[Samba] problem joining WinXP machine to samba PDC+LDAP environment

[Jon Detert]

On Mon, Feb 21, 2011 at 4:15 PM, Mike Brady <mike.brady at devnull.net.nz> wrote:
> Quoting Jon Detert <jdetert at infinityhealthcare.com>:
>
>> Hello,
>>
>> I can't join a winxp box to my samba domain.  I just have one samba
>> server, meant to act as a PDC for domain='CHI'.
>> Any ideas how to troubleshoot and/or remedy?
>>
>> Thanks,
>>
>> Jon
>>
>> Context:
>> ------------
>> samba v3.3.8 on CentOS v5.5, using ldapsam backend.  Domainname ='CHI'.
>> smbldap-tools v0.9.6.
>> I 'populated' the ldap with 'smbldap-populate'.
>>
>> I try to join the winxp box, authenticating to the domain as user
>> 'jdetert', which is a member of the 'Administrators' group:
>> # smbldap-groupshow Administrators
>> dn: cn=Administrators,ou=Groups,dc=infinityhealthcare,dc=com
>> objectClass: top,posixGroup,sambaGroupMapping
>> gidNumber: 544
>> cn: Administrators
>> description: Netbios Domain Members can fully administer the
>> computer/sambaDomainName
>> sambaSID: S-1-5-32-544
>> sambaGroupType: 5
>> displayName: Administrators
>> memberUid: jdetert,root
>>
>> What happens:
>> ----------------------
>> a failure dialog window pops up on the winxp box with this message:
>> 'The following error occurred attempting to join the domain "CHI":
>> The user name could not be found.'

-- snip --

> I am working through a similar setup at the moment.
>
> Looking at the smbldap-useradd source, status 9 is "user must not exist in
> LDAP", so I assume from that that the workstation userid already exists?


Turns out you are correct.  So, I deleted the 'user'="testfsclient$"
from the ou=Computers, and retried, but it failed with the same error,
and it re-created the user object.

Any ideas how/why joining the domain is not fully working?

Thanks,

Jon