samba - Sep 2003 - domain join - no sambaSamAccount created

Hi,
we are using Samba 3 ( CVS checkout from 09/01 ) on a SuSE 8.2 box with all
patches applied. The passdb backend is LDAP / eDirectory 8.7 on
another machine. The Samba box is supposed to work as a stand alone domain
controller, so I am testing to join a client machine to it's domain.
This is my "add machine script": /usr/bin/cpu useradd %u -d /dev/null
-f /etc/samba/scripts/machadd.cfg -F %u -L %u -g 511 -p xxx
I've manually tested this script and it's reliably creating a functional
user with the necessary posixAccount class attached. When I do a
"smbpasswd -amn" on that user object it becomes a Samba machine
account just as it should.
But when I run the "Network ID"-Wizard from the Windows XP client I
get a "bad username or password" message when Windows is at the point
of
actually requesting the machine account on the DC.
Strangely, the correct posixAccount is indeed being created - Samba simply
"forgets" to add the SambaSamAccount after the script ran. This is
also what the LDAP log tells me: There are no errors at all, but the LDAP
traffic still stops right after the posixAccount user is added.
I've also got a level 3 Samba log for the client machine. It doesn't
tell me much more, but it can be mailed on request.
Thanks for any help !

Ulf Dettmer

Did you try to:
- first make a machine-account _ONLY_ in PosixAccount.
- then try to run the wizard from XP with a (or better to be sure, THE) 
root account.

You need to have "add machine script" configed for this ofcourse.

I had the same problem adding clients to the domain...
but when I tried this procedure, it worked 4 me.

(Reply to all for direct comments, only receive digests)

Kind regards,
Bjorn

-----Original Message-----
From: samba-request [mailto:samba-request@lists.samba.org]
Sent: vrijdag 5 september 2003 11:10
To: samba
Cc: udettmer
Subject: [Samba] domain join - no sambaSamAccount created


Hi,
we are using Samba 3 ( CVS checkout from 09/01 ) on a SuSE 8.2 box with 
all patches applied. The passdb backend is LDAP / eDirectory 8.7 on 
another machine. The Samba box is supposed to work as a stand alone 
domain controller, so I am testing to join a client machine to it's 
domain.
This is my "add machine script": /usr/bin/cpu useradd %u -d /dev/null
-f
/etc/samba/scripts/machadd.cfg -F %u -L %u -g 511 -p xxx
I've manually tested this script and it's reliably creating a functional
user with the necessary posixAccount class attached. When I do a 
"smbpasswd -amn" on that user object it becomes a Samba machine
account
just as it should.
But when I run the "Network ID"-Wizard from the Windows XP client I
get
a "bad username or password" message when Windows is at the point of 
actually requesting the machine account on the DC.
Strangely, the correct posixAccount is indeed being created - Samba 
simply "forgets" to add the SambaSamAccount after the script ran. This
is 
also what the LDAP log tells me: There are no errors at all, but the 
LDAP traffic still stops right after the posixAccount user is added.
I've also got a level 3 Samba log for the client machine. It doesn't 
tell me much more, but it can be mailed on request.
Thanks for any help !

Ulf Dettmer

Let's hope so... :) 

if you didn't work it out yet.... send your smb.conf and attach "add 
machine script" too, I can test it on this system. Maybe that will give 
us some answers.

Please do a 'reply to all' since I am not in the list.

Cheers!
Bjorn

-----Original Message-----
From: samba-request [mailto:samba-request@lists.samba.org]
Sent: vrijdag 5 september 2003 17:27
To: samba
Cc: udettmer
Subject: [Samba] Re: domain join - no sambaSamAccount created


Hi,
thanks for your quick answer, Bjorn !
> - first make a machine-account _ONLY_ in PosixAccount.
Yes, I used
/usr/bin/cpu useradd machine$ -d /dev/null -f
/etc/samba/scripts/machadd.cfg -F machine$ -L machine$ -g 511 -p xxx
to create a valid Unix user ( User object with posixAccount auxilliary 
class
extended ). Samba still does not add it's sambaSamAccount class if I 
create
the machine account this way. However, "smbpasswd -amn" works and I
can
join
the Windows box to the domain if I run both commands manually.
> - then try to run the wizard from XP with a (or better to be sure, 
THE)
> root account.
Sorry, I forget to mention it - I am already using the root account for
this.
> You need to have "add machine script" configed for this ofcourse.
My problem seems to be, that *only* the "add machine script" script is
running, but Samba forgets to do it's own job ( adding the 
sambaSamAccount
aux. class to the user object ).
> I had the same problem adding clients to the domain...
> but when I tried this procedure, it worked 4 me.
Hopefully I will get this far soon, too ;-)