[Samba] problems xp joining samba pdc

Mike mikee at mikee.ath.cx
Mon Sep 18 12:23:40 GMT 2006


I have three machines, two xp and one win2k, that join the samba pdc fine.
I have tried to join others to this same samba pdc using the same
accounts for authentication without success. The xp machine first says
the user does not exist, I click ok and go back to the screen for the
domain account authorized to join the domain and press ok (or next) again
and this time the xp box says the user already exists.

I think something is having an issue with the machine$ accounts in ldap.
I added a '-t 5' in smb.conf to the smbadd-useradd command for adding
a machine. I could tell a longer time before the first messages (missing
user) is returned, but I still have the same final situation with the
xp box not being a part of the samba pdc.

Any ideas?


fedora core 5 with all patches
$ uname -a
Linux elo.company.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux
$ rpm -qa | grep samba

------------------------------------ /etc/samba/smb.conf

# Samba config file created using SWAT
# from (
# Date: 2006/08/03 15:11:35

	security = USER
	client plaintext auth = Yes
	client lanman auth = Yes
	encrypt passwords = Yes
	lanman auth = No
	ntlm auth = Yes
	password level = 0
	guest account = nobody
	#admin users = manager, root, mikee, jrc, bdhein
	admin users = 
	hosts allow = 10.1.2., 10.1.3.
	cups options = raw
	wins support = yes
	usershare allow guests = yes

	workgroup = PWI
	netbios aliases = loghost, mailhost, backuphost, ldaphost
	server string = Samba Server (%h)
	logon drive = P:
	logon home = \\%N\%U
	logon path = \\%N\%U\profile
	logon script = /etc/samba/login.bat
	ldap suffix = dc=company,dc=com
	ldap admin dn = cn=manager,dc=company,dc=com
	ldap user suffix = ou=people
	ldap group suffix = ou=groups
	ldap machine suffix = ou=machines
	ldap ssl = off
	ldapsam:trusted = Yes
	ldap timeout = 15
	utmp directory = /var/run
	wtmp directory = /var/log
	utmp = Yes

	password server = ldaphost.company.com
	passdb backend = ldapsam:ldap://ldaphost.company.com
	ldap passwd sync = Yes
	#unix password sync = Yes
	#passwd program = /usr/sbin/smbldap-passwd %u
	#passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n"
	#passwd chat debug = Yes

	os level = 66
	preferred master = Yes
	local master = Yes
	domain master = Yes
	domain logons = Yes
	allow trusted domains = Yes
	dns proxy = No

#	log level = 255
#	log level = 4
#	log level = 3 ldap:10 passdb:10 auth:10 winbind:10
	log level = 3
	log file = /var/log/samba/%m.log
	max log size = 500


	#add user script = /usr/sbin/smbldap-useradd -m '%u'
	add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D 'H:' -M "%u at company.com" %u
	delete user script = /usr/sbin/smbldap-userdel %u
	add group script = /usr/sbin/smbldap-groupadd -p '%g'
	delete group script = /usr/sbin/smbldap-groupdel '%g'
	add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
	delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
	#add machine script = /usr/sbin/smbldap-useradd -w '%u'
	#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
	add machine script = /usr/sbin/smbldap-useradd -w -i '%u' -t 5

	path = /etc/samba/netlogon
	browseable = No
	writable = Yes

	comment = Home Directories
	read only = No
	guest ok = No
	browseable = No

	comment = All Printers
	path = /usr/spool/samba
	printable = Yes
	browseable = No

	comment = Company Corporate Files
	path = /opt/company
	create mask = 0765
	browseable = Yes
	printable = No

	comment = Backup files are stored here
	path = /opt/backups
	browseable = Yes
	printable = No

	comment = Storage for support and other data.
	path = /opt/data
	browseable = Yes
	printable = No

	comment = Company Cygwin Repositiory
	path = /opt/cygwin
	browseable = Yes
	printable = No
	guest ok = Yes
	guest only = No
	writeable = No
	read only = Yes
------------------------------------ /etc/samba/smb.conf

More information about the samba mailing list