[Samba] Can not add machine to the domain

Chris Boyd chris.boyd at usit.ie
Wed May 23 15:22:14 GMT 2007 

Running samba-3.0.24 with ldap on debian etch. 
Whenever I try to add an xp pro machine to the domain I get (on the pc) "the
username can not be found". I'm loggin in as admin. In the samba log I get
(for this pc) 
 
" passdb/pdb_interface.c:pdb_default_create_user(368)
  _samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127" 

I changed disabled the digital encryption for domain on the xp box in
security policy.
I can add the machine from the debian command line with no problems. 
 
Here is the smb.conf
 
[global]

workgroup = usit

server string = %h server

dns proxy = no

interfaces = 127.0.0.0/8 eth0

log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d

encrypt passwords = true

passdb backend = ldapsam:ldap://10.133.1.21

ldap suffix = dc=usit,dc=ie

ldap machine suffix = ou=machines

ldap user suffix = ou=users

ldap group suffix = ou=groups

ldap admin dn = cn=admin,dc=usit,dc=ie

ldap delete dn = no

obey pam restrictions = yes

ldap password sync = yes 

invalid users = root

passwd program = /usr/bin/passwd %u

passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

domain logons = yes

enable privileges = yes

logon path = \\%N\profiles\%U

logon path = \\%N\%U\profile

logon drive = H:

logon home = \\%N\%U

logon script = logon.cmd

add user script = /usr/sbin/adduser --quiet --disabled-password --gecos ""
%u

add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u" 

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

domain master = yes

preferred master = yes

[homes]

comment = Home Directories

browseable = no

writable = yes

create mask = 0700

directory mask = 0700

valid users = %S

[netlogon]

comment = Network Logon Service

path = /home/samba/netlogon

guest ok = yes

writable = no

share modes = no

 

smbldap_bind.conf:
 
slaveDN="cn=admin,dc=usit,dc=ie"
slavePw="********"
masterDN="cn=admin,dc=usit,dc=ie"
masterPw="********"

nsswitch.conf: 
 
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
 
hosts:          files dns
networks:       files
 
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
 
netgroup:       nis


-----------------------------------------------------------------

This email message is intended only for the addressee(s) 

and contains information that may be confidential and/or 

copyrighted.  If you are not the intended recipient please 

notify the sender by reply email and immediately delete 

this email. Use, disclosure or reproduction of this email 

by anyone other than the intended recipient(s) is strictly 

prohibited. USIT has scanned this email for viruses and 

dangerous content and believes it to be clean. However, 

virus scanning is ultimately the responsibility of the recipient.

-----------------------------------------------------------------

USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.

More information about the samba mailing list