samba - Sep 2006 - samba with ldapsam: first "net join" always fails, second succeeds

Created an "add machine" script that basically looks for an unused
uid/rid, and then creates a stub LDAP entry for the machine; the first
time I issue "net join", the script is invoked and creates the LDAP
entry
correctly, but the join operation fails nevertheless:

f1sa:~# net -U winadmin join
winadmin's password:
[2006/09/08 10:19:40, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: No results returned
Creation of workstation account failed
Unable to join domain FAK1.

The following log file entries are generated for this operation:

SASL/GSSAPI authentication started
SASL username: samba/f1sa.mathe.tu-freiberg.de@MATHE.TU-FREIBERG.DE
SASL SSF: 56
SASL installing layers
[2006/09/08 09:53:15, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1781)
  ldapsam_add_sam_account: User 'f1sa$' already in the base, with samba
attribut
es
[2006/09/08 09:53:15, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
  could not add user/computer f1sa$ to passdb.  Check permissions?

(the SASL/GSSAPI part is the output from my add machine script; basically
I see here that it is working correctly)

However when I call "net join" a second time:

f1sa:~# net -U winadmin join
winadmin's password:
[2006/09/08 10:22:16, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: No results returned
Joined domain FAK1.

It succeeds, the LDAP entry is updated accordingly and nothing is logged

Can someone tell me what is wrong here, or where I should have done
something differently?

(Samba version is 3.0.14a from debian sarge)
Best regards
-- 
Helge Bahmann <hcb@chaoticmind.net>                     /| \__
The past: Smart users in front of dumb terminals       /_|____\
                                                     _/\ |   __)
Wer im finally-Block sitzt, sollte nicht             \\ \|__/__|
mit exceptions werfen.                                \\/___/ |
                                                        |

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/08/2006 05:26 AM, Helge Bahmann escreveu:
> Created an "add machine" script that basically looks for an
unused
> uid/rid, and then creates a stub LDAP entry for the machine; the first
> time I issue "net join", the script is invoked and creates the
LDAP entry
> correctly, but the join operation fails nevertheless:
> 
> f1sa:~# net -U winadmin join
> winadmin's password:
> [2006/09/08 10:19:40, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: No results returned
> Creation of workstation account failed
> Unable to join domain FAK1.
> 
> The following log file entries are generated for this operation:
> 
> SASL/GSSAPI authentication started
> SASL username: samba/f1sa.mathe.tu-freiberg.de@MATHE.TU-FREIBERG.DE
> SASL SSF: 56
> SASL installing layers
> [2006/09/08 09:53:15, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1781)
>   ldapsam_add_sam_account: User 'f1sa$' already in the base, with
samba
> attribut
> es
> [2006/09/08 09:53:15, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
>   could not add user/computer f1sa$ to passdb.  Check permissions?
> 
> (the SASL/GSSAPI part is the output from my add machine script; basically
> I see here that it is working correctly)
	Ok, AIUI, you are adding "machine information" to an account
that already exists?

> However when I call "net join" a second time:
> 
> f1sa:~# net -U winadmin join
> winadmin's password:
> [2006/09/08 10:22:16, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: No results returned
> Joined domain FAK1.
> 
> It succeeds, the LDAP entry is updated accordingly and nothing is logged
> 
> Can someone tell me what is wrong here, or where I should have done
> something differently?
	If the answer to the question I made above is "yes", then
the second try to join the domain will find the correct fields
and will be able to join the machine, I'm not sure why the first
try didn't suceed but I have a strong feeling that it is related
with the fact of messing with already existing accounts.

> (Samba version is 3.0.14a from debian sarge)
> Best regards
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFBqFcCj65ZxU4gPQRAgLAAKDHH+rAWRqPkx8AMBvE0J4yodPrdgCfcmvi
xpJrCJKFECs25Yn7Yexy8DI=b7Pg
-----END PGP SIGNATURE-----