conn=9996 fd=18 ACCEPT from IP= (IP=
> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE 
> ssf=0
> conn=9996 op=0 RESULT tag=97 err=0 text=
> conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
> filter="(&(objectClass=posixAccount)(uid=melisa$))"
> conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=9996 op=2 SRCH 
> base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
> filter="(objectClass=sambaUnixIdPool)"
> conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
> conn=9996 op=3 MOD attr=uidNumber
> conn=9996 op=3 RESULT tag=103 err=0 text=
> conn=9996 op=3 RESULT tag=103 err=0 text=
> conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
> filter="(uidNumber=1108)"
> conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
> conn=9996 op=5 RESULT tag=105 err=0 text=
> conn=9996 op=5 RESULT tag=105 err=0 text=
> conn=9996 op=6 UNBIND
> conn=9996 fd=18 closed
> As soon as it ADDs the machine account,  it doesn't try to modify it's 
> objectClass, or anything like that. What's going on here?

More information about the samba mailing list