I have setup a Samba PDC with LDAP by the Samba howto. All is working
fine. But when I try to add machine accounts it is giving me errors. The
error is as such
First I did
#smbldap-useradd -w comat67$
This was successful. Then when I do this
oblix:/home# pdbedit -a -m -u comat67$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=COMAT))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=COMAT))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: comat67$
ldapsam_modify_entry: Failed to add user dn=
uid=comat67$,ou=Computers,dc=comat,dc=com with: Object class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = comat67$
(dn = uid=comat67$,ou=Computers,dc=comat,dc=com)
Unable to add machine! (does it already exist?)
Any ideas why this is happeneing.
My smb.conf
[global]
unix charset = LOCALE
workgroup = COMAT
netbios name = COMAT-PDC
interfaces = 192.168.100.203
bind interfaces only = Yes
passdb backend = ldapsam:ldap://127.0.0.1
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 3
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
time server = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = usr/local/sbin/smbldap-userdel "%u"
add group script = usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = usr/local/sbin/smbldap-groupdel "%g"
add user to group script = usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = usr/local/sbin/smbldap-useradd -w "%u"
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=comat,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=comat,dc=com
ldap user suffix = ou=People
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
My slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload back_bdb
access to dn.base=""
by dn="cn=admin,dc=comat,dc=com" write
by self write
by * auth
access to attr=userPassword,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=comat,dc=com" write
by self write
by * auth
access to attr=shadowLastChange
by dn="cn=admin,dc=comat,dc=com" write
by self write
by * read
access to *
by dn="cn=admin,dc=comat,dc=com" write
by * read
by anonymous auth
#loglevel 256
schemacheck on
idletimeout 30
backend bdb
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=comat,dc=com"
rootdn "cn=admin,dc=comat,dc=com"
rootpw "********"
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
The OS is sarge and the Samba packages are the default ones.
Any help would be greatly appreciated.
Thanks,
PD
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
