[Samba] Problems joining machine to domain

Edmundo Valle Neto edmundo.valle at terra.com.br
Wed Sep 5 19:45:58 GMT 2007 

Misty Stanley-Jones escreveu:
> Our Samba server was recently the recipient of a major upgrade.  I thought
> all the kinks were worked out, but apparently not.
>  
> I think this is the first time I've tried to join a machine account to the
> domain since the upgrade.  I've tried using smbldap-tools and also just
> using smbpasswd (I have my users in LDAP).  I'll also say that 'net join'
> works just fine from my Samba domain members to my Samba domain master.
>  
> First, the preliminaries:
> OS: Ubuntu 7.04 Server
> Samba Version: 3.0.24
> Smbldap-tools Version: 0.9.2
> Passdb Backend: LDAP (openLDAP)
>  
> Anyway, when I try to join to the domain using smbldap-tools, here is my
> script in smb.conf:
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>   

Can you explain to me what "-t" means and where did you got it from?

> If I run that by hand, as root, it adds the posixAccount but not the
> sambaSamAccount.  On the Windows system I get an error like "No such user".
> In the Samba logs, I see an error like this:
>  
> [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(368)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w
> "xptommy$"' gave 0
> [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(384)
>   pdb_default_create_user: failed to create a new user structure:
> NT_STATUS_NO_SUCH_USER
>  
> Just to be sure I had the privileges right:
>  net rpc rights grant "CORP\Domain Admins" SeMachineAccountPrivilege
>  
> I am joining domains as 'root', who is a member of the Domain Admins group:
> memberUid: root,misty,carl
>
> Obviously smbldap-tools is set up at least somewhat correctly, because it is
> creating the posixAccount.  I re-ran 'smbpasswd -W' just to be sure that
> Samba could bind to the LDAP server.  I also tried using the username
> 'misty' to join the domain.  Same results every time.
>  
> Any idea what I can try next, apart from simply adding the sambaSamAccount
> objectclass by hand?
>
>  
> Misty Stanley-Jones
> System Administrator

Have you configured NSS properly ("getent passwd" show your machine 
accounts from LDAP)? Any chance that you are using nscd and winbind?

Regards.

Edmundo Valle Neto

More information about the samba mailing list