Hi,
I have some machines (winXP and win2k) that cannot join my domain. Others
I have joined to the domain. I am using the smbldap-tools 0.8.9 with an
add machine script as follows:
add machine script = /usr/local/samba/sbin/smbldap-useradd -w
"%u"
The LDAP entity gets created with objectClasses top, inetOrgPerson, and
posixAccount. My impression is that samba then comes along and changes the
entity, turning it into an account, sambaSamAccount object. This process
has succeeded in some four machines I have tried, but other machines fail
this final conversion. I get an error "The user name could not be
found"
at the machine. All of these machines were joined to the same domain
previously run by Totalnet Advanced Server, so the machines themselves are
configured to be capable of joining. The only pattern I can discern is
that the machines on which this occurs have names of 8 characters or more,
though a machine that did join the domain has a name of 8 characters, so I
am not sure that this is relevant.
Any ideas as to where I can look to begin to track this down? I can
manually create the machine accounts, but am leary of doing so due to the
requirement of having unique SIDs.
Thanks,
Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345
s?n, 22.05.2005 kl. 23.59 skrev Chuck Theobald: [...]> Any ideas as to where I can look to begin to track this down? I can > manually create the machine accounts, but am leary of doing so due to the > requirement of having unique SIDs.Samba RIDs are calculated automatically on the basis of posixAccount or account uidNumbers/gid/Numbers and will always be unique. I don't use the idealx scripts for anything, I write my own shell stuff to generate first the posixAccount, then the sambaSamAccount (using smbpasswd). For both users and machinessmbpasswd always guarantees unique RIDs. --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordf?rer Marvin Wiseth: ?Bergenserne er flinke til ? gj?re mye ut av lite? (uttalte seg over 17. mai feiringen i?r, men gjelder sannsynligvis og dette mel mitt).
On 5/22/05, Chuck Theobald <chuckt@darkwing.uoregon.edu> wrote:> Hi, > > I have some machines (winXP and win2k) that cannot join my domain. Others > I have joined to the domain. I am using the smbldap-tools 0.8.9 with an > add machine script as follows: > > add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u" > > The LDAP entity gets created with objectClasses top, inetOrgPerson, and > posixAccount. My impression is that samba then comes along and changes the > entity, turning it into an account, sambaSamAccount object. This process > has succeeded in some four machines I have tried, but other machines fail > this final conversion. I get an error "The user name could not be found" > at the machine. All of these machines were joined to the same domain > previously run by Totalnet Advanced Server, so the machines themselves are > configured to be capable of joining. The only pattern I can discern is > that the machines on which this occurs have names of 8 characters or more, > though a machine that did join the domain has a name of 8 characters, so I > am not sure that this is relevant. > > Any ideas as to where I can look to begin to track this down? I can > manually create the machine accounts, but am leary of doing so due to the > requirement of having unique SIDs. > > Thanks, > > Chuck Theobald > System Administrator > The Robert and Beverly Lewis Center for Neuroimaging > University of Oregon > P: 541-346-0343 > F: 541-346-0345Chuck, I had this same problem, I would look at how your nss_ldap/nsswitch is working. Matt