Misty Stanley-Jones escreveu:> Our Samba server was recently the recipient of a major upgrade. I thought
> all the kinks were worked out, but apparently not.
>
> I think this is the first time I've tried to join a machine account to
the
> domain since the upgrade. I've tried using smbldap-tools and also just
> using smbpasswd (I have my users in LDAP). I'll also say that 'net
join'
> works just fine from my Samba domain members to my Samba domain master.
>
> First, the preliminaries:
> OS: Ubuntu 7.04 Server
> Samba Version: 3.0.24
> Smbldap-tools Version: 0.9.2
> Passdb Backend: LDAP (openLDAP)
>
> Anyway, when I try to join to the domain using smbldap-tools, here is my
> script in smb.conf:
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>
Can you explain to me what "-t" means and where did you got it from?
> If I run that by hand, as root, it adds the posixAccount but not the
> sambaSamAccount. On the Windows system I get an error like "No such
user".
> In the Samba logs, I see an error like this:
>
> [2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(368)
> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w
> "xptommy$"' gave 0
> [2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(384)
> pdb_default_create_user: failed to create a new user structure:
> NT_STATUS_NO_SUCH_USER
>
> Just to be sure I had the privileges right:
> net rpc rights grant "CORP\Domain Admins"
SeMachineAccountPrivilege
>
> I am joining domains as 'root', who is a member of the Domain
Admins group:
> memberUid: root,misty,carl
>
> Obviously smbldap-tools is set up at least somewhat correctly, because it
is
> creating the posixAccount. I re-ran 'smbpasswd -W' just to be sure
that
> Samba could bind to the LDAP server. I also tried using the username
> 'misty' to join the domain. Same results every time.
>
> Any idea what I can try next, apart from simply adding the sambaSamAccount
> objectclass by hand?
>
>
> Misty Stanley-Jones
> System Administrator
Have you configured NSS properly ("getent passwd" show your machine
accounts from LDAP)? Any chance that you are using nscd and winbind?
Regards.
Edmundo Valle Neto