[Samba] Strange issue with Samba + LDAP + Domain Member
Bryan Celentano
bryan.celentano at ultracontrols.aero
Tue Feb 17 17:20:01 GMT 2009
Hello,
Thank you for the replies, I will try the first, but in regards to your
reply Ray, as soon as I do that, the domain member complains of
NT_STATUS_ACCESS_DENIED, but the errors are removed from the Domain
Controller.
Regards,
Bryan
-----Original Message-----
From: Ray Klassen [mailto:rayklassen at gmail.com]
Sent: 16 February 2009 17:08
To: John Drescher
Cc: Bryan Celentano; Samba mailing list
Subject: Re: [Samba] Strange issue with Samba + LDAP + Domain Member
I get around this by including
nss_base_passwd ou=Computers,dc=mydomain,dc=com?one
in /etc/ldap.conf
if nss_ldap isn't looking in your computers tree for passwd entries,
it will never see them as unix accounts.
On Sun, Feb 15, 2009 at 1:27 PM, John Drescher <drescherjm at gmail.com> wrote:
> On Sun, Feb 15, 2009 at 12:27 PM, Bryan Celentano
> <bryan.celentano at ultracontrols.aero> wrote:
>> Hey,
>>
>>
>>
>> I keep posting but no replies yet, this is a new issue, the rest I seem
to
>> have fixed.
>>
>>
>>
>> I have an odd issue:
>>
>>
>>
>> * When I do net rpc join the PDC creates the account, and puts it
into
>> LDAP, which looks fine.
>> * I then can access the domain and winbind works fine from the
Domain
>> Member server.
>> * On the PDC I see the following error: "pdb_get_group_sid: Failed
to
>> find Unix account for member$"
>> * So I had a look into the nss_ldap and found it wasn't searching
the
>> ou=computers, so I added this in, and the error goes.
>> * Then I have a new issue, the domain member and winbind fails with
>> NT_ACCESS_DENIED.
>> * So I remove the nss_ldap entry for the ou=computers and it all
works
>> again.
>>
>>
>>
>> Has anyone come across this issue? Any help would be great.
>>
>
> Yes. I have this issue (and have had it for at least 5 years) using
> the smbldap-tools. To workaround I now just precreate an account using
> LAM (http://lam.sourceforge.net/) and then all is well with the PDC
> join. The previous workaround was to create a user for the machine
> account on the pdc first in the /etc/passwd.
>
> John
>
> John
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
This message has been scanned for malware by SurfControl plc. www.surfcontrol.com
More information about the samba
mailing list