[Samba] [idx-smbldap-tools ] smbldap-tools and joining workstation to domain RESOLVED
Tim Herty
pragmatiker at gmx.de
Fri Jul 15 02:20:05 MDT 2011
Thank you, thank you, thank you.
The issue with not beeing able to join workstations to our Samba 3 domain
without manually adding the Samba attributes to the LDAP directory with LAM
has been a pain in the butt for months now. I found dozens of threads on the
net
started by Admins with the same problem and none of those threads ended in
really resolving
the issue.
I have been updating Samba, fidelling with the smbldap-tools and pulling my
hair to no avail.
Finally I found this post from 2005 that resolved my issue.
I tested with :~#getent passwd an it only listed my users.
I added a line for my computers in /etc/libnss-ldap.conf an changed it from:
nss_base_passwd ou=users,dc=test,dc=de?one
nss_base_shadow ou=users,dc=test,dc=de?one
nss_base_group ou=groups,dc=test,dc=de?one
to:
nss_base_passwd ou=users,dc=test,dc=de?one
nss_base_passwd ou=computers,dc=test,dc=de?one
nss_base_shadow ou=users,dc=test,dc=de?one
nss_base_group ou=groups,dc=test,dc=de?one
Now everything works just fine.
Rhys Goodwin wrote:
>
> The script only adds the posix stuff, when you join the workstation the
> sambaSam entries are created by samba.
> BUT...
> Samba NEEDS to find a posix account with the name of the machine being
> joined. How are you doing user lookups on your posix side?
> If you use nss_ldap and you have a seperate ou in your directory for users
> and computers that could be where your problem is.
> i.e. if
> nss_ldap is set to look in "ou=users,dc=test,dc=com " for its posix
> userbase
> then if you do:
> :~#getent passwd
> then it will return only users it finds in that ou. So if your add machine
> script is creating "users"(machine accounts) in
> ou=computers,dc=test,dc=com
> then as far as posix is concerned there is no posix account for the new
> machine. Samba will not find a possix account and will not add the
> sambaSam
> entries and the join will fail. You have 2 options:
> 1.Add your user accounts and computer accounts to the same ou.
> 2. Tell nss_ldap to do sub tree searches of the parent ou. eg. set your
> base
> to "dc=test,dc=com" rather than "ou=users,dc=test,dc=com"
> This is how I understand it anyhow, I might be wrong, Im no smaba pro but
> I
> went for option 2.
> If anyone can shed some more light on this is or set me straight if Im
> wrong, please do.
> Cheers,
> Rhys
>
>
--
View this message in context: http://samba.2283325.n4.nabble.com/smbldap-tools-and-joining-workstation-to-domain-tp2405892p3669378.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list