[Samba] Cannot join Win XP SP2 client to domain
jbaker at glastender.com
Tue May 15 19:42:28 GMT 2007
I have some more info:
I CD'd into my SMB-LDAP scripts directory (the IdealX scripts) and ran
/./smbldap-useradd -w test$ /and received the following error:
Could not find base dn, to get next uidNumber at
/etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283.
I would have to believe the reason I cannot add a machine to the domain
remotely from the client is because of this script failing (see smb.conf)
unix charset = LOCALE
workgroup = mydomain
netbios name = myserver
server string = Domain Controller running %v
interfaces = eth1, lo
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://myserver"
ldap passwd sync = Yes
ldap suffix = dc=myserver,dc=com
ldap admin dn = cn=Manager,dc=myserver,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script =
/etc/smbldap-tools/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
set primary group script =
/etc/smbldap-tools/smbldap-usermod -g "%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 1
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
template shell = /bin/false
winbind use default domain = no
5400 North Michigan Road
Saginaw, Michigan 48604 USA
Phone: 989.752.4275 ext. 228
-----BEGIN GEEK CODE BLOCK-----
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
------END GEEK CODE BLOCK------
Thomas Ußmüller wrote:
> Dear Jason,
> Thanks a lot. This solved my problem.
> When creating the user and machine accounts directly with LDAP
> everything works fine. But when either trying to directly connect the
> machine (i.e. without creating the account manually) or when using the
> User Manager for domains, it doesn't work.
> I have noticed that the smbldap script create the accounts in my
> directory. But interestingly the SambaSamAccount objectclass is not
> added by the scripts. Is this behaviour normal? Shall the scripts or
> samba add the attributes?
> I think one possible solution might be to modify the scripts, so that
> they add the needed objectclass/ attributes. What do the others in the
> group think about that solution?
> Maybe you can tell me a bit more about your server. Which backend do
> you use? Do you use the smbldap scripts as well? Maybe we can find the
> similarities in our machines which cause the problem and fix it.
> Jason Baker schrieb:
>>> When trying to join the client to the domain I get an error message
>>> that the user does not exist (although connecting to the shares
>>> works with this username). Furthermore the user has the
>>> SeMachineAccountPrivilege set.
>> I had this same problem. I ended up creating the machine accounts via
>> the LDAP Account Manager. I never did figure out why I cannot add a
>> machine to the domain through the Windows Network ID Wizard. Have you
>> tried to create the machine account manually on the server, and then
>> join the machine to the domain?
More information about the samba