On Tue, 2007-08-21 at 21:17 +0200, Markus Baertschi wrote: > I'm attemtping to configure a Ubuntu server for a bunch of windows clients. > I'd like the authentication information to be in ldap.So far the stuff > works, > I can authenticate users in LDAP just fine. > > But when I want a windows machine to join the domain I get the > error 'The user name could not be found'. The computer account > gets created (via smbldap-tools) and I can see it in the ldap. > The samba log shows what's happening, when id can not find > the account it creates it and fails when it can not find the freshly > created account. Unfortunately the log is net very helpful to point > find out what is wrong: > ------------------- > [2007/08/20 20:28:55, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINXP1$]! > [2007/08/20 20:28:56, 3] passdb/pdb_interface.c:pdb_default_create_user(368) > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w > "winxp1$"' gave 0 > [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINXP1$ > [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is winxp1$ > [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINXP1$ > [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in winxp1$ > [2007/08/20 20:28:56, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINXP1$]! > [2007/08/20 20:28:56, 3] passdb/pdb_interface.c:pdb_default_create_user(384) > pdb_default_create_user: failed to create a new user structure: > NT_STATUS_NO_SUCH_USER > [2007/08/20 20:28:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_create_user > ------------------ > > How can I debug and fix this situation ? > > Markus > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Hi Markus, I create subtrees under an Accounts ou for computers and users - it's nice to keep them separate. smb.conf: ldap suffix = dc=ifa,dc=net ldap machine suffix = ou=Computers,ou=Accounts ldap user suffix = ou=People,ou=Accounts ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u' delete user script = /opt/IDEALX/sbin/smbldap-userdel %u add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g' delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g' add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '% g' delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '% u' '%g' enable privileges = Yes set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u' /etc/ldap.conf nss_base_passwd ou=Accounts,dc=ifa,dc=net?sub nss_base_shadow ou=Accounts,dc=ifa,dc=net?sub nss_base_group ou=Groups,dc=ifa,dc=net?one notice the ?sub at the end. smbldap.conf # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=People,ou=Accounts,${suffix}" # Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" computersdn="ou=Computers,ou=Accounts,${suffix}" This works transparently from windows without having to add accounts in another tool. Cheers Alex -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba