Just installed a new SAMBA-LDAP-PDC server on my network. I followed the Linux Samba-OpenLDAP Howto, revision 20060710, so I would assume my setup is correct. My LDAP setup is a master/slave setup. The master is on a remote server, and the lave is local. When joining the domain (WinXP), it sometimes takes three-four times to be able to reach the domain(user administrator with uidNumber to 0). I<ve been able to see that it first creates the machine account not as a sambaSamAccount, but as a regular posix account. After some trials, it finally welcomes me to the domain. But the problem is that this machine account is created in a disabled status. In order to log on the domain with a regular user account, I have to first enable the machine account (which is OK but...). My questions are.... why is it so long to create the machine account? Why is it creating it asa posix-only account at first? Why, finally, is it creating it in a disabled state? Thanks, -- Christian Tardif Servinfo christian.tardif@servinfo.ca 514.237.6332
Felipe Augusto van de Wiel
2006-Sep-15 13:42 UTC
[Samba] Strange behaviour when joining the domain
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2006 01:24 AM, Christian Tardif escreveu:> Just installed a new SAMBA-LDAP-PDC server on my network. I followed > the Linux Samba-OpenLDAP Howto, revision 20060710, so I would assume my > setup is correct. > > My LDAP setup is a master/slave setup. The master is on a remote server, > and the lave is local. When joining the domain (WinXP), it sometimes > takes three-four times to be able to reach the domain(user administrator > with uidNumber to 0). I<ve been able to see that it first creates the > machine account not as a sambaSamAccount, but as a regular posix > account. After some trials, it finally welcomes me to the domain. But > the problem is that this machine account is created in a disabled > status. In order to log on the domain with a regular user account, I > have to first enable the machine account (which is OK but...).Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC.> My questions are.... why is it so long to create the machine account? > Why is it creating it asa posix-only account at first? Why, finally, is > it creating it in a disabled state?Strange things could happen on Microsoft Windows networks. :) Let's try to work on te samba side first to check if it is the problem, if you can change the slave LDAP to a master one and test again, it could lead us to better ideas/conclusions.> Thanks,Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCq2dCj65ZxU4gPQRAk1nAJ9H+CY9fxO8l+T70tQy4q6FXY9oyQCgicR4 27x/JXGFjCZBgwQ+0xpIRzY=Da75 -----END PGP SIGNATURE-----