We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One 5.2 LDAP server. We are having a problem when a new machine joins the domain. Here is a snippet of our smb.conf file add machine script = /usr/local/sbin/smbldap-useradd -w "%m" ldap machine suffix = ou=computers ldap user suffix = ou=People When a new machine attempts to join the domain a new entry is created in ou=computers as expected. This entry has only the posixAccount information and no Samba info. However, the machine reports that it failed to join the domain. Log entries on both samba and LDAP tell me that after the entry is created, samba is trying to find that entry in ou=people instead of ou=computers. Attempting to add the machine again gives us an error that the machine already exists. I modified smbldap-useradd to include the sambaSamAccount information when the entry is created. The first attempt to join the domain still fails, however trying again succeeds. In another test, I removed the modifications from smbldap-useradd and modified the smbldap.conf file so that it thought the machines container was ou=people. With this change the new machine was able to join the domain on the first try. The problem here is that we don't want the machines mixed in with the users. So from this I determined that after creating the new entry for the machine, Samba then goes and looks for that entry in ou=people instead of ou=computers. My guess is that there is a bug in the code that looks at the wrong configuration entry. I have tried looking through the C code on my own. I'm only familiar with C so I haven't made as much progress as I'd like. Is this a known bug? Is it possible that we have a configuration wrong somewhere? Can anyone point me to the correct C file so I can try and fix this? I'd appreciate any help I can get. Thanks.
Mmmm..If I understood properly, I'm afraid I can just say... "Welcome to the club, mate": Take a look to this: http://lists.samba.org/archive/samba/2008-February/138639.html http://lists.samba.org/archive/samba/2008-February/138442.html May it be a bug?? Is the same thing that is happeing to you? Regards 2008/2/4, Frank J. Pellegrino <frank.pellegrino@sju.edu>:> We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One > 5.2 LDAP server. > > We are having a problem when a new machine joins the domain. > Here is a snippet of our smb.conf file > add machine script = /usr/local/sbin/smbldap-useradd -w "%m" > ldap machine suffix = ou=computers > ldap user suffix = ou=People > > When a new machine attempts to join the domain a new entry is created in > ou=computers as expected. This entry has only the posixAccount information > and no Samba info. However, the machine reports that it failed to join the > domain. Log entries on both samba and LDAP tell me that after the entry is > created, samba is trying to find that entry in ou=people instead of > ou=computers. > > Attempting to add the machine again gives us an error that the machine > already exists. > > I modified smbldap-useradd to include the sambaSamAccount information when > the entry is created. The first attempt to join the domain still fails, > however trying again succeeds. > > In another test, I removed the modifications from smbldap-useradd and > modified the smbldap.conf file so that it thought the machines container > was ou=people. With this change the new machine was able to join the > domain on the first try. The problem here is that we don't want the > machines mixed in with the users. > > So from this I determined that after creating the new entry for the > machine, Samba then goes and looks for that entry in ou=people instead of > ou=computers. My guess is that there is a bug in the code that looks at > the wrong configuration entry. > > I have tried looking through the C code on my own. I'm only familiar with > C so I haven't made as much progress as I'd like. > > Is this a known bug? Is it possible that we have a configuration wrong > somewhere? > > Can anyone point me to the correct C file so I can try and fix this? > > I'd appreciate any help I can get. > > Thanks. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
On Wed, Feb 27, 2008 at 3:13 PM, Hector Blanco <white.lists@gmail.com> wrote: > Mmmm..If I understood properly, I'm afraid I can just say... "Welcome > to the club, mate": > > Take a look to this: > http://lists.samba.org/archive/samba/2008-February/138639.html > http://lists.samba.org/archive/samba/2008-February/138442.html > I used to have these problems in the past and I believe at one point someone helped me get this working correctly but I now use LAM (http://lam.sourceforge.net/). I have never had an issue with creating machine accounts with lam. John -- John M. Drescher -- John M. Drescher
Hi, just one idea: have you configured nss_ldap to resolve account in ou=Computers ? ie, in /etc/ldap.conf, have you the 2 lines: nss_base_passwd ou=Users,......?sub nss_base_passwd ou=Computers,......?sub If not, add ou=Computers and remove any nscd cache before re-trying. -- J?r?me On Mon, Feb 4, 2008 at 4:33 PM, Frank J. Pellegrino <frank.pellegrino@sju.edu> wrote:> We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One > 5.2 LDAP server. > > We are having a problem when a new machine joins the domain. > Here is a snippet of our smb.conf file > add machine script = /usr/local/sbin/smbldap-useradd -w "%m" > ldap machine suffix = ou=computers > ldap user suffix = ou=People > > When a new machine attempts to join the domain a new entry is created in > ou=computers as expected. This entry has only the posixAccount information > and no Samba info. However, the machine reports that it failed to join the > domain. Log entries on both samba and LDAP tell me that after the entry is > created, samba is trying to find that entry in ou=people instead of > ou=computers. > > Attempting to add the machine again gives us an error that the machine > already exists. > > I modified smbldap-useradd to include the sambaSamAccount information when > the entry is created. The first attempt to join the domain still fails, > however trying again succeeds. > > In another test, I removed the modifications from smbldap-useradd and > modified the smbldap.conf file so that it thought the machines container > was ou=people. With this change the new machine was able to join the > domain on the first try. The problem here is that we don't want the > machines mixed in with the users. > > So from this I determined that after creating the new entry for the > machine, Samba then goes and looks for that entry in ou=people instead of > ou=computers. My guess is that there is a bug in the code that looks at > the wrong configuration entry. > > I have tried looking through the C code on my own. I'm only familiar with > C so I haven't made as much progress as I'd like. > > Is this a known bug? Is it possible that we have a configuration wrong > somewhere? > > Can anyone point me to the correct C file so I can try and fix this? > > I'd appreciate any help I can get. > > Thanks. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- J?r?me
> If the PDC goes down on our network, the primary LDAP server is likely > to go down too, so making any changes to LDAP is not possible without > reconfiguration. So I am uncertain: what is required for the BDC? >This is why I have 4 LDAP servers. One master and the rest secondary that sync with the master using synchrepl. Its really easy to add an LDAP server to just about any linux box and it really does not need that much power especially if it is one of many. John