Re [Samba] LDAP adding workstation accounts fails (but not really???)

Remy Zandwijk remy.zandwijk at
Fri Feb 29 16:55:45 GMT 2008


I've been struggling with this also. Our add machine script is a PHP script. 
It basically adds this in LDAP:

	dn: uid=testing$,ou=machines,dc=falw,dc=vu,dc=nl
	objectClass: top
	objectClass: person
	objectClass: posixAccount
	uid: testing$
	sn: testing$
	cn: testing$
	loginShell: /bin/false
	homeDirectory: /dev/null
	uidNumber: 60000
	gidNumber: 65000
	description: Joined on mm-dd-YYYY by userid

No more, no less. After the machine said it was successfully joined, Samba 
added these attributes all by himself:

	objectClass: sambaSamAccount
	sambaAcctFlags: [W          ]
	sambaNTPassword:: xxxxx
	sambaPwdCanChange: 1174918415
	sambaPwdLastSet: 1174918415
	sambaSID:: yyyyy

(so there's what the entry in LDAP should look like.)

I found out that in our setup (Solaris 9, OpenLDAP), I had to put in a 'sleep' 
of 10 seconds at the end of the add machine script. I know this sounds lame, 
but it was the only way machines could be joined to the domain successfully. 
Maybe you should experiment some with a sleep too.


Pat Riehecky wrote:
> Blast.
> My workstation account looks like the following after my failure to join
> the domain.
> dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> cn: testing$
> uid: testing$
> uidNumber: 1006
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> I built up a Fedora 8 box and pointed it at my LDAP server and I still
> cannot su down to that user.  I figured using the graphical tool for
> setting up pam_ldap would eliminate whatever mistake I have made that I
> just cannot seem to find.  But it too cannot su down to testing$.  
> I just removed and reinstalled samba, now more stuff is not working.  I
> am going to assume my test box is just too hosed up and leave it at
> that.  When I get around to rebuilding it I will almost certainly have
> this problem again since I don't know what caused it I am doomed to
> repeat it....
> Thanks for all the help
> Pat
> On Thu, 2008-02-28 at 13:08 -0600, Adam Williams wrote:
>> see, I can su -l to my account:
>> [root at gomer ~]# su -l domain2\$
>> su: warning: cannot change directory to /dev/null: Not a directory
>> -sh: /dev/null/.profile: Not a directory
>> -sh-3.2$
>> and its info is:
>> dn: uid=domain2$,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
>> objectClass: posixAccount
>> objectClass: account
>> objectClass: top
>> objectClass: sambaSamAccount
>> uid: domain2$
>> uidNumber: 2003
>> gidNumber: 514
>> homeDirectory: /dev/null
>> cn: domain2$
>> sambaSID: S-1-5-21-2139886109-2393431639-217723040-1017
>> displayName: domain2$
>> sambaAcctFlags: [W          ]
>> sambaNTPassword: 890AE051A9ADB4707CD86824CF76F9B4

More information about the samba mailing list