samba - Feb 2008 - LDAP adding workstation accounts fails (but not really???)

This is highly weird.  I am trying to setup LDAP as the back for my
samba test system, all is going well, except for adding workstation
accounts to the server.

# net rpc join -S TESTING -U root%password
Creation of workstation account failed
Unable to join domain IWU.EDU.

Yet, if I search LDAP after the join attempt I find:

dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
cn: testing$
uid: testing$
uidNumber: 1001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer


My LDAP logs show it is searching ou=People rather than ou=Computers to
see if it was added successfully.  What must I do to make it search
ou=Computers?

testparm reports the following in my smb.conf global section and reports
no errors.

[global]
        workgroup = TESTING
        netbios name = TESTING
        server string = %h server
        security = DOMAIN
        passdb backend = ldapsam:ldap://localhost
        log level = 2
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        load printers = No
        add machine script = smbldap-useradd -w -s /bin/false "%u"
        domain logons = Yes
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        ldap admin dn = cn=admin
        ldap group suffix = ou=Group
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap suffix = dc=iwu,dc=edu
        ldap ssl = no
        ldap user suffix = ou=People
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 15000-25000
        idmap gid = 15000-25000

is your computer your running "net rpc join -S TESTING -U
root%password"
on named testing?

Pat Riehecky wrote:
> This is highly weird.  I am trying to setup LDAP as the back for my
> samba test system, all is going well, except for adding workstation
> accounts to the server.
>
> # net rpc join -S TESTING -U root%password
> Creation of workstation account failed
> Unable to join domain IWU.EDU.
>
> Yet, if I search LDAP after the join attempt I find:
>
> dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> cn: testing$
> uid: testing$
> uidNumber: 1001
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
>
>
> My LDAP logs show it is searching ou=People rather than ou=Computers to
> see if it was added successfully.  What must I do to make it search
> ou=Computers?
>
> testparm reports the following in my smb.conf global section and reports
> no errors.
>
> [global]
>         workgroup = TESTING
>         netbios name = TESTING
>         server string = %h server
>         security = DOMAIN
>         passdb backend = ldapsam:ldap://localhost
>         log level = 2
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         load printers = No
>         add machine script = smbldap-useradd -w -s /bin/false
"%u"
>         domain logons = Yes
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         ldap admin dn = cn=admin
>         ldap group suffix = ou=Group
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=Computers
>         ldap passwd sync = Yes
>         ldap suffix = dc=iwu,dc=edu
>         ldap ssl = no
>         ldap user suffix = ou=People
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 15000-25000
>         idmap gid = 15000-25000
>
>
>
>

The system is named testing, I am joining the Samba PDC computer to the
domain it hosts.  The problem also is duplicated when attempting to join
a secondary system to the domain, so I simplified down to one system.

On Fri, 2008-02-22 at 20:57 -0600, Adam Williams wrote:
> is your computer your running "net rpc join -S TESTING -U
root%password"
> on named testing?
> 
> Pat Riehecky wrote:
> > This is highly weird.  I am trying to setup LDAP as the back for my
> > samba test system, all is going well, except for adding workstation
> > accounts to the server.
> >
> > # net rpc join -S TESTING -U root%password
> > Creation of workstation account failed
> > Unable to join domain IWU.EDU.
> >
> > Yet, if I search LDAP after the join attempt I find:
> >
> > dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
> > objectClass: top
> > objectClass: account
> > objectClass: posixAccount
> > cn: testing$
> > uid: testing$
> > uidNumber: 1001
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description: Computer
> > gecos: Computer
> >
> >
> > My LDAP logs show it is searching ou=People rather than ou=Computers
to
> > see if it was added successfully.  What must I do to make it search
> > ou=Computers?
> >
> > testparm reports the following in my smb.conf global section and
reports
> > no errors.
> >
> > [global]
> >         workgroup = TESTING
> >         netbios name = TESTING
> >         server string = %h server
> >         security = DOMAIN
> >         passdb backend = ldapsam:ldap://localhost
> >         log level = 2
> >         syslog = 0
> >         log file = /var/log/samba/log.%m
> >         max log size = 1000
> >         load printers = No
> >         add machine script = smbldap-useradd -w -s /bin/false
"%u"
> >         domain logons = Yes
> >         preferred master = Yes
> >         domain master = Yes
> >         dns proxy = No
> >         ldap admin dn = cn=admin
> >         ldap group suffix = ou=Group
> >         ldap idmap suffix = ou=Idmap
> >         ldap machine suffix = ou=Computers
> >         ldap passwd sync = Yes
> >         ldap suffix = dc=iwu,dc=edu
> >         ldap ssl = no
> >         ldap user suffix = ou=People
> >         panic action = /usr/share/samba/panic-action %d
> >         idmap uid = 15000-25000
> >         idmap gid = 15000-25000
> >
> >
> >
> >   
> 
>