I'm in the process of learning Samba and evaluating it as a possible replacement for Windows NT servers in our office next year. I have set up a small test network comprised of one NT 4 (SP6a) Workstation, one Windows 2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm using LDAP as the passdb backend with smbldap-tools 0.8.7-1. The Windows 2000 Pro machine can join the domain on the fly without any problems, but the NT 4 box gives me an error when I try to join on the fly: "The machine account for this computer either does not exist or is inaccessible". In the samba log I can see: [2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479) ldapsam_modify_entry: Failed to modify user dnuid=nt4box$,ou=People,dc=econo mists-inc,dc=com with: No such attribute modify/delete: sambaPrimaryGroupSID: no such value [2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694) ldapsam_update_sam_account: failed to modify user with uid = nt4box$, error: m odify/delete: sambaPrimaryGroupSID: no such value (Success) In the smb.conf file I have: add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m' When I run ./smbldap-useradd -w 'test' by hand it creates an entry without objectClass: sambaSamAccount: # test$, People, economists-inc.com dn: uid=test$,ou=People,dc=economists-inc,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: test$ sn: test$ uid: test$ uidNumber: 1017 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer I don't know why smbldap-useradd -w doesn't add sambaSamAccount objectClass and don't understand how the Windows 2000 Pro can join the domain on the fly without it. It drives me crazy. I obviously have something misconfigured here. HELP! :-)
On Friday 11 March 2005 07:42, Czechowski, Robert wrote:> I'm in the process of learning Samba and evaluating it as a possible > replacement for Windows NT servers in our office next year. I have set up a > small test network comprised of one NT 4 (SP6a) Workstation, one Windows > 2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm > using LDAP as the passdb backend with smbldap-tools 0.8.7-1. The Windows > 2000 Pro machine can join the domain on the fly without any problems, but > the NT 4 box gives me an error when I try to join on the fly: "The machine > account for this computer either does not exist or is inaccessible". In the > samba log I can see: > > [2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479) > ldapsam_modify_entry: Failed to modify user dn> uid=nt4box$,ou=People,dc=econo > mists-inc,dc=com with: No such attribute > modify/delete: sambaPrimaryGroupSID: no such value > [2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694) > ldapsam_update_sam_account: failed to modify user with uid = nt4box$, > error: m > odify/delete: sambaPrimaryGroupSID: no such value (Success) > > In the smb.conf file I have: > > add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m'Change that to: add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" - John T.> > When I run ./smbldap-useradd -w 'test' by hand it creates an entry without > objectClass: sambaSamAccount: > > # test$, People, economists-inc.com > dn: uid=test$,ou=People,dc=economists-inc,dc=com > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > cn: test$ > sn: test$ > uid: test$ > uidNumber: 1017 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > > I don't know why smbldap-useradd -w doesn't add sambaSamAccount objectClass > and don't understand how the Windows 2000 Pro can join the domain on the > fly without it. It drives me crazy. I obviously have something > misconfigured here. HELP! :-)-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
>> >> In the smb.conf file I have: >> >> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%m' > >Change that to: > >add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" > >- John T. > >>Unfortunately neither works. I followed your instructions in "Samba-3 by Example" and originally I had '%u', but that didn't work. I searched the samba list's archive and found some posts that suggested changing the '%u' to '%m', but that didn't help. Well, I'm back to "%u" now. The problem still persists. Robert C.