The add machine script is not being executed as root. This is a problem because when using the smbldap-tools scripts because they must be executed as root in order to access the ldap server. I am running trustix with the 2.4.30 kernel on x86 hardware. Samba is version 3.0.14a. Here is the output from testparm: Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[backup]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = EE server string = Trustix Secure Linux Samba Server passdb backend = ldapsam:ldap://localhost/ log file = /var/log/samba/log.%I max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" logon script = logon.bat logon path = logon drive = H: domain logons = Yes os level = 32 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=admin,dc=experts-exchange,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=People ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=experts-exchange,dc=com ldap user suffix = ou=People [homes] comment = Home Directories path = /home/users/%S valid users = %S read only = No create mask = 0600 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [backup] comment = Backups path = /backup browseable = No When I run `net join EE -U root` I get the following error: [2005/07/07 17:06:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: No results returned Creation of workstation account failed Unable to join domain EE. Here is a snippit of part of the log that is generated when i run that command. As you can see from the last lines, smbldap-useradd did not run properly because it could not open the smbldap.conf file. The permissions on this file are 0600; it is owned by root. [2005/07/07 16:59:56, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => [dc=experts-exchange,dc=com], filter => [(&(uid=filese rver$)(objectclass=sambaSamAccount))], scope => [2] [2005/07/07 16:59:56, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334) ldapsam_getsampwnam: Unable to locate user [fileserver$] count=0 [2005/07/07 16:59:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam(293) Finding user fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is FILESERVER$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [fileserver$]! [2005/07/07 16:59:56, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) _samr_create_user: can add this account : False Unable to open /etc/opt/IDEALX/smbldap-tools/smbldap.conf for reading ! Compilation failed in require at /usr/local/sbin/smbldap-useradd line 33. BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-useradd line 33. [2005/07/07 16:59:56, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w "fi leserver$"' gave 2 This looks like it is related to 2282 and 1037.
Samba executes the add machine script under the context of the connected user unless you possess the SeMachineAccountPrivilege. This appears to be your problem: [2005/07/07 16:59:56, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) _samr_create_user: can add this account : False