Hi all, I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work correctly. However, while my Windows 200x workstation join the domain, I need to join it twice. Here is what I do: 1. Go to Computer properties -> Computer Name -> Change 2. Enter the new domain name 3. Enter Administrator and password then, it will return me that the user name cannot be found. I've checked the LDAP directory that the computer account is created successfully without any problem. So, I click OK again and enter the Administrator account password again, and it success. So, I'd like to know, why I need to do it twice even though the computer account is already created successfully at the fist time? Thanks a lot. --- Jacky C.K Tsoi
Jacky C.K Tsoi wrote:>Hi all, > >I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work correctly. >However, while my Windows 200x workstation join the domain, I need to join it >twice. Here is what I do: > >1. Go to Computer properties -> Computer Name -> Change >2. Enter the new domain name >3. Enter Administrator and password > >then, it will return me that the user name cannot be found. >I've checked the LDAP directory that the computer account is created >successfully without any problem. So, I click OK again and enter the >Administrator account password again, and it success. > >How is your network set up with regard to the PDC and your LDAP server(s)? I would guess that when you say the account is created properly that the posix account is created, but that it has no samba attributes, then the second time it adds those attributes to the object. I had a similar issue when I was testing using a local samba PDC and a remote LDAP master with a local slave. The issue was that the replication from master->slave was not happening quick enough for the smbldap-tools script to find the posix account on the local slave when it needed to. I hacked a 2 (or maybe it was 5) second sleep into the add machine account part of the script. If this is what you're seeing I can tell you where I did it. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
Christian.Wittmer@intercomponentware.com
2004-Aug-02 10:08 UTC
[Samba] Samba 3 + LDAP as PDC join domain problem
"Jacky C.K Tsoi" <cktsoi@nyss.edu.hk>
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org
30.07.2004 06:45
To: samba@lists.samba.org
cc:
Subject: [Samba] Samba 3 + LDAP as PDC join domain problem
>Hi all,
>I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work
correctly.>However, while my Windows 200x workstation join the domain, I need to
join it >twice. Here is what I do:
>1. Go to Computer properties -> Computer Name -> Change
>2. Enter the new domain name
>3. Enter Administrator and password
>then, it will return me that the user name cannot be found.
I had the same problem.
Are you using "nis" or only LDAP as backend ?
Do you use diferent OU's for Users and Machines? (e.g. ou=People and
ou=Machines)?
If not using NIS. check /etc/ldap.conf and comment as follows
#nss_base_shadow
#nss_base_passwd
because if you're using different OU's and using the above two lines
uncommented. The "Machine" you want to join will be searched in
ou=People
and that's why you get an "User not found". By commenting the two
"nss_..." lines the Machine you want to join will be then searched in
the
correct OU. And there will be no error anymore in joining a machine to
DOMAIN.
>I've checked the LDAP directory that the computer account is created
>successfully without any problem. So, I click OK again and enter the
>Administrator account password again, and it success.
Set you LDAP to a higher LOGLEVEL and you will see what I Tried to
explain.
>So, I'd like to know, why I need to do it twice even though the computer
>account is already created successfully at the fist time?
>Thanks a lot.
No Matter
Christian
---
Jacky C.K Tsoi
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
I'm using LDAP only, no NIS or other password backends. The OU are
different for users and computers (ou=People & ou=Computer).
I've tried to comment out both lines, and tried that I'm able to
"finger"
those computer accounts in the prompt. However, the problem persist and I
still need to enter the password twice.
I've tried to set the log level = 6 but seems no useful information can be
found, how can I set Samba to log more information about my problem?
_____
From: Christian.Wittmer@intercomponentware.com
[mailto:Christian.Wittmer@intercomponentware.com]
Sent: Monday, August 02, 2004 6:06 PM
To: Jacky C.K Tsoi
Subject: Re: [Samba] Samba 3 + LDAP as PDC join domain problem
"Jacky C.K Tsoi" <cktsoi@nyss.edu.hk>
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org
30.07.2004 06:45
To: samba@lists.samba.org
cc:
Subject: [Samba] Samba 3 + LDAP as PDC join domain problem
>Hi all,
>I've setup Samba 3.0.5 + OpenLDAP (ldapsam) and everything work
correctly.
>However, while my Windows 200x workstation join the domain, I need to join
it >twice. Here is what I do:
>1. Go to Computer properties -> Computer Name -> Change
>2. Enter the new domain name
>3. Enter Administrator and password
>then, it will return me that the user name cannot be found.
I had the same problem.
Are you using "nis" or only LDAP as backend ?
Do you use diferent OU's for Users and Machines? (e.g. ou=People and
ou=Machines)?
If not using NIS. check /etc/ldap.conf and comment as follows
#nss_base_shadow
#nss_base_passwd
because if you're using different OU's and using the above two lines
uncommented. The "Machine" you want to join will be searched in
ou=People
and that's why you get an "User not found". By commenting the two
"nss_..."
lines the Machine you want to join will be then searched in the correct OU.
And there will be no error anymore in joining a machine to DOMAIN.
>I've checked the LDAP directory that the computer account is created
>successfully without any problem. So, I click OK again and enter the
>Administrator account password again, and it success.
Set you LDAP to a higher LOGLEVEL and you will see what I Tried to explain.
>So, I'd like to know, why I need to do it twice even though the computer
>account is already created successfully at the fist time?
>Thanks a lot.
No Matter
Christian
---
Jacky C.K Tsoi
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba