[Samba] Samba + LDAP: Issue adding machine.

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Jun 10 07:26:18 MDT 2013

I found that Samba 3.5.x has trouble creating the LDAP attributes 
correctly on new machine accounts . I think Samba 3.4.x was OK.     
Rejoining a machine to a domain was usually OK.     You need may need to 
do a mix of account creation with smbpasswd and LDAP modification with 
the LDAP editor.

   It appears to incorrectly set sambaAccountFlags as "[U]" (user) 
instead of  "[W]" (workstation).   When attempting to join a machine to 
the domain you may get an error that the account already exists.  Use an 
LDAP editor to make sure sambaAccountFlags is set to  "[W]."   (You can 
used pbedit to verify the setting but not to change it to "[W].")

type:      sambaAccountFlags
value:     [W         ]

If, when joining a domain,  you get an error that the "the specified 
network password is not correct."  you may need to precreate the samba 
account attribues with the pdbedit or smbpasswd commands .Try the 
following on spooky

#smbpasswd -x -m machinename

#smbpasswd -a -m machinename

You MAY also need to make sure that the sambaPrimaryGroupSID is also 
set.  It should end with 515.

type:      sambaPrimaryGroupSID
value:    S-1-5-21-xxx-xxx-xxx-515

On 06/10/13 08:33, Luis H. Forchesatto wrote:
> Greetings.
> I've run into a trouble when trying to add a new Win7 machine on a domain.
> The domain is controlled by a server running Samba + LDAP (samba compiled
> with ldap support), on a Debian 5 OS at the local network.
> I've added the machine name to the LDAP three through phpldapadmin using
> the option "Samba3 Machine" on the related submenu and via terminal on
> samba. Then I renamed the new machine to match the computer name and tried
> to add it to the domain. When prompted for credentials to add the new
> machine I've informed the admin login and password and hit <enter>.
> The windows then returned the following error (something like): "The
> junction operation was not well succeded. Maybe another existent machine
> account <machine_account_name> was created previously using anothet set of
> credentials. User another computer name or contact the admin to remove any
> obsolete conflicting account. Error: Access denied."
> Any ideas for the troubleshoot will be welcome.

More information about the samba mailing list