Michael, I think you need the 'add machine script' parameter in your smb.conf. You may also want to consider the add user and group scripts. The examples I used were the smbldap_tools scripts. I also was unable to get a machine account added until I created an ldap user of 'root', because I think root is used by samba to perform the machine add, which is actually a user add with a '$' appended to the name. Curtis Grote Memorial Hospital
On Thu, 18 Dec 2003 14:11:50 +0000, Michael Knigge wrote: > All, > > I try to add a computer to a PDC running SAMBA 3.0 (client is Windows > NT 4.0 SP5). I want all the user- and machine accounts stored on my > LDAP server. > > When I try to join the domain I just get the error message "The > machine account for this computer either does not exist or is not > accessible". > > When I look on my LDAP-Server, I see that SAMBA has not created an > account for my computer. Why? > > This is my first step into LDAP and also PDC so let me describe what > I've done so far: > > > My LDAP-Server is configured like this: > > dc=set-software,dc=de > +- cn=admin (My LDAP-Admin) > +- ou=Computer (for Machine accounts) > +- ou=User (for SAMBA and UNIX-Users) > +- uid=Administrator > +- uid=nobody > +- uid=root > +- ou=Group (for SAMBA and UNIX-Groups) > +- sambaDomainName=S.E.T. > > > > And this is my smb.conf: > > > [global] > log level = 10 passdb:10 auth:10 winbind:10 > workgroup = S.E.T. > netbios name = KIRK > server string = Captain Kirk (SAMBA %v on %h) > account = nobody > invalid users = root > guest ok = no > keep alive = 30 > os level = 65 > security = user > obey pam restrictions = yes > printing = bsd > printcap name = /etc/printcap > load printers = no > printer admin = mk > bind interfaces only = yes > interfaces = eth1 > hosts allow = 192.168.199.0/255.255.255.0 > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 > SO_RCVBUF=4096 > wins support = yes > domain logons = yes > domain master = yes > local master = yes > preferred master= yes > logon drive = U: > logon home = \\KIRK\home > logon path = \\KIRK\profile > encrypt passwords = true > passdb backend = ldapsam:ldap://localhost > time server = yes > dns proxy = no > oplocks = yes > fake oplocks = no > level2 oplocks = yes > dead time = 15 > read raw = yes > write raw = yes > getwd cache = yes > dos filetime resolution = yes > case sensitive = no > default case = lower > preserve case = yes > > short preserve case = yes > dos charset = CP850 > unix charset = ISO8859-1 > lm announce = yes > lm interval = 60 > max log size = 1000 > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > > ldap suffix = "dc=set-software,dc=de" > ldap user suffix = "ou=User" > ldap machine suffix = "ou=Computer" > ldap admin dn = "cn=admin,dc=set-software,dc=de" > > [netlogon] > path = /home/netlogon > public = no > read only = yes > browseable = no > locking = no > guest ok = yes > > [profile] > path = /home/profile > read only = no > browseable = no > create mode = 0600 > directory mode = 0700 > > > [home] > path = /home/%U > read only = no > create mode = 0600 > directory mode = 0700 > > > Hope someone can help me! > > Thank you, > Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba