[Samba] Samba/LDAP Question

Frank J. Pellegrino frank.pellegrino at sju.edu
Mon Feb 4 16:05:21 GMT 2008

We have just setup Samba 3.0.28 with LDAP support.  We are using a Sun One 
5.2 LDAP server.

We are having a problem when a new machine joins the domain.
Here is a snippet of our smb.conf file
   add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
   ldap machine suffix = ou=computers
   ldap user suffix = ou=People

When a new machine attempts to join the domain a new entry is created in 
ou=computers as expected.  This entry has only the posixAccount information 
and no Samba info.  However, the machine reports that it failed to join the 
domain.  Log entries on both samba and LDAP tell me that after the entry is 
created, samba is trying to find that entry in ou=people instead of 

Attempting to add the machine again gives us an error that the machine 
already exists.

I modified smbldap-useradd to include the sambaSamAccount information when 
the entry is created.  The first attempt to join the domain still fails, 
however trying again succeeds.

In another test, I removed the modifications from smbldap-useradd and 
modified the smbldap.conf file so that it thought the machines container 
was ou=people.  With this change the new machine was able to join the 
domain on the first try.  The problem here is that we don't want the 
machines mixed in with the users.

So from this I determined that after creating the new entry for the 
machine, Samba then goes and looks for that entry in ou=people instead of 
ou=computers.  My guess is that there is a bug in the code that looks at 
the wrong configuration entry.

I have tried looking through the C code on my own.  I'm only familiar with 
C so I haven't made as much progress as I'd like.

Is this a known bug?  Is it possible that we have a configuration wrong 

Can anyone point me to the correct C file so I can try and fix this?

I'd appreciate any help I can get.


More information about the samba mailing list