samba - Jun 2007 - Trouble adding to domain

I am having trouble adding machines to domains.  I enter a proper
username and password on the windows end, the ldap server executes the
proper script, the script executes properly, resulting in the right
entry into ldap as shown below:

# lancelot1$, computer, igb.uiuc.edu
dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: lancelot1$
sn: lancelot1$
uid: lancelot1$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

However, the windows system does not have it join the domain, and give
an error saying "the user name could not be found."  Below is my
config,
does anyone know what would cause this?


[global]
	netbios name = arthur
	workgroup = igbtest
	server string = igb test domain
	security = user
	encrypt passwords = yes
	local master = yes
	os level = 65
	domain master = yes
	preferred master = yes
	null passwords = no
	hide unreadable = yes
	hide dot files = yes
	domain logons = yes
	log file = /var/log/samba/log.%m
	max log size = 50

	add user script
= /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
-m "%u"
	add machine script
= /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
-w "%u"
	add group script
= /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
-p "%g"
	
	passdb backend = ldapsam:ldap://127.0.0.1/
	ldap delete dn = Yes
	ldap ssl = no
	
	ldap suffix = dc=igb,dc=uiuc,dc=edu
	ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
	ldap group suffix = ou=group
	ldap user suffix = ou=People
	ldap machine suffix = ou=computer
	ldap idmap suffix = ou=idmap

[netlogon]
	 path = /var/lib/samba/netlogon
#	 guest ok = Yes
	 browseable = no
	 write list = root

[homes]
	 path = /home/%U
	 browseable = no
	 valid users = %S
	 read only = no
	 create mask = 0664
	 directory mask = 0775

My problem seems to have been related to how the ldap records were set
up.  Just so everyone knows the computer entry based off my config file
should look like:

# SIRGUAIN$, computer, igb.uiuc.edu
dn: uid=SIRGUAIN$,ou=computer,dc=igb,dc=uiuc,dc=edu
uid: SIRGUAIN$
sambaSID: S-none-of-yo-bidness-1000
objectClass: sambaSamAccount
objectClass: account
displayName: SIRGUAIN$
sambaAcctFlags: [W          ]
sambaPwdMustChange: 9223372036854775807
sambaPwdCanChange: 1181057492
sambaNTPassword: noneyobidnesseither
sambaPwdLastSet: 1181057492

Instead of:

# lancelot1$, computer, igb.uiuc.edu
dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: lancelot1$
sn: lancelot1$
uid: lancelot1$
uidNumber: 1009
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer


However smbldap-useradd created the latter.  What am I doing wrong that
does this?

thanks,

Dan

On Mon, 2007-06-04 at 14:03 -0500, Daniel Davidson
wrote:
> I am having trouble adding machines to domains.  I enter a proper
> username and password on the windows end, the ldap server executes the
> proper script, the script executes properly, resulting in the right
> entry into ldap as shown below:
> 
> # lancelot1$, computer, igb.uiuc.edu
> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: lancelot1$
> sn: lancelot1$
> uid: lancelot1$
> uidNumber: 1002
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> 
> However, the windows system does not have it join the domain, and give
> an error saying "the user name could not be found."  Below is my
config,
> does anyone know what would cause this?
> 
> 
> [global]
> 	netbios name = arthur
> 	workgroup = igbtest
> 	server string = igb test domain
> 	security = user
> 	encrypt passwords = yes
> 	local master = yes
> 	os level = 65
> 	domain master = yes
> 	preferred master = yes
> 	null passwords = no
> 	hide unreadable = yes
> 	hide dot files = yes
> 	domain logons = yes
> 	log file = /var/log/samba/log.%m
> 	max log size = 50
> 
> 	add user script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
> -m "%u"
> 	add machine script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
> -w "%u"
> 	add group script
> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
> -p "%g"
> 	
> 	passdb backend = ldapsam:ldap://127.0.0.1/
> 	ldap delete dn = Yes
> 	ldap ssl = no
> 	
> 	ldap suffix = dc=igb,dc=uiuc,dc=edu
> 	ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
> 	ldap group suffix = ou=group
> 	ldap user suffix = ou=People
> 	ldap machine suffix = ou=computer
> 	ldap idmap suffix = ou=idmap
> 
> [netlogon]
> 	 path = /var/lib/samba/netlogon
> #	 guest ok = Yes
> 	 browseable = no
> 	 write list = root
> 
> [homes]
> 	 path = /home/%U
> 	 browseable = no
> 	 valid users = %S
> 	 read only = no
> 	 create mask = 0664
> 	 directory mask = 0775
>

Daniel Davidson a ?crit :
> My problem seems to have been related to how the ldap records were set
> up.  Just so everyone knows the computer entry based off my config file
> should look like:
> 
> # SIRGUAIN$, computer, igb.uiuc.edu
> dn: uid=SIRGUAIN$,ou=computer,dc=igb,dc=uiuc,dc=edu
> uid: SIRGUAIN$
> sambaSID: S-none-of-yo-bidness-1000
> objectClass: sambaSamAccount
> objectClass: account
> displayName: SIRGUAIN$
> sambaAcctFlags: [W          ]
> sambaPwdMustChange: 9223372036854775807
> sambaPwdCanChange: 1181057492
> sambaNTPassword: noneyobidnesseither
> sambaPwdLastSet: 1181057492
> 
> Instead of:
> 
> # lancelot1$, computer, igb.uiuc.edu
> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: lancelot1$
> sn: lancelot1$
> uid: lancelot1$
> uidNumber: 1009
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> 
> 
> However smbldap-useradd created the latter.  What am I doing wrong that
> does this?
Perhaps you are missing the -a flag. Indeed, in order for
smbldap-useradd script to create a SambaSAMAccount entry, you need to
add the -a flag, whether you are running from command line or from
inside the smb.conf file. Excerpt from the smbldap-useradd help :
  -a    is a Windows User (otherwise, Posix stuff only)

Hope this helps,

Denis

> 
> thanks,
> 
> Dan
> 
> On Mon, 2007-06-04 at 14:03 -0500, Daniel Davidson wrote:
>> I am having trouble adding machines to domains.  I enter a proper
>> username and password on the windows end, the ldap server executes the
>> proper script, the script executes properly, resulting in the right
>> entry into ldap as shown below:
>>
>> # lancelot1$, computer, igb.uiuc.edu
>> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> cn: lancelot1$
>> sn: lancelot1$
>> uid: lancelot1$
>> uidNumber: 1002
>> gidNumber: 515
>> homeDirectory: /dev/null
>> loginShell: /bin/false
>> description: Computer
>> gecos: Computer
>>
>> However, the windows system does not have it join the domain, and give
>> an error saying "the user name could not be found."  Below is
my config,
>> does anyone know what would cause this?
>>
>>
>> [global]
>> 	netbios name = arthur
>> 	workgroup = igbtest
>> 	server string = igb test domain
>> 	security = user
>> 	encrypt passwords = yes
>> 	local master = yes
>> 	os level = 65
>> 	domain master = yes
>> 	preferred master = yes
>> 	null passwords = no
>> 	hide unreadable = yes
>> 	hide dot files = yes
>> 	domain logons = yes
>> 	log file = /var/log/samba/log.%m
>> 	max log size = 50
>>
>> 	add user script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -m "%u"
>> 	add machine script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -w "%u"
>> 	add group script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
>> -p "%g"
>> 	
>> 	passdb backend = ldapsam:ldap://127.0.0.1/
>> 	ldap delete dn = Yes
>> 	ldap ssl = no
>> 	
>> 	ldap suffix = dc=igb,dc=uiuc,dc=edu
>> 	ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
>> 	ldap group suffix = ou=group
>> 	ldap user suffix = ou=People
>> 	ldap machine suffix = ou=computer
>> 	ldap idmap suffix = ou=idmap
>>
>> [netlogon]
>> 	 path = /var/lib/samba/netlogon
>> #	 guest ok = Yes
>> 	 browseable = no
>> 	 write list = root
>>
>> [homes]
>> 	 path = /home/%U
>> 	 browseable = no
>> 	 valid users = %S
>> 	 read only = no
>> 	 create mask = 0664
>> 	 directory mask = 0775
>>
> 

-- 
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0) 2.41.67.56.99
http://www.tranquil-it-systems.fr