I'm in the process of learning Samba and evaluating it as a possible
replacement for Windows NT servers in our office next year. I have set up a
small test network comprised of one NT 4 (SP6a) Workstation, one Windows
2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm
using LDAP as the passdb backend with smbldap-tools 0.8.7-1. The Windows
2000 Pro machine can join the domain on the fly without any problems, but
the NT 4 box gives me an error when I try to join on the fly: "The machine
account for this computer either does not exist or is inaccessible". In the
samba log I can see:
[2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
ldapsam_modify_entry: Failed to modify user dnuid=nt4box$,ou=People,dc=econo
mists-inc,dc=com with: No such attribute
modify/delete: sambaPrimaryGroupSID: no such value
[2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694)
ldapsam_update_sam_account: failed to modify user with uid = nt4box$,
error: m
odify/delete: sambaPrimaryGroupSID: no such value (Success)
In the smb.conf file I have:
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m'
When I run ./smbldap-useradd -w 'test' by hand it creates an entry
without
objectClass: sambaSamAccount:
# test$, People, economists-inc.com
dn: uid=test$,ou=People,dc=economists-inc,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test$
sn: test$
uid: test$
uidNumber: 1017
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
I don't know why smbldap-useradd -w doesn't add sambaSamAccount
objectClass
and don't understand how the Windows 2000 Pro can join the domain on the fly
without it. It drives me crazy. I obviously have something misconfigured
here. HELP! :-)
On Friday 11 March 2005 07:42, Czechowski, Robert wrote:> I'm in the process of learning Samba and evaluating it as a possible > replacement for Windows NT servers in our office next year. I have set up a > small test network comprised of one NT 4 (SP6a) Workstation, one Windows > 2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm > using LDAP as the passdb backend with smbldap-tools 0.8.7-1. The Windows > 2000 Pro machine can join the domain on the fly without any problems, but > the NT 4 box gives me an error when I try to join on the fly: "The machine > account for this computer either does not exist or is inaccessible". In the > samba log I can see: > > [2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479) > ldapsam_modify_entry: Failed to modify user dn> uid=nt4box$,ou=People,dc=econo > mists-inc,dc=com with: No such attribute > modify/delete: sambaPrimaryGroupSID: no such value > [2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694) > ldapsam_update_sam_account: failed to modify user with uid = nt4box$, > error: m > odify/delete: sambaPrimaryGroupSID: no such value (Success) > > In the smb.conf file I have: > > add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m'Change that to: add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" - John T.> > When I run ./smbldap-useradd -w 'test' by hand it creates an entry without > objectClass: sambaSamAccount: > > # test$, People, economists-inc.com > dn: uid=test$,ou=People,dc=economists-inc,dc=com > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > cn: test$ > sn: test$ > uid: test$ > uidNumber: 1017 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > > I don't know why smbldap-useradd -w doesn't add sambaSamAccount objectClass > and don't understand how the Windows 2000 Pro can join the domain on the > fly without it. It drives me crazy. I obviously have something > misconfigured here. HELP! :-)-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
>> >> In the smb.conf file I have: >> >> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m' > >Change that to: > >add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" > >- John T. > >>Unfortunately neither works. I followed your instructions in "Samba-3 by Example" and originally I had '%u', but that didn't work. I searched the samba list's archive and found some posts that suggested changing the '%u' to '%m', but that didn't help. Well, I'm back to "%u" now. The problem still persists. Robert C.