samba - Apr 2002 - ldap and xp can´t join the domain

Hi samba admins,

I have a problem to join with a XP prof. in samba with ldap domain test system.
All works fine, I can work with my shares and pdbedit -l list all my
users in ldap system verry well (samba and ldap is great - thanks
samba team!!!).
But I ?m not shure about the working with machine accounts to join my
domain named samba.
I make a ldif file with my machine account:

dn: cn=xp$,dc=tux,dc=org
objectclass: posixaccount
cn: xp$
uid: xp$
uidNumber: 1002
gidNumber: 101
homeDirectory: /home/xp
loginShell: /bin/bash

and ldapsearch -x gives me the working entry.
And I have a user named admin and set passwd with smbpasswd -w ######.
But when I join the domain with admin and passwd it gives the error
that I have not the rights to join the samba domin.
(pdbedit -a -m -u xp creates xp$ but the effect is the same)
Please can sombody gives me a exampel for a machine account and samba
ldap admin configuration to join it???? I?m verry new with samba and ldap.

Thanks verry much !

Axel Machens

------------------------------------------------------------------
# admin.ldif / set passwd with smbpasswd -w xxxxxx #
dn: cn=admin,dc=tux,dc=org
objectclass: posixaccount
cn: admin
uid: admin
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/admin
loginShell: /bin/bash

----------------------------------------------------------------


[global]
        workgroup = SAMBA
        encrypt passwords = Yes
        root directory = /
        character set = ISO8859-1
        logon path = \\neptun\profile\%U
        logon home = \\neptun\profile\%U
        domain logons = Yes
        os level = 65
        preferred master = True
        domain master = True
        wins support = Yes
        ldap port = 389
        ldap suffix = dc=tux,dc=org
        ldap filter = (&(objectclass=sambaaccount)(uid=%u))
        ldap admin dn = cn=admin,dc=tux,dc=org
        ldap ssl = no
        admin users = admin
        printer admin = admin

[homes]
        valid users = %S
        read only = No
        browseable = No

[profile]
        comment = profile
        path = /profile
        read only = No
        browseable = No

[Gruppe]
        comment = F?r alle Lesen/Schreiben
        path = /public
        read only = No

On Thu, 2002-04-25 at 16:56, Axel Machens wrote:> 
> But I ?m not shure about the working with machine accounts to join my
> domain named samba.
I assume you are using samba3 head?
if so I'm also having trouble getting an XP pro machine to join the
domain.  It use to "just work" with 2.2.4pre - the machine account
would
be created automatically.

now there is a new config param
 add machine script
in swat - I don't know what I need to put in there - but i'm looking
through the code to find out.
> and ldapsearch -x gives me the working entry.
> And I have a user named admin and set passwd with smbpasswd -w ######.
> But when I join the domain with admin and passwd it gives the error
> that I have not the rights to join the samba domin.
i also did this and i get a bunch of errors in the logs 
[2002/04/25 17:50:34, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.45.90)
[2002/04/25 17:50:34, 2] smbd/reply.c:reply_special(77)
  netbios connect: name1=BITC             name2=TESTPC
[2002/04/25 17:50:34, 2] smbd/reply.c:reply_special(96)
  netbios connect: local=bitc remote=testpc
[2002/04/25 17:50:34, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:34, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:34, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=root)(objectclass=sambaAccount))]
[2002/04/25 17:50:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: root
[2002/04/25 17:50:34, 2] auth/auth.c:check_ntlm_password(256)
  check_password:  authenticaion for user [root] -> [root] -> [root]
suceeded
[2002/04/25 17:50:35, 2] smbd/server.c:exit_server(498)
  Closing connections
[2002/04/25 17:50:35, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:35, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:35, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=root)(objectclass=sambaAccount))]
[2002/04/25 17:50:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: root
[2002/04/25 17:50:35, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.45.90)
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=root)(objectclass=sambaAccount))]
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: root
[2002/04/25 17:50:36, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2102)
  Returning domain sid for domain LAUELAB ->
S-1-5-21-952143027-1224863391-451646606
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=testpc$)(objectclass=sambaAccount))]
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=testpc$)(objectclass=sambaAccount))]
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching for:[uid=testpc$]
[2002/04/25 17:50:36, 2] passdb/pdb_ldap.c:init_ldap_from_sam(734)
  Setting entry for user: testpc$
[2002/04/25 17:50:36, 0] passdb/pdb_ldap.c:init_ldap_from_sam(747)
  NO user RID specified on account testpc$, cannot store!
[2002/04/25 17:50:36, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1387)
  ldapsam_add_sam_account: init_ldap_from_sam failed!
[2002/04/25 17:50:36, 0]
rpc_server/srv_samr_nt.c:_api_samr_create_user(1979)
  could not add user/computer testpc$ to passdb.  Check permissions?
[2002/04/25 17:50:36, 2] smbd/server.c:exit_server(498)
  Closing connections
[2002/04/25 17:50:37, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.45.185)
[2002/04/25 17:50:37, 2] smbd/reply.c:reply_special(77)
  netbios connect: name1=BITC             name2=G05C-3
[2002/04/25 17:50:37, 2] smbd/reply.c:reply_special(96)
  netbios connect: local=bitc remote=g05c-3
[2002/04/25 17:50:37, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.46.131)
[2002/04/25 17:50:37, 2] smbd/reply.c:reply_special(77)
  netbios connect: name1=BITC             name2=KARI
[2002/04/25 17:50:37, 2] smbd/reply.c:reply_special(96)
  netbios connect: local=bitc remote=kari
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=nobody)(objectclass=sambaAccount))]
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: nobody
[2002/04/25 17:50:37, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.45.185)
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=nobody)(objectclass=sambaAccount))]
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: nobody
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=nobody)(objectclass=sambaAccount))]
[2002/04/25 17:50:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: nobody
[2002/04/25 17:50:37, 2] lib/access.c:check_access(309)
  Allowed connection from  (132.177.46.131)
[2002/04/25 17:50:38, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)
  ldap_open_connection: connection opened
[2002/04/25 17:50:38, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)
  ldap_connect_system: successful connection to the LDAP server
[2002/04/25 17:50:38, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)
  ldapsam_search_one_user: searching
for:[(&(uid=nobody)(objectclass=sambaAccount))]
[2002/04/25 17:50:38, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)
  Entry found for user: nobody
[2002/04/25 17:50:39, 2] smbd/server.c:exit_server(498)
  Closing connections
> 
> [global]
>         workgroup = SAMBA
>         encrypt passwords = Yes
>         root directory = /
>         character set = ISO8859-1
>         logon path = \\neptun\profile\%U
>         logon home = \\neptun\profile\%U
>         domain logons = Yes
>         os level = 65
>         preferred master = True
>         domain master = True
>         wins support = Yes
>         ldap port = 389
>         ldap suffix = dc=tux,dc=org
>         ldap filter = (&(objectclass=sambaaccount)(uid=%u))
i have this
(&(uid=%u)(objectclass=sambaAccount))
instead - but i don't think case matters