The main problem (while I build a new directory from scratch) is you can't add a machine account to the domain :
On the client it says the credentials are invalid, anyway the real problem (from samba logs) seems to be :
"Got too many (2) domain info entries for domain DOMAIN"
(I've replaced my domain name to 'DOMAIN' and sambahost name to 'host' for no particular reason ...)
host:/etc/samba # strings secrets.tdb | grep SID
&SECRETS/SID/HOST
&SECRETS/SID/DOMAIN <-- I think this is the problem, since a clean installation on a test machine gives only the first line from the same command, but I can't figure how to remove the entry.
other useful infos can be :
1) host:/ # smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE]
Server Comment --------- ------- HOST Samba Server Version 3.0.4-SUSE
Workgroup Master --------- ------- DOMAIN HOST
2) host:/ # net getlocalsid
[2004/09/22 11:39:38, 0] lib/smbldap.c:smbldap_search_domain_info(1368) Got too many (2) domain info entries for domain DOMAIN SID for domain HOST is: S-1-5-21-3942806058-2931819711-1847247862
3) host:/ # pdbedit -Lv user
Got too many (2) domain info entries for domain DOMAIN Got too many (2) domain info entries for domain DOMAIN Unix username: user NT username: user Account Flags: [U ] User SID: S-1-5-21-3942806058-2931819711-1847247862-2010 Primary Group SID: S-1-5-21-3942806058-2931819711-1847247862-513 Full Name: Some User Home Directory: \\host\user HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\host\profiles\user Domain: DOMAIN [etc...]
4) host:/ # net groupmap list
[2004/09/22 11:50:47, 0] lib/smbldap.c:smbldap_search_domain_info(1368) Got too many (2) domain info entries for domain DOMAIN
Domain (S-1-5-21-3942806058-2931819711-1847247862-1203) -> domain
Domain Guests (S-1-5-21-3942806058-2931819711-1847247862-514) -> nobody
Domain Users (S-1-5-21-3942806058-2931819711-1847247862-513) -> users
Domain Admins (S-1-5-21-3942806058-2931819711-1847247862-512) -> Domain Admins
Guests (S-1-5-21-3942806058-2931819711-1847247862-546) -> Guests
Power Users (S-1-5-21-3942806058-2931819711-1847247862-547) -> Power Users
Account Operators (S-1-5-21-3942806058-2931819711-1847247862-548) -> Account Operators
Server Operators (S-1-5-21-3942806058-2931819711-1847247862-549) -> Server Operators
Print Operators (S-1-5-21-3942806058-2931819711-1847247862-550) -> Print Operators
Backup Operators (S-1-5-21-3942806058-2931819711-1847247862-551) -> Backup Operators
Replicator (S-1-5-21-3942806058-2931819711-1847247862-552) -> Replicator
Domain Computers (S-1-5-21-3942806058-2931819711-1847247862-553) -> Domain Computers
5) [the exported LDIF of ldap domain entry]
dn: sambaDomainName=DOMAIN, dc=domain, dc=com sambaNextUserRid: 4000 sambaSID: S-1-5-21-3942806058-2931819711-1847247862 sambaNextGroupRid: 4001 objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaDomainName: DOMAIN
6 ) [relevant lines from smb.conf]
netbios name = HOST
workgroup = DOMAIN
passdb backend = ldapsam:ldap://localhost/
ldap suffix = dc=domain,dc=com ldap admin dn = cn=Manager,dc=domain,dc=com ldap ssl = on ldap user suffix = ou=people ldap group suffix = ou=Group ldap machine suffix = ou=people #ldap filter = ($(uid=%u)(objectclass=sambaSAMAccount)) ldap idmap suffix = ou=Idmap idmap backend = ldap:ldaps://host.domain.com
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
thanks
-- Simone Cittadini ================== COMVERT S.R.L. via F.lli Bressan, 21 20126 Milano - ITALY Tel +39.02.27006796(aspetta un beep)103 [EMAIL PROTECTED] http://www.comvert.com
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
