[Samba] smbldap-tools not playing nice w/ samba ?

Ben Davis ben at xsusio.com
Thu Apr 7 18:10:56 GMT 2005


I tried this and it still did not work.  The problem as far as I can 
tell is that samba is not even attempting to search for the user after 
it adds it.  The very last operations in my slapd.log after the error 
occured,  were:

conn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=20539 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=20539 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=20539 op=3 MOD attr=uidNumber
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1109)"
conn=20539 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=6 UNBIND
conn=20539 fd=32 closed

So, according to this,  samba searches for the machine,  and when it 
doesn't find it, it adds the machine successfully to the LDAP 
directory,  and that is the last thing that happens.

Any idea what's going on?



Joaquin Villanueva wrote:

> I had the same problem here. The change you've made was the same. 
> Going up to the root level of LDAP and set a sub search. No way. The 
> solution was to put TWO nss_base_passwd lines:
>
> nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
> nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
>
> Try it and let me know...
>
> Ben Davis wrote:
>
>> Joaquin wrote:
>>
>>> Ben Davis wrote:
>>>
>>>> Please help!
>>>>
>>>> I'm having a difficult time getting a machine to join my domin.  
>>>> Samba sucessfully adds the machine account using the 
>>>> smbldap-useradd -w script,  but I get the error "The user name 
>>>> could not be found".
>>>>
>>>> Here's what it looks like it's doing in the ldap logs:  1. There's 
>>>> a login as cn=Manager, which searches for the root account, and 
>>>> then for a bunch of gidNumbers.  It then searches for the machine$ 
>>>> with a sambaSamAccount objectclass, and exits.
>>>>
>>>> 2. It then reconnects anonymously and searches for machine$ and 
>>>> MACHINE$ twice (no results).
>>>> 3. After that it connects again as cn=Manager and and searches for 
>>>> the machine$ under posixAccount (still no restuls).  It then 
>>>> finally adds the entry for machine$  but without the 
>>>> sambaSamAccount objectclass.
>>>>
>>>> After that there are no more LDAP queries.   What could be causing 
>>>> the error I'm getting?
>>>
>>>
>>>
>>> If you have a Machines= suffix different as the Users= suffix, the 
>>> problem is in the ldap.conf settings. Nothing to do with the 
>>> smbldap-tools. The smbldap-tools creates only a posix entry in the 
>>> Machines tree, leaving to samba the addition of the SambaSamAccount 
>>> class to the machine entry. The problem is that Samba relies in the 
>>> ldap.conf config to search for the machine account. Usually, you 
>>> have only a search here for the users account. The trick is to add a 
>>> second nss_base_password line pinting to the machines tree of LDAP. 
>>> And then works.
>>>
>> Yeah,  I read about that earlier and changed my  nss_base_password 
>> line to read:
>>
>> nss_base_passwd       dc=pca-wichita,dc=com?sub
>>
>> (that is my base dn).  The problem is that in the slapd logs,  the 
>> LAST thing happens before I get the error is samba ADDS the posix 
>> machine account.  It does nothing after that. Here's the slapd log of 
>> all operations of the last connection before the error occurs:
>>
>> conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
>> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
>> conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE 
>> ssf=0
>> conn=9996 op=0 RESULT tag=97 err=0 text=
>> conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
>> filter="(&(objectClass=posixAccount)(uid=melisa$))"
>> conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
>> conn=9996 op=2 SRCH 
>> base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
>> filter="(objectClass=sambaUnixIdPool)"
>> conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
>> conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
>> conn=9996 op=3 MOD attr=uidNumber
>> conn=9996 op=3 RESULT tag=103 err=0 text=
>> conn=9996 op=3 RESULT tag=103 err=0 text=
>> conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
>> filter="(uidNumber=1108)"
>> conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
>> conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
>> conn=9996 op=5 RESULT tag=105 err=0 text=
>> conn=9996 op=5 RESULT tag=105 err=0 text=
>> conn=9996 op=6 UNBIND
>> conn=9996 fd=18 closed
>>
>>
>> As soon as it ADDs the machine account,  it doesn't try to modify 
>> it's objectClass, or anything like that. What's going on here?
>>
>



More information about the samba mailing list