[Samba] SAMBA + LDAP + add machine script bug?

Keith Robertson keithro at gmail.com
Mon Jan 24 17:03:30 GMT 2005

Recently I was having some trouble getting the "add machine" script to
work with samba-3.0.10.  Initially, I attempted to add a Windoze XP
box (i.e. Control Panel ->System -> Computer Name tab) to my domain
with a user ID of "root".  This would always fail because there was no
user named "root" in "ou=Users,dc=somedomain,dc=org".  Next, I tried
to add the XP box with a user named "Administrator".  Samba would add
the computer to "ou=Computers,dc=somedomain,dc=org" but still fail and
would return an error back to the XP box "The user name could not be

I turned some tracing on in Samba and plowed through some Samba source
and discovered that Samba is attempting to do a "getpwnam" on the
newly added computer name.  In short, first it does:
1. /var/lib/samba/sbin/smbldap-useradd.pl -w 'computer_name$'
2. Then it does getpwnam("computer_name$")

The problem is that the second step kept failing because my ldap.conf
did not list "ou=Computers,dc=somedomain,dc=org" as a naming context
for nss_base_passwd.  I updated /etc/ldap.conf to the following and
was able to successfully add the computer:

nss_base_passwd         ou=Users,dc=somedomain,dc=org?one
nss_base_passwd         ou=Computers,dc=somedomain,dc=org?one # This
line was added
nss_base_shadow         ou=Users,dc=somedomain,dc=org?one
nss_base_group          ou=Group,dc=somedomain,dc=org?one

Is this a bug?  Should samba be searching the password database for a
computer (i.e. getent passwd)?  Shouldn't it just perform a straight
search of "ou=Computers,dc=somedomain,dc=org"?

More information about the samba mailing list