[Samba] Trouble adding to domain
Daniel Davidson
danield at igb.uiuc.edu
Tue Jun 5 16:35:09 GMT 2007
My problem seems to have been related to how the ldap records were set
up. Just so everyone knows the computer entry based off my config file
should look like:
# SIRGUAIN$, computer, igb.uiuc.edu
dn: uid=SIRGUAIN$,ou=computer,dc=igb,dc=uiuc,dc=edu
uid: SIRGUAIN$
sambaSID: S-none-of-yo-bidness-1000
objectClass: sambaSamAccount
objectClass: account
displayName: SIRGUAIN$
sambaAcctFlags: [W ]
sambaPwdMustChange: 9223372036854775807
sambaPwdCanChange: 1181057492
sambaNTPassword: noneyobidnesseither
sambaPwdLastSet: 1181057492
Instead of:
# lancelot1$, computer, igb.uiuc.edu
dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: lancelot1$
sn: lancelot1$
uid: lancelot1$
uidNumber: 1009
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
However smbldap-useradd created the latter. What am I doing wrong that
does this?
thanks,
Dan
On Mon, 2007-06-04 at 14:03 -0500, Daniel Davidson wrote:
> I am having trouble adding machines to domains. I enter a proper
> username and password on the windows end, the ldap server executes the
> proper script, the script executes properly, resulting in the right
> entry into ldap as shown below:
>
> # lancelot1$, computer, igb.uiuc.edu
> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: lancelot1$
> sn: lancelot1$
> uid: lancelot1$
> uidNumber: 1002
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
>
> However, the windows system does not have it join the domain, and give
> an error saying "the user name could not be found." Below is my config,
> does anyone know what would cause this?
>
>
> [global]
> netbios name = arthur
> workgroup = igbtest
> server string = igb test domain
> security = user
> encrypt passwords = yes
> local master = yes
> os level = 65
> domain master = yes
> preferred master = yes
> null passwords = no
> hide unreadable = yes
> hide dot files = yes
> domain logons = yes
> log file = /var/log/samba/log.%m
> max log size = 50
>
> add user script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
> -m "%u"
> add machine script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
> -w "%u"
> add group script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
> -p "%g"
>
> passdb backend = ldapsam:ldap://127.0.0.1/
> ldap delete dn = Yes
> ldap ssl = no
>
> ldap suffix = dc=igb,dc=uiuc,dc=edu
> ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
> ldap group suffix = ou=group
> ldap user suffix = ou=People
> ldap machine suffix = ou=computer
> ldap idmap suffix = ou=idmap
>
> [netlogon]
> path = /var/lib/samba/netlogon
> # guest ok = Yes
> browseable = no
> write list = root
>
> [homes]
> path = /home/%U
> browseable = no
> valid users = %S
> read only = no
> create mask = 0664
> directory mask = 0775
>
More information about the samba
mailing list