[Samba] can't create workstation account
Sascha Bieler
sascha.bieler at radiogong.de
Wed May 23 12:10:13 GMT 2007
Unfortunatly this does not help also.
Still get message:
Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Using interface ppp1
Connect: ppp1 <--> /dev/pts/1
Winbind has declined authentication for user!
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Peer MUSIC\\pwm failed CHAP authentication
Connection terminated.
When trying to authenticate against SMB-Domain. Too bad... :-(
Best regards
Sascha
-----Original Message-----
From: Julian Pilfold-Bagwell [mailto:jpb at bordengrammar.kent.sch.uk]
Sent: Wednesday, May 23, 2007 12:54 PM
To: Sascha Bieler
Cc: samba at lists.samba.org
Subject: Re: [Samba] can't create workstation account
Hi all,
Found this thread while searching for the problem you have and have
found a cure that works for me.
Whenever joining the domain from a Windows XP machine it was only
creating the Posix side of the account and not the sambaSamAccount
that's required for a successful account creation. Found the following
in another thread from 2005. Basically, change your add machine script
in smb.conf from:
smbldap-useradd -w "%u"
to
smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false "%m"
-d sets the home directory of the machine user to "non-existant" (/dev/null)
-c sets the gecos and may not be strictly necessary (haven't tried without)
-s disables sets a non-existent login shell
and most importantly, %m sets the account name to the correct machine
name parameter, not user name.
Ironically, if I now run:
smbldap-usershow jpb-laptop$
after successfully connecting my laptop to the domain, I get no entry
returned. Slapcat'ing my ldap database however, shows the machine
account with all the correct Samba and Posix entries and logins work
fine. Let me know if this works for you and post it as [Solved] if it does.
Cheers,
Jools
Sascha Bieler wrote:
>> `/usr/sbin/smbldap-useradd -w "blackhawk$"' gave 9
>>
>
>
>> The command smbldap-useradd exit with exit code 9, which means error.
>> It should exit with error 9, try running something like this:
>>
>
> I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see:
>
> dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: blackhawk$
> sn: blackhawk$
> uid: blackhawk$
> uidNumber: 1016
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409
> creatorsName: cn=admin,dc=audio,dc=de
> createTimestamp: 20070521123527Z
> entryCSN: 20070521123527Z#000001#00#000000
> modifiersName: cn=admin,dc=audio,dc=de
> modifyTimestamp: 20070521123527Z
>
>
>
>> /usr/sbin/smbldap-useradd -w "test123$" and see if there is an error
>>
> No error and account is added like this:
> dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: blackhawk$
> sn: blackhawk$
> uid: blackhawk$
> uidNumber: 1017
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409
> creatorsName: cn=admin,dc=audio,dc=de
> createTimestamp: 20070522075607Z
> entryCSN: 20070522075607Z#000001#00#000000
> modifiersName: cn=admin,dc=audio,dc=de
> modifyTimestamp: 20070522075607Z
>
>
> While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong.
>
> Thanks for helping and thinking!
>
> Sascha
>
>
More information about the samba
mailing list