[Samba] can't create workstation account

Sascha Bieler sascha.bieler at radiogong.de
Wed May 23 12:10:13 GMT 2007 

Unfortunatly this does not help also.

Still get message:

Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Using interface ppp1
Connect: ppp1 <--> /dev/pts/1
Winbind has declined authentication for user!
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Peer MUSIC\\pwm failed CHAP authentication
Connection terminated.

When trying to authenticate against SMB-Domain. Too bad... :-(


Best regards

Sascha


-----Original Message-----
From: Julian Pilfold-Bagwell [mailto:jpb at bordengrammar.kent.sch.uk] 
Sent: Wednesday, May 23, 2007 12:54 PM
To: Sascha Bieler
Cc: samba at lists.samba.org
Subject: Re: [Samba] can't create workstation account

Hi all,

Found this thread while searching for the problem you have and have 
found a cure that works for me.

Whenever joining the domain from a Windows XP machine it was only 
creating the Posix side of the account and not the sambaSamAccount 
that's required for a successful account creation. Found the following 
in another thread from 2005. Basically, change your add machine script 
in smb.conf from:

smbldap-useradd -w "%u"

to

smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false "%m"

-d sets the home directory of the machine user to "non-existant" (/dev/null)
-c sets the gecos and may not be strictly necessary (haven't tried without)
-s disables sets a non-existent login shell

and most importantly, %m sets the account name to the correct machine 
name parameter, not user name.

Ironically, if I now run:

 smbldap-usershow jpb-laptop$

after successfully connecting my laptop to the domain, I get no entry 
returned. Slapcat'ing  my ldap database however, shows the machine 
account with all the correct Samba and Posix entries and logins work 
fine. Let me know if this works for you and post it as [Solved] if it does.

Cheers,

Jools

Sascha Bieler wrote:
>> `/usr/sbin/smbldap-useradd -w "blackhawk$"' gave 9
>>     
>
>   
>> The command smbldap-useradd exit with exit code 9, which means error.
>> It should exit with error 9, try running something like this:
>>     
>
> I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see:
>
> dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: blackhawk$
> sn: blackhawk$
> uid: blackhawk$
> uidNumber: 1016
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409
> creatorsName: cn=admin,dc=audio,dc=de
> createTimestamp: 20070521123527Z
> entryCSN: 20070521123527Z#000001#00#000000
> modifiersName: cn=admin,dc=audio,dc=de
> modifyTimestamp: 20070521123527Z
>
>
>   
>> /usr/sbin/smbldap-useradd -w "test123$" and see if there is an error
>>     
> No error and account is added like this:
> dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: blackhawk$
> sn: blackhawk$
> uid: blackhawk$
> uidNumber: 1017
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409
> creatorsName: cn=admin,dc=audio,dc=de
> createTimestamp: 20070522075607Z
> entryCSN: 20070522075607Z#000001#00#000000
> modifiersName: cn=admin,dc=audio,dc=de
> modifyTimestamp: 20070522075607Z
>
>
> While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong.
>
> Thanks for helping and thinking!
>
> Sascha
>
>

More information about the samba mailing list