[Samba] Can not add machine to the domain

Sascha Bieler sascha.bieler at radiogong.de
Wed May 23 15:56:30 GMT 2007

Did you modify

/usr/share/perl5/smbldap_tools.pm and

to fit your needs?

Do you have a proper working DNS server?

Does your PDC act as WinS server also? If not, do so.

What does your logfile say???

Here's a working smb.conf from debian etch:
        interfaces = lo eth3
        bind interfaces only = Yes
        name resolve order = wins bcast lmhosts host
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        load printers = Yes
        unix charset = UTF-8
        display charset = UTF-8
        workgroup = usit
        admin users = @"Domain Admins",MUSIC\Administrator
        guest account = nobody
        server string = %h %v
        security = user
        encrypt passwords = true
        log level = 2 vfs:2
        log file = /var/log/samba/log.%m
        syslog = 0
        max log size = 100000
        domain logons = Yes
        os level = 255
        domain master = Yes
        local master = Yes
        wins support = Yes
        wins proxy = Yes
        dns proxy = Yes
        time server = Yes
        passdb backend = ldapsam:"ldap://"
        ldap admin dn = cn=admin,dc=usit,dc=ie
        ldap suffix = dc=usit,dc=ie
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Users
        ldap ssl = no
        ldap delete dn = Yes
        add user script = /usr/sbin/smbldap-useradd -a -P "%u"
        delete user script = /usr/sbin/smbldap-userdel -r "%u"; rm -r /home/"%u"; rm -r /opt/profiles/"%u"
#       add machine script = /usr/sbin/smbldap-useradd -w "%u"
    add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false "%u"
        add group script = /usr/sbin/smbldap-groupadd "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        ldap passwd sync = Yes
        utmp = Yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        idmap backend = ldap:ldap://
        shutdown script = /sbin/shutdown
        abort shutdown script = /sbin/shutdown -c
        nt acl support = yes
        kernel oplocks = yes
        enable privileges = Yes
        template shell = /bin/false
        logon script = logon.bat
        logon path =
        logon home =

Good Luck!

-----Original Message-----
From: samba-bounces+sascha.bieler=radiogong.de at lists.samba.org [mailto:samba-bounces+sascha.bieler=radiogong.de at lists.samba.org] On Behalf Of Chris Boyd 
Sent: Wednesday, May 23, 2007 5:22 PM
To: samba at lists.samba.org
Subject: [Samba] Can not add machine to the domain

Running samba-3.0.24 with ldap on debian etch. 
Whenever I try to add an xp pro machine to the domain I get (on the pc) "the
username can not be found". I'm loggin in as admin. In the samba log I get
(for this pc) 
" passdb/pdb_interface.c:pdb_default_create_user(368)
  _samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127" 

I changed disabled the digital encryption for domain on the xp box in
security policy.
I can add the machine from the debian command line with no problems. 
Here is the smb.conf

workgroup = usit

server string = %h server

dns proxy = no

interfaces = eth0

log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d

encrypt passwords = true

passdb backend = ldapsam:ldap://

ldap suffix = dc=usit,dc=ie

ldap machine suffix = ou=machines

ldap user suffix = ou=users

ldap group suffix = ou=groups

ldap admin dn = cn=admin,dc=usit,dc=ie

ldap delete dn = no

obey pam restrictions = yes

ldap password sync = yes 

invalid users = root

passwd program = /usr/bin/passwd %u

passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

domain logons = yes

enable privileges = yes

logon path = \\%N\profiles\%U

logon path = \\%N\%U\profile

logon drive = H:

logon home = \\%N\%U

logon script = logon.cmd

add user script = /usr/sbin/adduser --quiet --disabled-password --gecos ""

add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u" 

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

domain master = yes

preferred master = yes


comment = Home Directories

browseable = no

writable = yes

create mask = 0700

directory mask = 0700

valid users = %S


comment = Network Logon Service

path = /home/samba/netlogon

guest ok = yes

writable = no

share modes = no



passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis


This email message is intended only for the addressee(s) 

and contains information that may be confidential and/or 

copyrighted.  If you are not the intended recipient please 

notify the sender by reply email and immediately delete 

this email. Use, disclosure or reproduction of this email 

by anyone other than the intended recipient(s) is strictly 

prohibited. USIT has scanned this email for viruses and 

dangerous content and believes it to be clean. However, 

virus scanning is ultimately the responsibility of the recipient.


USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list