Recently I was having some trouble getting the "add machine" script to
work with samba-3.0.10. Initially, I attempted to add a Windoze XP
box (i.e. Control Panel ->System -> Computer Name tab) to my domain
with a user ID of "root". This would always fail because there was no
user named "root" in "ou=Users,dc=somedomain,dc=org". Next,
I tried
to add the XP box with a user named "Administrator". Samba would add
the computer to "ou=Computers,dc=somedomain,dc=org" but still fail and
would return an error back to the XP box "The user name could not be
found".
I turned some tracing on in Samba and plowed through some Samba source
and discovered that Samba is attempting to do a "getpwnam" on the
newly added computer name. In short, first it does:
1. /var/lib/samba/sbin/smbldap-useradd.pl -w 'computer_name$'
2. Then it does getpwnam("computer_name$")
The problem is that the second step kept failing because my ldap.conf
did not list "ou=Computers,dc=somedomain,dc=org" as a naming context
for nss_base_passwd. I updated /etc/ldap.conf to the following and
was able to successfully add the computer:
nss_base_passwd ou=Users,dc=somedomain,dc=org?one
nss_base_passwd ou=Computers,dc=somedomain,dc=org?one # This
line was added
nss_base_shadow ou=Users,dc=somedomain,dc=org?one
nss_base_group ou=Group,dc=somedomain,dc=org?one
Is this a bug? Should samba be searching the password database for a
computer (i.e. getent passwd)? Shouldn't it just perform a straight
search of "ou=Computers,dc=somedomain,dc=org"?
