[Samba] Windows XP joining Samba/LDAP domain problem (User cannot be found) [SOLVED]

blessing blessingc at junkmail.co.za
Thu Aug 30 13:57:53 GMT 2007


Hi,

This was great. Here is a shorter way of doing it:
1. Change your computers base to the same as your users base in the
smbldap.conf (IDEALX scrpits config) and smb.conf (samba config)
2. Using phpldapadmin copy your existing computer accounts to the same base
as your user accounts
3. Restart samba
4.-----done----

Rgds 

Julian Pilfold-Bagwell wrote:
> 
> To anyone out there who's having problems joining their Samba/LDAP 
> domain with XP here's a solution. The main symptom is that the XP join 
> domain gui returns a "user cannot be found" error. The setup that I 
> experienced this on was configured and managed using the smbldap-tools 
> package. Usual disclaimer applies if it fails to work, you are 
> responsible for backing up your installation and no responsibility will 
> be accepted for anything.
> 
> The problem arose after I configured my servers to use the Computers 
> organisational unit in LDAP (ou=Computers) to store host names. The 
> process of a Windows/Samba domain member joining a Samba domain is a two 
> stage one as each Samba client has to have a matching Posix account in 
> the LDAP directory. After clicking OK on the client the server first 
> creates the POSIX entry and then adds the SambaSam attributes.
> 
> For whatever reason, when the ou=Computers entry was used, smbldap-tools 
> added the POSIX entry into the Computers ou but then tried to read it 
> back out from the Users ou. As the entry was non-existent in Users it 
> cannot add the Samba attributes to the POSIX side and hence windows 
> declares user cannot be found.
> 
> Some Googling revealed that you can store machine accounts in ou=Users 
> so the solution I found was as follows:
> 
> 1) Stop LDAP and Dump the directory into an ldif file using "slapcat -l 
>  > /root/userdump.ldif"
> 
> 2) Open the LDIF file in a text editor and use search and replace to 
> change all machine account entries from ou=Computers to ou=Users. Note 
> that at the top of your ldif file there's an entry that adds the 
> Computers organisational unit. Do not change this. You can probably 
> delete it but personally I just left it as it was. An easy way to only 
> change the machine name entries is to search for $,ou=Computers and 
> replace it with $,ou=Users as the computer name entries end with $ and 
> will match this pattern.
> 
> 3)  Backup your directory databases using "cp -R /var/lib/ldap /root" 
> (adjust to match your distro but this works on Redhat/Mandriva). You can 
> also create a second backup using the slapcat command and dumping the 
> ldif file to a safe place.
> 
> 4) Delete the files in the LDAP database directory, in the above case rm 
> -f /var/lib/ldap/* ,and then check the directory to make sure it's empty 
> "ls -la /var/lib/ldap".  If you had a DB_CONFIG file in there, copy it 
> back from the backup directory.
> 
> 5) Run "slapadd -v -l /root/userdump.ldif" to add the modified ldif file 
> back into LDAP. The -v forces slapadd into versbose mode so you should 
> see all the entries scrolling up the screen as they're added.
> 
> 6) Change ownership of the ldap directory and it's newly created 
> databases to user/group ldap using "chown -R ldap.ldap /var/lib/ldap" . 
> If you don't do this the server will bitch horribly when you try to 
> start it.
> 
> 7) Restart your ldap server . You should now find that the XP client 
> says welcome to the "whatever" domain when you click OK.
> 
> 
> As I say, it worked for me after I'd spent hours searching for a 
> solution without finding one. Good Luck!!
> 
> Cheers,
> 
> Jools
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 

-- 
View this message in context: http://www.nabble.com/Windows-XP-joining-Samba-LDAP-domain-problem-%28User-cannot-be-found%29--SOLVED--tf4322840.html#a12407807
Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list