[Samba] problem joining WinXP machine to samba PDC+LDAP environment

Mike Brady mike.brady at devnull.net.nz
Tue Feb 22 15:01:48 MST 2011

Quoting Jon Detert <jdetert at infinityhealthcare.com>:

> On Mon, Feb 21, 2011 at 4:15 PM, Mike Brady  
> <mike.brady at devnull.net.nz> wrote:
>> Quoting Jon Detert <jdetert at infinityhealthcare.com>:
>>> Hello,
>>> I can't join a winxp box to my samba domain.  I just have one samba
>>> server, meant to act as a PDC for domain='CHI'.
>>> Any ideas how to troubleshoot and/or remedy?
>>> Thanks,
>>> Jon
>>> Context:
>>> ------------
>>> samba v3.3.8 on CentOS v5.5, using ldapsam backend.  Domainname ='CHI'.
>>> smbldap-tools v0.9.6.
>>> I 'populated' the ldap with 'smbldap-populate'.
>>> I try to join the winxp box, authenticating to the domain as user
>>> 'jdetert', which is a member of the 'Administrators' group:
>>> # smbldap-groupshow Administrators
>>> dn: cn=Administrators,ou=Groups,dc=infinityhealthcare,dc=com
>>> objectClass: top,posixGroup,sambaGroupMapping
>>> gidNumber: 544
>>> cn: Administrators
>>> description: Netbios Domain Members can fully administer the
>>> computer/sambaDomainName
>>> sambaSID: S-1-5-32-544
>>> sambaGroupType: 5
>>> displayName: Administrators
>>> memberUid: jdetert,root
>>> What happens:
>>> ----------------------
>>> a failure dialog window pops up on the winxp box with this message:
>>> 'The following error occurred attempting to join the domain "CHI":
>>> The user name could not be found.'
> -- snip --
>> I am working through a similar setup at the moment.
>> Looking at the smbldap-useradd source, status 9 is "user must not exist in
>> LDAP", so I assume from that that the workstation userid already exists?
> Turns out you are correct.  So, I deleted the 'user'="testfsclient$"
> from the ou=Computers, and retried, but it failed with the same error,
> and it re-created the user object.
> Any ideas how/why joining the domain is not fully working?
> Thanks,
> Jon


The error is returned if there is a successful LDAP query for the  
machine name "anywhere" in LDAP.  Does the machine name exist  
somewhere else other than ou=Computers?

You could also try running the full smbldap-useradd command as it is  
logged from the command line and see if it gives any more information.  
  The smldap-user script does print out additional information that  
Samba doesn't look like it captures in the logs.


This message was sent using IMP, the Internet Messaging Program.

More information about the samba mailing list