[Samba] samba ldap domain join

lenny at edpausa.com lenny at edpausa.com
Wed May 17 14:08:07 GMT 2006


still haven't found any resolution for this problem. I tried using a "-t"
parameter with smbldap-passwd, but that didn't make any difference. The
debug output still shows that it simply can't find the created computer
account, eventhough it creates it the right ou.

I wish there was a way to no have to deal with computer accounts at all.

here's the relevant part of debug output. machine name is cia.

 Finding user cia$
  Trying _Get_Pwnam(), username as lowercase is cia$
  Checking combinations of 0 uppercase letters in cia$
  Get_Pwnam_internals didn't find user [cia$]!
  _samr_create_user: Running the command
`/usr/local/samba/sbin/smbldap-useradd -t 5 -n -d /dev/null -s
/bin/false -w "cia"' gave 0
  Finding user cia$
  Trying _Get_Pwnam(), username as lowercase is cia$
  Checking combinations of 0 uppercase letters in cia$
  Get_Pwnam_internals didn't find user [cia$]!
  cia (192.168.1.94) closed connection to service IPC$



some other relevant config parts. ( the actual config files have correct
dns) ).

Domain Admins (S-1-5-21-572523613-314456280-397268875-512) -> sambaadmins
Domain Users (S-1-5-21-572523613-314456280-397268875-513) -> admins
Domain Guests (S-1-5-21-572523613-314456280-397268875-514) -> users
Domain Computers (S-1-5-21-572523613-314456280-397268875-515) -> guests

----
init_sam_from_ldap: Entry found for user: administrator
Home server: brutus
Home server: brutus
---------------
Unix username:        administrator
NT username:          administrator
Account Flags:        [U          ]
User SID:             S-1-5-21-572523613-314456280-397268875-500
Primary Group SID:    S-1-5-21-572523613-314456280-397268875-1041
Full Name:            administrator
Home Directory:       \\brutus\administrator
HomeDir Drive:
Logon Script:
Profile Path:         \\brutus\administrator\profile
Domain:               LDAPAUTH
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 EST
Kickoff time:         Mon, 18 Jan 2038 22:14:07 EST
Password last set:    Mon, 15 May 2006 10:00:52 EDT
Password can change:  Mon, 08 May 2006 14:39:02 EDT
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

------------------

>
>
> smb.conf
>
>   add user script = /usr/local/samba/sbin/smbldap-useradd -n "%u"
>    add machine script = /usr/local/samba/sbin/smbldap-useradd -n -d
> /dev/null -s /bin/false -w "%m"
>
          ldap suffix = dc=mydomain,dc=com
>         ldap admin dn = "cn=Directory Manager"
>         ldap group suffix = ou=groups,dc=mydomain,dc=com
>         ldap idmap suffix = ou=idmap,dc=mydomain,dc=com
>         ldap machine suffix =ou=computers,dc=mydomain,dc=com
>         ldap ssl = no
>         ldap user suffix = ou=people
>         idmap backend = ldapsam:ldap://myldapserver
>         idmap uid = 10000-30000
>         idmap gid = 10000-30000

> smb-ldap.conf
>
> suffix="dc=mydomain,dc=com"
>
> usersdn="ou=People,${suffix}"
> computersdn="ou=computers,${suffix}"
> groupsdn="ou=Groups,${suffix}"
> idmapdn="ou=idmap,${suffix}"
> sambaUnixIdPooldn="sambaDomainName=LDAPAUTH,${suffix}"







More information about the samba mailing list