All -
I am in the process of writing my own "add machine script" to use with
Samba 3.0.20a and our OpenLDAP setup. For the most part it seems to work
fine. If I run the script from the command line, I can see that the entry
has been added to LDAP. If I then go to the Windows machine and tell it
to join the domain, after giving it the Admin login and password it
connects up with no problems.
So the next step was to configure Samba to use the script directly by
pointing the "add machine script" parameter in smb.conf to the script:
add machine script = /usr/local/bin/samba-addmachine %u
I restart Samba, then go to the Windows box (XP Pro) and tell it to join
the domain. It asks for the Admin login and password, then after a minute
or so I get an error popup telling me "The user name could not be
found."
However, when I look in LDAP I can see that my script did run and add the
machine object as before. If I go back to the Windows machine and again
tell it to join the domain, this time it succesfully joins the domain.
I do notice that after the join succeeds, the LDAP entry now has the
'sambaNTPassword' which my script does not set, and the
'sambaPwdLastSet',
'sambaLogonTime', 'sambaPwdCanChange', and
'sambaPwdMustChange' attributes
have been updated. Everything else is the same as was set by my script.
Do I need to have my script set the 'sambaNTPassword' attribute? If so,
what to I set it to? Or maybe I need to have it exit with some value?
I'm obviously missing some little detail. Any pointers would be greatly
appreciated.
/dwight
--
Dwight N. Tovey
email: dtovey@emergecore.com
---------
Work to Live : Live to Ride : Ride to Work
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dwight Tovey wrote : | So the next step was to configure Samba to use | the script directly by pointing the "add machine script" | parameter in smb.conf to the script: | | add machine script = /usr/local/bin/samba-addmachine %u | | I restart Samba, then go to the Windows box (XP Pro) | and tell it to join the domain. It asks for the Admin | login and password, then after a minuteor so I get | an error popup telling me "The user name could not | be found." However, when I look in LDAP I can see that | my script did run and add the machine object as before. | If I go back to the Windows machine and again | tell it to join the domain, this time it succesfully | joins the domain. ... | Do I need to have my script set the 'sambaNTPassword' | attribute? If so, what to I set it to? Or maybe I need | to have it exit with some value? You only need to create the posixAccount entry with the add machine script. If I were to guess, I would make sure that nss_ldap is returning the machine account for getpenam() queries. i.e. 'getent passwd machine$' succeeds. Also check in a level 10 log from smbd for the SAMR.*CREATE.*USER call to see what the return value is. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTmbCIR7qMdg1EfYRAjpzAKDMpSoIZxXXb1CPnPY9y+gj0+LZAgCeMm11 mlQNwE5oXz5l6fulEDf5jMk=ymjz -----END PGP SIGNATURE-----