Hi,
I've just set up a CENTOS 4 server with Samba (Version 3.0.25b-1.el4_6.4) and OpenLDAP (2.2.13-8.el4_6.2) and everything is working fine apart from adding machines to the domain. I'm using smbldap-tools and I've added the correct lines to my smb.conf to call those scripts when a machine joins the domain :
add machine script = /usr/sbin/smbldap-useradd -w "%u"
It works to a certain extent, the LDAP object gets created but without the SambaSAM attributes. From slapcat:
dn: uid=server$,ou=Computers,dc=company,dc=org
objectClass: top
objectClass: account
objectClass: posixAccount
cn: server$
uid: server$
uidNumber: 508
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
entryUUID: c13d6052-629c-102c-9d58-ccec9e8a1ba5
creatorsName: cn=Manager,dc=company,dc=org
createTimestamp: 20080129100024Z
entryCSN: 20080129100024Z#000002#00#000000
modifiersName: cn=Manager,dc=company,dc=org
modifyTimestamp: 20080129100024Z
From the log:
[2008/01/29 10:02:19, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2
[2008/01/29 10:02:19, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation SERVER$: no account in domain
[2008/01/29 10:02:19, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
_net_auth2: failed to get machine password for account SERVER$: NT_STATUS_ACCESS_DENIED
I've tried changing the machine add script to use %m instead of %u but that didn't work. When I go a getent passwd server$ it doesn't return anything.
If I do something like a smbclient -L domain -U username I can see the domain information.
I've been working on this for 2 weeks and can't figure it out. I even rebuilt the server from scratch last Friday and recreated everything but still no luck
Hope you can help,
Paul
I've just set up a CENTOS 4 server with Samba (Version 3.0.25b-1.el4_6.4) and OpenLDAP (2.2.13-8.el4_6.2) and everything is working fine apart from adding machines to the domain. I'm using smbldap-tools and I've added the correct lines to my smb.conf to call those scripts when a machine joins the domain :
add machine script = /usr/sbin/smbldap-useradd -w "%u"
It works to a certain extent, the LDAP object gets created but without the SambaSAM attributes. From slapcat:
dn: uid=server$,ou=Computers,dc=company,dc=org
objectClass: top
objectClass: account
objectClass: posixAccount
cn: server$
uid: server$
uidNumber: 508
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
entryUUID: c13d6052-629c-102c-9d58-ccec9e8a1ba5
creatorsName: cn=Manager,dc=company,dc=org
createTimestamp: 20080129100024Z
entryCSN: 20080129100024Z#000002#00#000000
modifiersName: cn=Manager,dc=company,dc=org
modifyTimestamp: 20080129100024Z
From the log:
[2008/01/29 10:02:19, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2
[2008/01/29 10:02:19, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation SERVER$: no account in domain
[2008/01/29 10:02:19, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
_net_auth2: failed to get machine password for account SERVER$: NT_STATUS_ACCESS_DENIED
I've tried changing the machine add script to use %m instead of %u but that didn't work. When I go a getent passwd server$ it doesn't return anything.
If I do something like a smbclient -L domain -U username I can see the domain information.
I've been working on this for 2 weeks and can't figure it out. I even rebuilt the server from scratch last Friday and recreated everything but still no luck
Hope you can help,
Paul