I configured my samba domain controller to use LDAP authentication. The only way I can get samba to add machine accounts to the LDAP server when I join a domain is to use the "add machine script" option to add the machine account to /etc/passwd with the "useradd" command. As far as I can tell, this shouldn't be necessary, since the client can still login if I remove the machine account from /etc/passwd.
Machine accounts have to exist either in /etc/passwd or as posixAccount objects in LDAP, samba requires a numerical uid for machines. It might be possible that your nscd does not recognize ldap changes fast enough during the join process. Volker
(In reply to comment #1) > Machine accounts have to exist either in /etc/passwd or as posixAccount objects > in LDAP, samba requires a numerical uid for machines. It might be possible that > your nscd does not recognize ldap changes fast enough during the join process. > > Volker > I assumed a uid wasn't necessary since the client seems to work without one. Does samba do something with the machine account when you first join the domain that requires a uid? Will deleting the machine's posixAccount cause any problems?
Samba just deeply assumes the posix account to be around. It might work in some cases but will mysteriously break in others. Volker