I got passed this by permitting anonymous writes to sambadomain and ou=computers in LDAP ( not ideal, but I really want this to work already ). Now I'm running into another problem.
It seems that eventhough the machine accounts get created upon successful authentication, it fails to find that same machine account during the same or another operation to actually join the domain. The search string it uses has objectclass=sambaSamAccount. Apparently, the newly created machine account doesn't have that object class. Also there's no sambasid entry for the machine account ( not sure if it needs one, but if sambaSamAccount requires that, I guess it does ? ) In addition to that, the search base it uses to look for the machine accounts only has the parent suffix, without the "ou=computers. Samba user accounts can be added with smbpasswd and all the sids, passwords and other attributes are set correctly. Another issue is that idmap ou doesn't get seem to get populated with any entries at all, but I also don't know if it should be. base => [dc=mydomain,dc=com] > [(&(uid=computer$)(objectclass=sambaSamAccount))] smb.conf add user script = /usr/local/samba/bin/smbldap-useradd -n "%u" add machine script = /usr/local/samba/bin/smbldap-useradd -n -d /dev/null -s /bin/false -w "%m" ldap admin dn = "cn=Directory Manager" ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap suffix = dc=mydomain,dc=com ldap ssl = no ldap user suffix = ou=people idmap backend = ldapsam:ldap://myldapserver idmap uid = 10000-30000 idmap gid = 10000-30000 smb-ldap.conf suffix="dc=mydomain,dc=com" usersdn="ou=People,${suffix}" computersdn="ou=computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=idmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=LDAPAUTH,${suffix}" thank you. > Still can't figure this one out. > > I get > > Error: Insufficient 'write' privilege to the 'uidNumber' attribute of > entry 'sambadomainname=ldapauth,dc=mydomain,dc=com'.[2006/05/09 10:29:16, > 0] rpc_server/srv_samr_nt.c:(2415) > _samr_create_user: Running the command > `/usr/local/samba/bin/smbldap-useradd -n -g machines -c Machine -d > /dev/null -s /bin/false computer$' gave 1 > > when trying to join the domain from WinXP workstation. > > but if I run this manually > /usr/local/samba/bin/smbldap-useradd -w machine$ > > machine$ computer account gets created exactly where it's expected, under > ou=computers. Why isn't the default action creating machine > accounts with -w switch ? Do I misunderstand something ? > > > If simply browsing shares all windows auth. works fine via ldap. > > thank you all. > > > >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba