[Samba] LDAP adding workstation accounts fails (but not really???)

Pat Riehecky prieheck at iwu.edu
Mon Feb 25 14:21:37 GMT 2008


The system is named testing, I am joining the Samba PDC computer to the
domain it hosts.  The problem also is duplicated when attempting to join
a secondary system to the domain, so I simplified down to one system.

On Fri, 2008-02-22 at 20:57 -0600, Adam Williams wrote:
> is your computer your running "net rpc join -S TESTING -U root%password" 
> on named testing?
> 
> Pat Riehecky wrote:
> > This is highly weird.  I am trying to setup LDAP as the back for my
> > samba test system, all is going well, except for adding workstation
> > accounts to the server.
> >
> > # net rpc join -S TESTING -U root%password
> > Creation of workstation account failed
> > Unable to join domain IWU.EDU.
> >
> > Yet, if I search LDAP after the join attempt I find:
> >
> > dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
> > objectClass: top
> > objectClass: account
> > objectClass: posixAccount
> > cn: testing$
> > uid: testing$
> > uidNumber: 1001
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description: Computer
> > gecos: Computer
> >
> >
> > My LDAP logs show it is searching ou=People rather than ou=Computers to
> > see if it was added successfully.  What must I do to make it search
> > ou=Computers?
> >
> > testparm reports the following in my smb.conf global section and reports
> > no errors.
> >
> > [global]
> >         workgroup = TESTING
> >         netbios name = TESTING
> >         server string = %h server
> >         security = DOMAIN
> >         passdb backend = ldapsam:ldap://localhost
> >         log level = 2
> >         syslog = 0
> >         log file = /var/log/samba/log.%m
> >         max log size = 1000
> >         load printers = No
> >         add machine script = smbldap-useradd -w -s /bin/false "%u"
> >         domain logons = Yes
> >         preferred master = Yes
> >         domain master = Yes
> >         dns proxy = No
> >         ldap admin dn = cn=admin
> >         ldap group suffix = ou=Group
> >         ldap idmap suffix = ou=Idmap
> >         ldap machine suffix = ou=Computers
> >         ldap passwd sync = Yes
> >         ldap suffix = dc=iwu,dc=edu
> >         ldap ssl = no
> >         ldap user suffix = ou=People
> >         panic action = /usr/share/samba/panic-action %d
> >         idmap uid = 15000-25000
> >         idmap gid = 15000-25000
> >
> >
> >
> >   
> 
> 



More information about the samba mailing list