With 3.0.23rc1 I can't join Windows XP clients to the domain. Same configuration with 3.0.22 works perfectly fine. It fails with "Access Denied". Searching the level 10 debug log for NT_STATUS_ACCESS_DENIED reveals: [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_modify(1377) Failed to modify dn: uid=ws035$,ou=Computers,dc=andolan, error: No such attribute (modify/delete: displayName: no such value) [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0000 status: NT_STATUS_ACCESS_DENIED Then I tried patching smbldap-useradd to include a displayName, but the message kept appearing in the log. It does create the LDAP machine account through /usr/sbin/smbldap-useradd -w ws035$ dn: uid=ws035$,ou=Computers,dc=andolan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: ws035$ sn: ws035$ uid: ws035$ uidNumber: 10032 gidNumber: 10002 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer displayName: WS035$ I'm trying it with an account that is both a global admin user (admin users = @"Domain Admins") and is a member of group Domain Admins that has SeMachineAccountPrivilege. I'm attaching two logs, 3.0.22 domain join log and 3.0.23rc3 domain join log.
Created attachment 1970 [details] 3.0.22 level 10 log domain join by XP client
Created attachment 1971 [details] 3.0.23rc3 level 10 log domain join by XP client
Could test 3.0.23rc2? I think I remember volker fixing a bug here.
Sorry. I see you already did. I'll look at the logs.
My bad, typo, didn't try 3.0.23rc1, only 3.0.23rc3.
Okay, I know what's going on. Thanks for testing this! Stay tuned.... Volker
Created attachment 1972 [details] fix for pdb_ldap Can you try the attached patch? I did not test it, as I don't have a full LDAP setup handy right now, but I'm pretty confident it fixes it. Meanwhile I'm setting up a LDAP DC... Thanks for testing this! Volker
Ok, checked in the fix with r16427 Volker
I love you guys, patch available within 3 hours! Works for me. Thanks!