[Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Hi all! Domain is up and running. I can add users and they can change passwords. Problem occurred when I tried to add machine account. add machine script works fine (unix user created) but samba can not modify entry. LDAP permissions are proper. If you have any idea welcomed. Thank you Here is the log: [2004/03/10 14:33:08, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1595) ldapsam_add_sam_account: Adding new user [2004/03/10 14:33:08, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) init_ldap_from_sam: Setting entry for user: hive$ [2004/03/10 14:33:08, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1214) ldapsam_modify_entry: Failed to add user dn= uid=hive$,ou=Computers,ou=accounts,o=isma with: Already exists [2004/03/10 14:33:08, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1633) ldapsam_add_sam_account: failed to modify/add user with uid = hive$ (dn = uid=hive$,ou=Computers,ou=accounts,o=isma) [2004/03/10 14:33:08, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2250) could not add user/computer hive$ to passdb. Check permissions? smb.conf [global] dos charset = CP866 unix charset = koi8-r display charset = koi8-r workgroup = ISMA-TEST netbios name = BDC-SRV server string = Samba Server 3.0.2a testing interfaces = eth1 bind interfaces only = Yes min passwd length = 4 map to guest = Bad User passdb backend = ldapsam:ldap://192.168.10.156 guest account = guest passwd program = /usr/local/sbin/smbldap-passwd.pl %u passwd chat = *New*password* %n\n *new*password* %n\n passwd chat timeout = 1 unix password sync = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g 'Domain Computers' -c 'Machine Account' -s /bin/false %u logon script = %U.bat logon path = \\%N\%U\.2kXPprofiles logon home = \\%N\%U\.9xMeprofiles domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins server = 192.168.77.3 ldap suffix = ou=accounts,o=isma ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=admin,ou=accounts,o=isma ldap ssl = no ldap passwd sync = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] path = /home read only = No [netlogon] path = /opt/samba/netlogon admin users = admin read only = No browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
* zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
* zergio [EMAIL PROTECTED] nulis: Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) man page can be wrong ;-p Quoting jerry of samba team : quote My opinion is that the 'ldap filter' option in smb.conf should never be set. There are 2 many different LDAP searches now being done (group mapping, users, etc...) and we don't use that option consistently internally anyways. Best to leave it alone IMO. /quote However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. Have you try it first? mine not: Mar 11 13:13:46 jambu slapd[1397]: conn=101167 op=6 SRCH base=ou=jakarta,dc=indorama,dc=com scope=2 filter=((uid=jktjalan)(objectClass=sambaSamAccount)) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Beast ?: * zergio [EMAIL PROTECTED] nulis: Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) man page can be wrong ;-p Quoting jerry of samba team : quote My opinion is that the 'ldap filter' option in smb.conf should never be set. There are 2 many different LDAP searches now being done (group mapping, users, etc...) and we don't use that option consistently internally anyways. Best to leave it alone IMO. /quote However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. Have you try it first? mine not: Mar 11 13:13:46 jambu slapd[1397]: conn=101167 op=6 SRCH base=ou=jakarta,dc=indorama,dc=com scope=2 filter=((uid=jktjalan)(objectClass=sambaSamAccount)) --beast I've tried to set ldap filter to NULL string with swat - It didn't work. When I deleted the string from smb.conf file and restarted smbd a machine successfully joined the domain. I appreciate you help. Thank you very much! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba