[Samba] PDC witch LDAP and machine account lookup

Stefan Michalsky stefan.michalsky at farbwahl.de
Fri Oct 2 03:20:21 MDT 2009


Hi again,

so it looks like something with adding machine accounts manually does not
work for me.
After reconfiguring the smbldap tools and removing the computer (farbwahl06)
from the
domain i added it again. The automatically created machine account works
fine and i
am able to logon to the domain.

The differences between the pdbedit outputs have not been that big but big
enough to
make trouble i guess.

Thanks for your help Bruno.

Regards
Stefan



-----Ursprüngliche Nachricht-----
Von: Bruno MACADRE [mailto:bruno.macadre at univ-rouen.fr] 
Gesendet: Donnerstag, 1. Oktober 2009 22:10
An: Stefan Michalsky
Betreff: Re: [Samba] PDC witch LDAP and machine account lookup

Hi,

    It looks strange... I've you tried to increase your log level 
(specially on tdb and passdb). Something like :
    log level = 2 tdb:5 passdb:5

    And look for any strange behavior when you try to log onto 
farbwhal06 or when you try to join it to the domain.

    I don't use smbldap-tools so i can help you with this, for me adding 
a machine to the LDAP is like adding a user, the only difference is that 
the username (uid for LDAP) finish with a $

    If you try :
    # pdbedit -v farbwahl06$
    and
    # pdbedit -v farbwahl04$

    Look for any difference between the 2 results !

    Regards,
    Bruno
   
Stefan Michalsky a écrit :
> Hey Bruno,
>
> it seems that the problem is something else. I tested on one computer
> (farbwahl06 - WinXP Pro Client)
> most of the time. But i have another machine to test (farbwahl04 -
WinVista
> client).
> I moved the machine account for farbwahl04 from People to Computers and
> everything
> works fine. So i tried all variants for farbwahl06 (account in People and
> Computers,
> changed suffixes and so on) and the machine account for farbwahl06 seems
to
> be
> broken. I tried to create a new one, but this doesn't help too.
>
> So how do you create machine accounts? Perhaps i am missing something.
> Adding machine
> accounts automatically doesn't work too by the way. The Samba server is a
> gentoo (Linux version 2.6.23-hardened-r12).
>
> Please find attached my smb.conf (farbwahl04 is working with this) ***
REMOVED ***
>
>   
>
> Kind regards,
> Stefan
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Bruno MACADRE [mailto:bruno.macadre at univ-rouen.fr] 
> Gesendet: Donnerstag, 1. Oktober 2009 17:51
> An: Stefan Michalsky
> Betreff: Re: [Samba] PDC witch LDAP and machine account lookup
>
> Stefan Michalsky a écrit :
>   
>> Hey all,
>>
>> i do have the following problem: i set up a PDC with Samba with an LDAP
>> backend. Everything works fine but the machine account lookup. If i try
to
>> logon to the domain i have to create the machine account in
>> ou=People,dc=testing,dc=de. Everything works fine with this. But if i
>>     
> create
>   
>> the machine account in ou=Computers,dc=testing,dc=de and change all
>>     
> suffixes
>   
>> according to this the search performed looks like this in slapd log file:
>>
>> Oct  1 15:42:59 [slapd] conn=908 op=4 SRCH
>>     
> base="ou=People,dc=testing,dc=de"
>   
>> scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=farbwahl06$))"_
>>
>> So where is the mistake? I found some forum posts but all with no
answers.
>> Is it a configuration issue or a software problem?
>>
>> Thanks
>>
>> Stefan
>>
>>     
> Hi,
>
> 	Are you sure that your "ldap machine suffix" is changed to "ldap
> machine suffix = ou=Computers" ?
>
> 	Can you show your smb.conf when you want to have machine account in
> ou=Computers ?
>
> 	Regards,
> 	Bruno
>
>   



More information about the samba mailing list