[Samba] Samba/LDAP Question
Frank J. Pellegrino
frank.pellegrino at sju.edu
Mon Feb 4 16:05:21 GMT 2008
We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One
5.2 LDAP server.
We are having a problem when a new machine joins the domain.
Here is a snippet of our smb.conf file
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
ldap machine suffix = ou=computers
ldap user suffix = ou=People
When a new machine attempts to join the domain a new entry is created in
ou=computers as expected. This entry has only the posixAccount information
and no Samba info. However, the machine reports that it failed to join the
domain. Log entries on both samba and LDAP tell me that after the entry is
created, samba is trying to find that entry in ou=people instead of
Attempting to add the machine again gives us an error that the machine
I modified smbldap-useradd to include the sambaSamAccount information when
the entry is created. The first attempt to join the domain still fails,
however trying again succeeds.
In another test, I removed the modifications from smbldap-useradd and
modified the smbldap.conf file so that it thought the machines container
was ou=people. With this change the new machine was able to join the
domain on the first try. The problem here is that we don't want the
machines mixed in with the users.
So from this I determined that after creating the new entry for the
machine, Samba then goes and looks for that entry in ou=people instead of
ou=computers. My guess is that there is a bug in the code that looks at
the wrong configuration entry.
I have tried looking through the C code on my own. I'm only familiar with
C so I haven't made as much progress as I'd like.
Is this a known bug? Is it possible that we have a configuration wrong
Can anyone point me to the correct C file so I can try and fix this?
I'd appreciate any help I can get.
More information about the samba