The server is using samba 3.0.1pre1cvs and is configured to use an LDAP backend, which is a working backend for workstation users (A linux ldap backend). All critical groups are installed on the backend, as are Administrator and Guest accounts. Using the default settings, always fails at first stage because it's critical that "Admin users" be set, even though it's stated that it isn't. At second stage, it fails because all the support scripts expect samba3 to add the sambaSAMAccount schema, but it doesn't. Doing all by hand, it fails, because the default sets ldap backend for computers as "ou=Computers", while the getpwent looks for these with the getpwent call which is "ou=People" for all normal linux ldap backends. That is, it doesn't look for the computers or even use the "ldap machine suffix" setting. And finally, after all is set by hand it fails with the Windows XP Professional message of "No mapping between name and security identity", whatever that is. Something, the "join" procedure should have set is not being "read" or "verified" with the same mechanism.
Created attachment 205 [details] Log 5 results Failure to join, but account for computer exists in ldap directory.
This is a defenciancy in the current ldap code in the nss_ldap library must search the 'ldap suffix' from smb.conf (which must be the common parent of the machine and user suffix). It's on the plate to be rewritten. However, its going to be hard to do this is a backwards compatible fashion. So what you are seeing is by (a bad) design,
database cleanup