[Samba] smbldap-tools not playing nice w/ samba ?
Joaquin Villanueva
joaquin at liga-acb.es
Thu Apr 7 15:08:34 GMT 2005
I had the same problem here. The change you've made was the same. Going
up to the root level of LDAP and set a sub search. No way. The solution
was to put TWO nss_base_passwd lines:
nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
Try it and let me know...
Ben Davis wrote:
> Joaquin wrote:
>
>> Ben Davis wrote:
>>
>>> Please help!
>>>
>>> I'm having a difficult time getting a machine to join my domin.
>>> Samba sucessfully adds the machine account using the smbldap-useradd
>>> -w script, but I get the error "The user name could not be found".
>>>
>>> Here's what it looks like it's doing in the ldap logs: 1. There's a
>>> login as cn=Manager, which searches for the root account, and then
>>> for a bunch of gidNumbers. It then searches for the machine$ with a
>>> sambaSamAccount objectclass, and exits.
>>>
>>> 2. It then reconnects anonymously and searches for machine$ and
>>> MACHINE$ twice (no results).
>>> 3. After that it connects again as cn=Manager and and searches for
>>> the machine$ under posixAccount (still no restuls). It then finally
>>> adds the entry for machine$ but without the sambaSamAccount
>>> objectclass.
>>>
>>> After that there are no more LDAP queries. What could be causing
>>> the error I'm getting?
>>
>>
>> If you have a Machines= suffix different as the Users= suffix, the
>> problem is in the ldap.conf settings. Nothing to do with the
>> smbldap-tools. The smbldap-tools creates only a posix entry in the
>> Machines tree, leaving to samba the addition of the SambaSamAccount
>> class to the machine entry. The problem is that Samba relies in the
>> ldap.conf config to search for the machine account. Usually, you have
>> only a search here for the users account. The trick is to add a
>> second nss_base_password line pinting to the machines tree of LDAP.
>> And then works.
>>
> Yeah, I read about that earlier and changed my nss_base_password
> line to read:
>
> nss_base_passwd dc=pca-wichita,dc=com?sub
>
> (that is my base dn). The problem is that in the slapd logs, the
> LAST thing happens before I get the error is samba ADDS the posix
> machine account. It does nothing after that. Here's the slapd log of
> all operations of the last connection before the error occurs:
>
> conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE
> ssf=0
> conn=9996 op=0 RESULT tag=97 err=0 text=
> conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2
> filter="(&(objectClass=posixAccount)(uid=melisa$))"
> conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=9996 op=2 SRCH
> base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0
> filter="(objectClass=sambaUnixIdPool)"
> conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
> conn=9996 op=3 MOD attr=uidNumber
> conn=9996 op=3 RESULT tag=103 err=0 text=
> conn=9996 op=3 RESULT tag=103 err=0 text=
> conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2
> filter="(uidNumber=1108)"
> conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
> conn=9996 op=5 RESULT tag=105 err=0 text=
> conn=9996 op=5 RESULT tag=105 err=0 text=
> conn=9996 op=6 UNBIND
> conn=9996 fd=18 closed
>
>
> As soon as it ADDs the machine account, it doesn't try to modify it's
> objectClass, or anything like that. What's going on here?
>
More information about the samba
mailing list