[Samba] LDAP - Can't add machine

[Thomas Heiligenmann]

Mchristianjr at nbhandy.com schrieb:
> Ok, I'm pretty much following the book Samba 3 by Example and I've run into
> a few problems.
> 
> I can't add a machine account:
> # net rpc join -U Administrator%SECRET
> Create of workstation account failed
> Unable to join domain HANDY_AUTH.
> 

Have you added the privileges:

net rpc rights "HANDY_AUTH\Administrator" \
SeMachineAccountPrivilege \
-U Administrator%SECRET

for the whole group:

net rpc rights "HANDY_AUTH\Domain Admins" \
SeMachineAccountPrivilege \
-U Administrator%SECRET

(Docu available in the online samba-howto)

> If I try root:
> # net rpc join -U root%SECRET
> Could not connect to server PRIMARY
> The username or password was not correct.
> 
> When I try smbpasswd -a root, I end up getting an error:
> # smbpasswd -a root
> New SMB password:
> Retype new SMB password:
> ldapsam_add_sam_account: SID 'S-1-5-21-1529261333-2934293496-63313958-1000'
> already in the base, with samba attributes
> Failed to add entry for user root.
> Failed to modify password entry for user root
> 

Maybe related to the problem below:

> Additionally, I also run into the following:
> # net groupmap list
> [2005/09/14 19:44:47, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2458)
>   ldapsam_setsamgrent: LDAP search failed: Size limit exceeded
> [2005/09/14 19:44:47, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2523)
>   ldapsam_enum_group_mapping: Unable to open passdb
> 

Check your LDAP server settings in ldap.conf if they match those in smb.conf

> I seem to get this Size Limit eror in several places, on of which is the
> web based LAM utility when clicking on the 'Groups' tab.
> 
> So somewhere along the way I've screwed up, and after trying from scratch
> several times I'm getting a little frustrated at the wasted time.  Is there
> a list of steps I can take to diagnose and resolve this issue?
> 

Google was my friend ;-)

Thomas