[Samba] problem joining WinXP machine to samba PDC+LDAP environment
Mike Brady
mike.brady at devnull.net.nz
Tue Feb 22 15:01:48 MST 2011
Quoting Jon Detert <jdetert at infinityhealthcare.com>:
> On Mon, Feb 21, 2011 at 4:15 PM, Mike Brady
> <mike.brady at devnull.net.nz> wrote:
>> Quoting Jon Detert <jdetert at infinityhealthcare.com>:
>>
>>> Hello,
>>>
>>> I can't join a winxp box to my samba domain. I just have one samba
>>> server, meant to act as a PDC for domain='CHI'.
>>> Any ideas how to troubleshoot and/or remedy?
>>>
>>> Thanks,
>>>
>>> Jon
>>>
>>> Context:
>>> ------------
>>> samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'.
>>> smbldap-tools v0.9.6.
>>> I 'populated' the ldap with 'smbldap-populate'.
>>>
>>> I try to join the winxp box, authenticating to the domain as user
>>> 'jdetert', which is a member of the 'Administrators' group:
>>> # smbldap-groupshow Administrators
>>> dn: cn=Administrators,ou=Groups,dc=infinityhealthcare,dc=com
>>> objectClass: top,posixGroup,sambaGroupMapping
>>> gidNumber: 544
>>> cn: Administrators
>>> description: Netbios Domain Members can fully administer the
>>> computer/sambaDomainName
>>> sambaSID: S-1-5-32-544
>>> sambaGroupType: 5
>>> displayName: Administrators
>>> memberUid: jdetert,root
>>>
>>> What happens:
>>> ----------------------
>>> a failure dialog window pops up on the winxp box with this message:
>>> 'The following error occurred attempting to join the domain "CHI":
>>> The user name could not be found.'
>
> -- snip --
>
>> I am working through a similar setup at the moment.
>>
>> Looking at the smbldap-useradd source, status 9 is "user must not exist in
>> LDAP", so I assume from that that the workstation userid already exists?
>
>
> Turns out you are correct. So, I deleted the 'user'="testfsclient$"
> from the ou=Computers, and retried, but it failed with the same error,
> and it re-created the user object.
>
> Any ideas how/why joining the domain is not fully working?
>
> Thanks,
>
> Jon
>
Jon
The error is returned if there is a successful LDAP query for the
machine name "anywhere" in LDAP. Does the machine name exist
somewhere else other than ou=Computers?
You could also try running the full smbldap-useradd command as it is
logged from the command line and see if it gives any more information.
The smldap-user script does print out additional information that
Samba doesn't look like it captures in the logs.
Mike
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the samba
mailing list