[Samba] LDAP adding workstation accounts fails (but not really???)
prieheck at iwu.edu
Mon Feb 25 14:21:37 GMT 2008
The system is named testing, I am joining the Samba PDC computer to the
domain it hosts. The problem also is duplicated when attempting to join
a secondary system to the domain, so I simplified down to one system.
On Fri, 2008-02-22 at 20:57 -0600, Adam Williams wrote:
> is your computer your running "net rpc join -S TESTING -U root%password"
> on named testing?
> Pat Riehecky wrote:
> > This is highly weird. I am trying to setup LDAP as the back for my
> > samba test system, all is going well, except for adding workstation
> > accounts to the server.
> > # net rpc join -S TESTING -U root%password
> > Creation of workstation account failed
> > Unable to join domain IWU.EDU.
> > Yet, if I search LDAP after the join attempt I find:
> > dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
> > objectClass: top
> > objectClass: account
> > objectClass: posixAccount
> > cn: testing$
> > uid: testing$
> > uidNumber: 1001
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description: Computer
> > gecos: Computer
> > My LDAP logs show it is searching ou=People rather than ou=Computers to
> > see if it was added successfully. What must I do to make it search
> > ou=Computers?
> > testparm reports the following in my smb.conf global section and reports
> > no errors.
> > [global]
> > workgroup = TESTING
> > netbios name = TESTING
> > server string = %h server
> > security = DOMAIN
> > passdb backend = ldapsam:ldap://localhost
> > log level = 2
> > syslog = 0
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> > load printers = No
> > add machine script = smbldap-useradd -w -s /bin/false "%u"
> > domain logons = Yes
> > preferred master = Yes
> > domain master = Yes
> > dns proxy = No
> > ldap admin dn = cn=admin
> > ldap group suffix = ou=Group
> > ldap idmap suffix = ou=Idmap
> > ldap machine suffix = ou=Computers
> > ldap passwd sync = Yes
> > ldap suffix = dc=iwu,dc=edu
> > ldap ssl = no
> > ldap user suffix = ou=People
> > panic action = /usr/share/samba/panic-action %d
> > idmap uid = 15000-25000
> > idmap gid = 15000-25000
More information about the samba