[Samba] samba with ldapsam: first "net join" always fails, second succeeds

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Tue Sep 12 12:00:28 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/08/2006 05:26 AM, Helge Bahmann escreveu:
> Created an "add machine" script that basically looks for an unused
> uid/rid, and then creates a stub LDAP entry for the machine; the first
> time I issue "net join", the script is invoked and creates the LDAP entry
> correctly, but the join operation fails nevertheless:
> 
> f1sa:~# net -U winadmin join
> winadmin's password:
> [2006/09/08 10:19:40, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: No results returned
> Creation of workstation account failed
> Unable to join domain FAK1.
> 
> The following log file entries are generated for this operation:
> 
> SASL/GSSAPI authentication started
> SASL username: samba/f1sa.mathe.tu-freiberg.de at MATHE.TU-FREIBERG.DE
> SASL SSF: 56
> SASL installing layers
> [2006/09/08 09:53:15, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1781)
>   ldapsam_add_sam_account: User 'f1sa$' already in the base, with samba
> attribut
> es
> [2006/09/08 09:53:15, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
>   could not add user/computer f1sa$ to passdb.  Check permissions?
> 
> (the SASL/GSSAPI part is the output from my add machine script; basically
> I see here that it is working correctly)

	Ok, AIUI, you are adding "machine information" to an account
that already exists?


> However when I call "net join" a second time:
> 
> f1sa:~# net -U winadmin join
> winadmin's password:
> [2006/09/08 10:22:16, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: No results returned
> Joined domain FAK1.
> 
> It succeeds, the LDAP entry is updated accordingly and nothing is logged
> 
> Can someone tell me what is wrong here, or where I should have done
> something differently?

	If the answer to the question I made above is "yes", then
the second try to join the domain will find the correct fields
and will be able to join the machine, I'm not sure why the first
try didn't suceed but I have a strong feeling that it is related
with the fact of messing with already existing accounts.


> (Samba version is 3.0.14a from debian sarge)
> Best regards

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFBqFcCj65ZxU4gPQRAgLAAKDHH+rAWRqPkx8AMBvE0J4yodPrdgCfcmvi
xpJrCJKFECs25Yn7Yexy8DI=
=b7Pg
-----END PGP SIGNATURE-----

More information about the samba mailing list