Hi Igor, my slapd.conf
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/qmail.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix "dc=unimix,dc=com,dc=br" rootdn "cn=suporte,dc=unimix,dc=com,dc=br" rootpw {SSHA}pass directory /usr/local/var/openldap-data password-hash {CRYPT} password-crypt-salt-format "$1$.8s" index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq index memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,deliveryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read access to * by * read My ldap.conf base dc=unimix,dc=com,dc=br host ldap.unimix.com.br rootbinddn cn=suporte,dc=unimix,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one My smb.conf [global] workgroup = UNIMIX netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 2 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = Administrador, Administrator, fernando.ribeiro logon script = %U.bat logon path = \\%L\profiles\%U ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://ldap.unimix.com.br/ ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br ldap suffix = dc=unimix,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 10000-15000 idmap gid = 10000-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user script = /usr/local/sbin/smbldap-userdel "%u" delete group script = /usr/local/sbin/smbldap-groupdel "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes My samba return this errors: [2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [dc=unimix,dc=com,dc=br], filter => [(&(uid=suporte$)(objectclass=sambaSamAccount))], scope => [2] [2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266) ldapsam_getsampwnam: Unable to locate user [suporte$] count=0 [2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0 [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam(293) Finding user suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is SUPORTE$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [suporte$]! [2004/10/22 10:48:35, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w "suporte$"' gave 9 [2004/10/22 10:48:35, 5] lib/username.c:Get_Pwnam(293) Finding user suporte$ [2004/10/22 10:48:35, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is suporte$ [2004/10/22 10:48:35, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is SUPORTE$ [2004/10/22 10:48:35, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in suporte$ [2004/10/22 10:48:35, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [suporte$]! It don't found suporte$ machine. But it exists. > > dn: uid=suporte$,ou=Computadores,dc=unimix,dc=com,dc=br > > objectClass: top > > objectClass: inetOrgPerson > > objectClass: posixAccount > > cn: suporte$ > > sn: suporte$ > > uid: suporte$ > > uidNumber: 1020 > > gidNumber: 1000 > > homeDirectory: /dev/null > > loginShell: /bin/false > > description: Computer > > gecos: Computer But without sambasamaccount. PS. s/Computers/Computadores/g =) Any idea? Thanks Palavras de Igor Belyi [Thu, Oct 21, 2004 at 06:32:27PM -0400]: > Is it possible that 'ldap admin dn' used in your smb.conf does not have > write access to 'ou=Computers,dc=unimix,dc=com,dc=br'? What was the > error in smbd log when machine failed to join the Domain? > > Igor > > Fernando Ribeiro wrote: > >Hi all, > > > > I have smb.conf with: > > > > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" > > "%g" > > delete user script = /usr/local/sbin/smbldap-userdel "%u" > > delete group script = /usr/local/sbin/smbldap-groupdel "%g" > > delete user from group script = /usr/local/sbin/smbldap-groupmod -x > > "%u" "%g" > > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" > > "%u" > > > > while i try include the w2k machine in samba domain it create the > > ldap > > machine account entry: > > > > dn: uid=suporte$,ou=Computers,dc=unimix,dc=com,dc=br > > objectClass: top > > objectClass: inetOrgPerson > > objectClass: posixAccount > > cn: suporte$ > > sn: suporte$ > > uid: suporte$ > > uidNumber: 1020 > > gidNumber: 1000 > > homeDirectory: /dev/null > > loginShell: /bin/false > > description: Computer > > gecos: Computer > > > > And don't join in samba domain. > > > > While i create a machine account manually with: > > > > dn: uid=suporte$,ou=Computadores,dc=unimix,dc=com,dc=br > > gidNumber: 30000 > > uidNumber: 1022 > > uid: suporte$ > > sambaSID: S-1-5-21-715268823-1473299472-2771147885-3044 > > sambaAcctFlags: [W ] > > cn: suporte > > homeDirectory: /dev/null > > objectClass: top > > objectClass: sambaSamAccount > > objectClass: posixAccount > > objectClass: account > > > > It join in the samba domain without problem. > > > > Anyone know why it don't create sambaSamAccount ? > > Machine account need inetOrgPerson ? > > > > Thanks > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Fernando Ribeiro - GPG-KEY: 0x8D7255F4 Linux Counter: #273768 - ICQ: 175630330 LPIC-2 - Advanced Linux Death the graph! Death the mouse Death patents! Death closed standards! http://www.nerdgroup.org http://musb.nerdgroup.org -------------------------------------- "Grandes mentes discutem idéias; Mentes medianas discutem eventos; Mentes pequenas discutem pessoas." -------------------------------------- "A mente que se abre a uma nova idéia jamais volta ao seu tamanho original." Albert Einstein -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba