Re: [Samba] Unable to add machine accounts

Mon, 30 Mar 2009 09:53:14 -0700 

Anyone have any ideas on this?  (Really, any ideas at all are
welcome.)  Thanks.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Fri, 27 Mar 2009, Chris St. Pierre wrote:


I have the exact same problem as this guy:

http://lists.samba.org/archive/samba/2006-September/125699.html

He describes it much better and in much more detail than I could, so
I'll let him speak for me.

Unfortunately, I don't have the same solution.  nss_ldap is configured
properly, and things like 'getent passwd' and 'id machine-acct$' show
the machine accounts as expected:

% getent passwd | grep stpierre
stpierre:x:2273:4000:Christopher St
Pierre:/home/faculty/stpierre:/bin/zsh
stpierre-pc$:*:1944:1000:Computer:/dev/null:/bin/false
% id stpierre-pc$
uid=1944(stpierre-pc$) gid=1000 groups=1000

Unfortunately, "fix nss_ldap" is about the only suggestion I could
find on this problem on Google.  Any other suggestions?  Thanks!

I'm running samba 3.0.33 on RHEL 5.  /etc/ldap.conf (nss_ldap.conf on
other distros):

uri ldap://ldap.nebrwesleyan.edu
base o=NebrWesleyan.edu,o=isp
timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap
ssl start_tls
tls_checkpeer no

The [global] section of smb.conf:

[global]
server string = Huxley
workgroup = NWU_HUXLEY
netbios name = Huxley

log level = 1
log file = /var/log/samba/%U.%m.log
max log size = 102400

add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m'

bind interfaces only = true
interfaces = 10.1.1.44

logon path =
logon home =
logon drive =

socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE
max smbd processes = 0

encrypt passwords = yes
domain logons = yes domain master = yes local master = yes preferred master = yes security = user os level = 33 wins server = 10.9.1.12 
admin users = +ntadmin

passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu
ldap suffix = o=nebrwesleyan.edu,o=isp ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn = cn=directory manager ldap ssl = off 

idmap uid = 10000-20000
idmap gid = 10000-20000

blocking locks = no
unix extensions = no
include = /etc/samba/%U.inc

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to