[Samba] Strange issue with Samba + LDAP + Domain Member
John Drescher
drescherjm at gmail.com
Sun Feb 15 21:27:32 GMT 2009
On Sun, Feb 15, 2009 at 12:27 PM, Bryan Celentano
<bryan.celentano at ultracontrols.aero> wrote:
> Hey,
>
>
>
> I keep posting but no replies yet, this is a new issue, the rest I seem to
> have fixed.
>
>
>
> I have an odd issue:
>
>
>
> * When I do net rpc join the PDC creates the account, and puts it into
> LDAP, which looks fine.
> * I then can access the domain and winbind works fine from the Domain
> Member server.
> * On the PDC I see the following error: "pdb_get_group_sid: Failed to
> find Unix account for member$"
> * So I had a look into the nss_ldap and found it wasn't searching the
> ou=computers, so I added this in, and the error goes.
> * Then I have a new issue, the domain member and winbind fails with
> NT_ACCESS_DENIED.
> * So I remove the nss_ldap entry for the ou=computers and it all works
> again.
>
>
>
> Has anyone come across this issue? Any help would be great.
>
Yes. I have this issue (and have had it for at least 5 years) using
the smbldap-tools. To workaround I now just precreate an account using
LAM (http://lam.sourceforge.net/) and then all is well with the PDC
join. The previous workaround was to create a user for the machine
account on the pdc first in the /etc/passwd.
John
John
More information about the samba
mailing list