[Samba] ldap and computer accounts

Alex Crow acrow at integrafin.co.uk
Wed Aug 22 11:51:40 GMT 2007 

On Tue, 2007-08-21 at 21:17 +0200, Markus Baertschi wrote:
> I'm attemtping to configure a Ubuntu server for a bunch of windows clients.
> I'd like the authentication information to be in ldap.So far the stuff
> works,
> I can authenticate users in LDAP just fine.
> 
> But when I want a windows machine to join the domain I get the
> error 'The user name could not be found'. The computer account
> gets created (via smbldap-tools) and I can see it in the ldap.
> The samba log shows what's happening, when id can not find
> the account it creates it and fails when it can not find the freshly
> created account. Unfortunately the log is net very helpful to point
> find out what is wrong:
> -------------------
> [2007/08/20 20:28:55, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [WINXP1$]!
> [2007/08/20 20:28:56, 3] passdb/pdb_interface.c:pdb_default_create_user(368)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w
> "winxp1$"' gave 0
> [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_alloc(131)
>   Finding user WINXP1$
> [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(75)
>   Trying _Get_Pwnam(), username as lowercase is winxp1$
> [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(83)
>   Trying _Get_Pwnam(), username as given is WINXP1$
> [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(102)
>   Checking combinations of 0 uppercase letters in winxp1$
> [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [WINXP1$]!
> [2007/08/20 20:28:56, 3] passdb/pdb_interface.c:pdb_default_create_user(384)
>   pdb_default_create_user: failed to create a new user structure:
> NT_STATUS_NO_SUCH_USER
> [2007/08/20 20:28:56, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 samr_io_r_create_user
> ------------------
> 
> How can I debug and fix this situation ?
> 
> Markus
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi Markus,

I create subtrees under an Accounts ou for computers and users - it's
nice to keep them separate.

smb.conf:

ldap suffix = dc=ifa,dc=net
ldap machine suffix = ou=Computers,ou=Accounts
ldap user suffix = ou=People,ou=Accounts
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
delete user script = /opt/IDEALX/sbin/smbldap-userdel %u
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'
delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '%
g'
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%
u' '%g'
enable privileges = Yes
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'

/etc/ldap.conf
nss_base_passwd ou=Accounts,dc=ifa,dc=net?sub
nss_base_shadow ou=Accounts,dc=ifa,dc=net?sub
nss_base_group  ou=Groups,dc=ifa,dc=net?one

notice the ?sub at the end.

smbldap.conf
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=People,ou=Accounts,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=Computers,ou=Accounts,${suffix}"

This works transparently from windows without having to add accounts in
another tool.

Cheers

Alex
--

More information about the samba mailing list