[Samba] Samba PDC + OpenLDAP (Debian Lenny)

[Adam Tauno WIlliams]

> I'm trying to move my existing MS-AD over to SAMBA, the place I'm 

So you have an AD domain?  Samba 3.x does not provide an AD domain, it
provides an NT domains, so your requirement of "everything keeps running
in the same or almost the same way" cannot be met.  Unless you want to
try Samba 4.

> When I try to join a Windows Vista Ultimate ore Windows XP Pro to the 
> domain it takes 30 sec and then it says "The machine account dos not 
> exist" but as I understand that is what
> "add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to 
> do right ?

It is supposed to, yes.

>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Get rid of all the "socket options" stuff.  Are you using an old HOWTO
or some crap Wiki entry from somewhere?  Setting this directive is an
OLD habit and very obsolete.  Use only the Samba HOWTO and By-Example as
provided on Samba docs.  Assume everything else on the Internet is
obsolete and out-of-date, because it most likely is.

> [2009/08/14 18:22:24,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
>  pdb_get_group_sid: Failed to find Unix account for DomAdmin
> [2009/08/14 18:22:24,  1] auth/auth_util.c:make_server_info_sam(562)
>  User DomAdmin in passdb, but getpwnam() fails!

I don't know why it is looking for a "DomAdmin" account. Perhaps your
directory is not fully initialized?  Loaded with the required users,
etc...

> Error: modifications require authentication at 
> /usr/share/perl5/smbldap_tools.pm line 1083.
> [2009/08/14 18:22:48,  0] 
> passdb/pdb_interface.c:pdb_default_create_user(336)
>  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 
> -w -i "hds$"' gave 127

I don't use smblap-tools but this looks like they don't have sufficient
config to authenticate to the DSA.