[Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines a problem

Dan samba at the-rusty-nail.com
Fri Feb 10 19:20:09 GMT 2006


I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b 
to try and fix a browse issue with Windows 2003 Server and linux samba 
servers.  The browse issue was fixed, but now I am having problems 
adding machines to the network.  I run slackware 10.0 linux with an 
openldap backend which has worked fine until now.  I also upgraded the 
samba tools from idealx.org to the latest version.  First when I went to 
add a machine it would bomb out and when I would check the ldap 
directory I noticed it had the posix machine info but not the samba 
machine info.  To add the machine I am using the command

add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'

in my smb.conf as specified in the example.  I then looked at the 
smbldap-useradd script and realized that the add_samba_machine call from 
the tools.pm file was never getting called anywhere in the scripts so 
maybe this is incorrect but I added the following to the smbldap-useradd 
script:

   if (defined($Options{'w'})) {
       if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
         die "$0: error while adding samba account\n";
         }
   }

right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {

   #print "About to create machine $userName:\n";

   if (!add_posix_machine 
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
     die "$0: error while adding posix account\n";
   }

so that the rest of the ldap info was getting filled in.  It still would 
bomb out on me with the error "The user name could not be found" but it 
did make a difference.  Leaving the new ldap entry alone I would then 
try and add the machine again and it would work so I am not sure what is 
wrong.  I checked the machine entry in ldap before and after and nothing 
much seems to have changed.  I checked the samba logs and the user 
adding to the domain comes back as authenticated so I am at a loss as to 
why it would fail the first time and not the second.

Now most likely I am doing something else wrong as I can't imagine I 
should have to change the scripts but I haven't come across what it is. 
  Has anyone seen this behavior before?

Any help is greatly appreciated thanks.

Dan,

Below is the global section of my smb.conf:

[global]

    workgroup=MYDOMAIN

    netbios name=MYDOMAIN_PDC

    admin users = administrator

    server string = MY PDC

    security = user

    load printers = yes
;   printcap name = /etc/printcap
;   print command = lpr -r -P%p %s
;   printing = lprng

;   printcap name = cups

;   printing = cups

;   show add printer wizard = yes

    log file = /var/log/samba/log.%m

    max log size = 10000

    ldap ssl = on
    passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636

    ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=users
    ldap suffix = dc=home,dc=mydomain,dc=org
    ldap delete dn = no
    add user script = /usr/local/sbin/smbldap-useradd -m '%u'
    delete user script = /usr/local/sbin/smbldap-userdel %u
    add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
    delete group script = /usr/local/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' 
'%g'
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
'%u' '%g'
    set primary group script = /usr/local/sbin/smbldap-usermod -g '%u' '%g'
    add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'


    ldap passwd sync = Yes
    idmap uid = 15000-20000
    idmap gid = 15000-20000
    idmap backend = ldap:ldaps://ldap.mydomain.org:636
    username map = /etc/samba/smbusers

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    os level = 128

    domain master = yes

    domain logons = yes

    local master = yes

    preferred master = yes

    logon script = logon.bat
    encrypt passwords = yes
    unix password sync = no
    passwd program = /usr/local/sbin/smbldap-passwd -o %u
    logon path = c:\Documents and Settings\%U

    remote announce = 10.1.0.255
    remote browse sync = 10.1.0.255
    wins support = yes
    map to guest = Never
    nt acl support = true



More information about the samba mailing list