conn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 filter="(objectClass=sambaUnixIdPool)"
conn=20539 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=20539 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=20539 op=3 MOD attr=uidNumber
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 filter="(uidNumber=1109)"
conn=20539 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=6 UNBIND
conn=20539 fd=32 closed
So, according to this, samba searches for the machine, and when it doesn't find it, it adds the machine successfully to the LDAP directory, and that is the last thing that happens.
Any idea what's going on?
Joaquin Villanueva wrote:
I had the same problem here. The change you've made was the same. Going up to the root level of LDAP and set a sub search. No way. The solution was to put TWO nss_base_passwd lines:
nss_base_passwd ou=Users,dc=liga-acb,dc=es?one nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
Try it and let me know...
Ben Davis wrote:
Joaquin wrote:
Yeah, I read about that earlier and changed my nss_base_password line to read:Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin. Samba sucessfully adds the machine account using the smbldap-useradd -w script, but I get the error "The user name could not be found".
Here's what it looks like it's doing in the ldap logs: 1. There's a login as cn=Manager, which searches for the root account, and then for a bunch of gidNumbers. It then searches for the machine$ with a sambaSamAccount objectclass, and exits.
2. It then reconnects anonymously and searches for machine$ and MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for the machine$ under posixAccount (still no restuls). It then finally adds the entry for machine$ but without the sambaSamAccount objectclass.
After that there are no more LDAP queries. What could be causing the error I'm getting?
If you have a Machines= suffix different as the Users= suffix, the problem is in the ldap.conf settings. Nothing to do with the smbldap-tools. The smbldap-tools creates only a posix entry in the Machines tree, leaving to samba the addition of the SambaSamAccount class to the machine entry. The problem is that Samba relies in the ldap.conf config to search for the machine account. Usually, you have only a search here for the users account. The trick is to add a second nss_base_password line pinting to the machines tree of LDAP. And then works.
nss_base_passwd dc=pca-wichita,dc=com?sub
(that is my base dn). The problem is that in the slapd logs, the LAST thing happens before I get the error is samba ADDS the posix machine account. It does nothing after that. Here's the slapd log of all operations of the last connection before the error occurs:
conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed
As soon as it ADDs the machine account, it doesn't try to modify it's objectClass, or anything like that. What's going on here?
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
