[Samba] Unable to add machine accounts

Chris St. Pierre stpierre at NebrWesleyan.edu
Fri Mar 27 18:27:11 GMT 2009

I have the exact same problem as this guy:


He describes it much better and in much more detail than I could, so
I'll let him speak for me.

Unfortunately, I don't have the same solution.  nss_ldap is configured
properly, and things like 'getent passwd' and 'id machine-acct$' show
the machine accounts as expected:

% getent passwd | grep stpierre
stpierre:x:2273:4000:Christopher St
% id stpierre-pc$
uid=1944(stpierre-pc$) gid=1000 groups=1000

Unfortunately, "fix nss_ldap" is about the only suggestion I could
find on this problem on Google.  Any other suggestions?  Thanks!

I'm running samba 3.0.33 on RHEL 5.  /etc/ldap.conf (nss_ldap.conf on
other distros):

uri ldap://ldap.nebrwesleyan.edu
base o=NebrWesleyan.edu,o=isp
timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap
ssl start_tls
tls_checkpeer no

The [global] section of smb.conf:

server string = Huxley
workgroup = NWU_HUXLEY
netbios name = Huxley

log level = 1
log file = /var/log/samba/%U.%m.log
max log size = 102400

add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m'

bind interfaces only = true
interfaces =

logon path =
logon home =
logon drive =

max smbd processes = 0

encrypt passwords = yes
domain logons = yes 
domain master = yes 
local master = yes 
preferred master = yes 
security = user 
os level = 33 
wins server =
admin users = +ntadmin

passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu
ldap suffix = o=nebrwesleyan.edu,o=isp 
ldap machine suffix = ou=People 
ldap user suffix = ou=People 
ldap group suffix = ou=Groups 
ldap admin dn = cn=directory manager 
ldap ssl = off

idmap uid = 10000-20000
idmap gid = 10000-20000

blocking locks = no
unix extensions = no
include = /etc/samba/%U.inc

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

More information about the samba mailing list