[Samba] Joining Domain on Solaris,
Get_Pwnam_internals didn't find user
Thomas Maschutznig
tmaschutznig at new10.com
Tue May 9 15:52:07 GMT 2006
Hi
I am running samba 3.0.22 on Solaris 10 x86, using a Sun Directory
Server as ldapsam backend. The samba schema used is the recent version
from .22, and I am using the IDEALX smbldap-tools 0.9.2.
I split users, computers and groups into 3 different OUs and configured
samba, smbldap-tools and Solaris ldapclient respectively.
smb.conf:
ldap suffix = dc=new10,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 0 -w "%u"
(I also tried -w "%m")
smbldap.conf:
suffix="dc=new10,dc=com"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
scope="sub"
ldapclient profile:
serviceSearchDescriptor: group:ou=Groups,dc=new10,dc=com?sub
serviceSearchDescriptor:
passwd:ou=Users,dc=new10,dc=com?sub;ou=Computers,dc=new10,dc=com?sub
nsswitch points to files and ldap for group and passwd.
When I try to join a Win2k SP3 or WinXP SP2 to the Domain, it says it
"The username could not be found" - in smbd.log I see
"Get_Pwnam_internals didn't find user [sambaclient$]!"
However, getent and id do find the user right after this failed join:
# getent passwd|grep -i sambaclient
sambaclient$:x:2018:515:Computer:/dev/null:/bin/false
# id -a sambaclient$
uid=2018(sambaclient$) gid=515(Domain Computers) groups=515(Domain
Computers)
and there is indeed a posixAccount entry in ou=Computers, lacking
sambaSamAccount:
http://kaneda.flakcannon.org/samba3/sambaclient_first.ldif
If I try to join the same PC a second time, it succeeds and the entry in
ou=Computers gets sambaSamAccount. Domain users can login fine on the PC
then:
http://kaneda.flakcannon.org/samba3/sambaclient_second.ldif
I can add the machine by running "smbldap-useradd -t 0 -w sambaclient"
fine without any error.
I have logged at level 10, the log files can be found here:
http://kaneda.flakcannon.org/samba3/smbd.log
http://kaneda.flakcannon.org/samba3/sambaclient.log
From the sambaclient.log it looks like the search right after running
smbldap-useradd fails. I checked the LDAP server access log and I cannot
find any search after the "ADD DN", see the access log here:
http://kaneda.flakcannon.org/samba3/sun_ldap_access.log
I am a bit clueless why the first join always fails because of not
finding the computer account which seems to have just been added.
Did I miss something?
cheers,
thomas
More information about the samba
mailing list