Actually, what was my ldap.conf had nss_base_passwd ou=Computers,dc=directory,dc=server?sub nss_base_passwd ou=People,dc=directory,dc=server?sub
But SAMBA was creating posix users for each computer it registered to the domain and the uids were getting mixed with the system users. So for example user1 and machine1 would have the same uid. Horrible things happened. So I commented the first line and then machines couldn't join the domain anymore. So my question is, can I now move or rename the uids of the machines that were created by /usr/sbin/smbldap-useradd -w script without dejoining the workstations from the domain? Above all, what is the best practice for managing both computers and domain users in LDAP? I think I got confused somewhere. Mike A. Leonetti As warm as green tea On 05/01/10 13:09, Damien Dye wrote: > humm > > cn: workstation75$ > description: Computer > gecos: Computer > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > objectClass: top, account, posixAccount > uid: workstation75$ > uidNumber: 1068 > > looks like the samba account has not been created only the unix account. > > does the join work if you have a samba account for the machine defined first ? > > > -- > Damien Dye BSC(hon) > > > > > On 30 April 2010 01:10, Michael Leonetti <mleone...@evolutionce.com> wrote: > >> Using LDAP and the smbldap-tools. When attempting to join the domain with >> an administrative user, the computer gets added to the Computers list in >> LDAP with the following attributes: >> >> >> cn: workstation75$ >> description: Computer >> gecos: Computer >> gidNumber: 515 >> homeDirectory: /dev/null >> loginShell: /bin/false >> objectClass: top, account, posixAccount >> uid: workstation75$ >> uidNumber: 1068 >> >> Then the workstation displays this message: >> >> "the following error occurred attempting to join the domain "falm" >> >> the user name could not be found" >> >> Then the workstation log outputs this at log level 3 >> >> [2010/04/29 19:52:33.724539, 3] smbd/process.c:1485(process_smb) >> Transaction 0 of length 137 (0 toread) >> [2010/04/29 19:52:33.724570, 3] smbd/process.c:1294(switch_message) >> switch message SMBnegprot (pid 1986) conn 0x0 >> [2010/04/29 19:52:33.724593, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.724661, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [PC NETWORK PROGRAM 1.0] >> [2010/04/29 19:52:33.724679, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [LANMAN1.0] >> [2010/04/29 19:52:33.724692, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [Windows for Workgroups 3.1a] >> [2010/04/29 19:52:33.724706, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [LM1.2X002] >> [2010/04/29 19:52:33.724724, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [LANMAN2.1] >> [2010/04/29 19:52:33.724742, 3] smbd/negprot.c:586(reply_negprot) >> Requested protocol [NT LM 0.12] >> [2010/04/29 19:52:33.724846, 3] smbd/negprot.c:404(reply_nt1) >> using SPNEGO >> [2010/04/29 19:52:33.724862, 3] smbd/negprot.c:691(reply_negprot) >> Selected protocol NT LM 0.12 >> [2010/04/29 19:52:33.736749, 3] smbd/process.c:1485(process_smb) >> Transaction 1 of length 240 (0 toread) >> [2010/04/29 19:52:33.736799, 3] smbd/process.c:1294(switch_message) >> switch message SMBsesssetupX (pid 1986) conn 0x0 >> [2010/04/29 19:52:33.736880, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.736930, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) >> wct=12 flg2=0xc807 >> [2010/04/29 19:52:33.736952, 2] smbd/sesssetup.c:1390(setup_new_vc_session) >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all >> old resources. >> [2010/04/29 19:52:33.737021, 3] >> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) >> Doing spnego session setup >> [2010/04/29 19:52:33.737086, 3] >> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) >> NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] >> PrimaryDomain=[] >> [2010/04/29 19:52:33.737157, 3] smbd/sesssetup.c:805(reply_spnego_negotiate) >> reply_spnego_negotiate: Got secblob of size 40 >> [2010/04/29 19:52:33.737254, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >> Got NTLMSSP neg_flags=0xa2088207 >> [2010/04/29 19:52:33.738057, 3] smbd/process.c:1485(process_smb) >> Transaction 2 of length 358 (0 toread) >> [2010/04/29 19:52:33.738121, 3] smbd/process.c:1294(switch_message) >> switch message SMBsesssetupX (pid 1986) conn 0x0 >> [2010/04/29 19:52:33.738185, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.738244, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) >> wct=12 flg2=0xc807 >> [2010/04/29 19:52:33.738285, 2] smbd/sesssetup.c:1390(setup_new_vc_session) >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all >> old resources. >> [2010/04/29 19:52:33.738337, 3] >> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) >> Doing spnego session setup >> [2010/04/29 19:52:33.738396, 3] >> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) >> NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] >> PrimaryDomain=[] >> [2010/04/29 19:52:33.738471, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) >> Got user=[administrator] domain=[falm] workstation=[WORKSTATION75] len1=24 >> len2=24 >> [2010/04/29 19:52:33.738557, 3] auth/auth.c:216(check_ntlm_password) >> check_ntlm_password: Checking password for unmapped user >> [falm]\[administrat...@[workstation75] with the new password interface >> [2010/04/29 19:52:33.738622, 3] auth/auth.c:219(check_ntlm_password) >> check_ntlm_password: mapped user is: [falm]\[administrat...@[workstation75] >> [2010/04/29 19:52:33.738687, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.738728, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.738771, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.738960, 2] lib/smbldap.c:950(smbldap_open_connection) >> smbldap_open_connection: connection opened >> [2010/04/29 19:52:33.739601, 3] lib/smbldap.c:1166(smbldap_connect_system) >> ldap_connect_system: successful connection to the LDAP server >> [2010/04/29 19:52:33.740038, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) >> init_sam_from_ldap: Entry found for user: administrator >> [2010/04/29 19:52:33.740168, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.740211, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.740252, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.740344, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.740469, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.740508, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.740548, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.740809, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.741718, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.741765, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.741803, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.742113, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) >> init_group_from_ldap: Entry found for group: 500 >> [2010/04/29 19:52:33.742196, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.742255, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.742299, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.742347, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.742393, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >> [2010/04/29 19:52:33.742434, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.742480, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >> [2010/04/29 19:52:33.743163, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) >> init_group_from_ldap: Entry found for group: 500 >> [2010/04/29 19:52:33.743221, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.743269, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743309, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.743347, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743395, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.743444, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743512, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.743550, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743590, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.743649, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743708, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.743830, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743868, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.743907, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.743968, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.744004, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.744044, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >> [2010/04/29 19:52:33.744079, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.746497, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.746517, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >> [2010/04/29 19:52:33.746538, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >> [2010/04/29 19:52:33.747055, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) >> init_group_from_ldap: Entry found for group: 512 >> >> The problem is the log doesn't give me any information on what's going on >> and this happened out of nowhere. Any help would really be appreciated. >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
