[Samba] Samba and LDAP: Trouble adding Win XP machines to the
domain
Edmundo Valle Neto
edmundo.valle at terra.com.br
Wed Jun 27 17:32:55 GMT 2007
mikelOn escreveu:
>> About the samba attributes, when you add a machine account the script
>> "add machine" must NOT ADD SAMBA ATTRIBUTES, only posix, samba does that
>> alone. Refer to the idealx documentation (if you really want that things
>> work properly, reading the documentation is not an option), it was
>> already discussed here and the documentation explains how to configure
>> that and how it should work.
>>
>
> I did set a debug level of 4 and what I saw was a NT_STATUS_NO_SUCH_USER (or
> something alike) but no more specific details. The machine account (posix)
> gets created automatically but the samba attributes are not added by samba.
>
A snip from an old post in the history of the list, you should expect
something like that when adding a machine with a loglevel of 3 (look,
only -w used, and samba saying that it will create the rest):
A samba log with a level 3 output:
...
[2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"testmachine$"' gave 0
...
[2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832)
ldapsam_add_sam_account: User exists without samba attributes: adding them
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
init_ldap_from_sam: Setting entry for user: testmachine$
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942)
ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database
...
>> Again, those scripts are used only by tools that create accounts trough
>> samba, like net or usrmgr, if you dont use it those lines will not be used.
>>
>
> I think you are wrong, because the "add machine script" DOES get executed
> when adding a machine to a domain.
>
OK, yes it is. I answered this without context. (I already said this
earlier, in aprevious post)
>> http://sourceforge.net/docman/display_doc.php?docid=33543&group_id=166108
>>
>
>
>> About knowing what is happening, put a log level 2 or 3 and try to join
>> a machine. Look at the logs, it should say what exit the script gave and
>> what samba tried to do.
>>
>
> I have read the documentation you point out and many other tutorials and
> howtos but I find myself in the same situation I was some days ago. I have
> even tried to install everything in three different linux distros and in one
> of them I have reinstalled everything from scratch three or four times. This
> is why I am trying alternate methods.
>
> So, samba is not doing its job and it may be because I am missing something
> but I still do not know what it is. Anyway, I can post the samba log if you
> think it is helpful to find out the source of the error.
>
Theres a LOT of things that can got wrong when using LDAP as you can
populate and use it the way YOU want, but samba expects it in a proper way.
Its recommended that you populate it using smbldap-populate.
You need to have the tools configured properly.
You need to have an user that have rights to join machines, a root
account WITH samba attributes, or another user with proper privileges
assigned by hand.
Samba must know the password of the ldap administrator to be able to
change it.
Regards.
Edmundo Valle Neto
> Thanks for the advice,
>
> Mikel
>
>
> Edmundo Valle Neto wrote:
>
>> mikelOn escreveu:
>>
>>> Hi Alex,
>>>
>>> I don´t think those modifiers would change anything but I have tried them
>>> anyway and the objectclass is still not being added.
>>>
>>> Thanks for the suggestion.
>>>
>>>
>>> Alex Crow wrote:
>>>
>>>
>>>> On Wed, 2007-06-27 at 01:42 -0700, mikelOn wrote:
>>>>
>>>>
>>>>> Hi all,
>>>>>
>>>>> I finally found where the problem is. The samba attributes are not
>>>>> being
>>>>> added when the workstation entry is created. The "sambaSamAccount"
>>>>> objectclass is missing.
>>>>>
>>>>> Why is it not being added if it is suppossed to be a windows
>>>>> workstation?
>>>>> Is
>>>>> there a bug in the "smbldap-useradd" script when invoked with the "-w"
>>>>> parameter?
>>>>>
>>>>>
>>>>>
>>>> You need both "-a" and "-m" passwd to smbldap-useradd for the samba
>>>> attributes to be added, IMHO.
>>>>
>>>> Alex
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>>
>>>>
>> Again, those scripts are used only by tools that create accounts trough
>> samba, like net or usrmgr, if you dont use it those lines will not be
>> used.
>>
>> About the samba attributes, when you add a machine account the script
>> "add machine" must NOT ADD SAMBA ATTRIBUTES, only posix, samba does that
>> alone. Refer to the idealx documentation (if you really want that things
>> work properly, reading the documentation is not an option), it was
>> already discussed here and the documentation explains how to configure
>> that and how it should work.
>>
>> http://sourceforge.net/docman/display_doc.php?docid=33543&group_id=166108
>>
>> About knowing what is happening, put a log level 2 or 3 and try to join
>> a machine. Look at the logs, it should say what exit the script gave and
>> what samba tried to do.
>>
>> Regards.
>>
>> Edmundo Valle Neto
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>>
>>
>
>
More information about the samba
mailing list