[Samba] smbldap-useradd -w problem

Czechowski, Robert czechowski.r at ei.com
Fri Mar 11 14:42:37 GMT 2005

I'm in the process of learning Samba and evaluating it as a possible
replacement for Windows NT servers in our office next year. I have set up a
small test network comprised of one NT 4 (SP6a) Workstation, one Windows
2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm
using LDAP as the passdb backend with smbldap-tools 0.8.7-1. The Windows
2000 Pro machine can join the domain on the fly without any problems, but
the NT 4 box gives me an error when I try to join on the fly: "The machine
account for this computer either does not exist or is inaccessible". In the
samba log I can see:

[2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
  ldapsam_modify_entry: Failed to modify user dn=
mists-inc,dc=com with: No such attribute
        modify/delete: sambaPrimaryGroupSID: no such value
[2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694)
  ldapsam_update_sam_account: failed to modify user with uid = nt4box$,
error: m
odify/delete: sambaPrimaryGroupSID: no such value (Success)

In the smb.conf file I have: 

add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m'

When I run ./smbldap-useradd -w 'test' by hand it creates an entry without
objectClass: sambaSamAccount:

# test$, People, economists-inc.com
dn: uid=test$,ou=People,dc=economists-inc,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test$
sn: test$
uid: test$
uidNumber: 1017
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

I don't know why smbldap-useradd -w doesn't add sambaSamAccount objectClass
and don't understand how the Windows 2000 Pro can join the domain on the fly
without it. It drives me crazy. I obviously have something misconfigured
here. HELP! :-)

More information about the samba mailing list