The server is using samba 3.0.1pre1cvs and is configured to use an LDAP backend,
which is a working backend for workstation users (A linux ldap backend). All
critical groups are installed on the backend, as are Administrator and Guest
accounts. Using the default settings, always fails at first stage because it's
critical that "Admin users" be set, even though it's stated that it isn't. At
second stage, it fails because all the support scripts expect samba3 to add the
sambaSAMAccount schema, but it doesn't. Doing all by hand, it fails, because
the default sets ldap backend for computers as "ou=Computers", while the
getpwent looks for these with the getpwent call which is "ou=People" for all
normal linux ldap backends. That is, it doesn't look for the computers or even
use the "ldap machine suffix" setting. And finally, after all is set by hand it
fails with the Windows XP Professional message of "No mapping between name and
security identity", whatever that is. Something, the "join" procedure should
have set is not being "read" or "verified" with the same mechanism.
Created attachment 205 [details]
Log 5 results
Failure to join, but account for computer exists in ldap directory.
This is a defenciancy in the current ldap code in the nss_ldap
library must search the 'ldap suffix' from smb.conf (which must
be the common parent of the machine and user suffix). It's on
the plate to be rewritten. However, its going to be hard to
do this is a backwards compatible fashion.
So what you are seeing is by (a bad) design,