[Date Prev][Date Next] [Chronological] [Thread] [Top]

problem with computer accounts in samba+openldap



Over the weekend, 24 or so machines in a lab of 96 stopped talking to the
domain controller.  
When I initially connected these machines to the domain controller, I
noticed that if the computer account was not set up in advance then windows
2000 returns an error:

No Windows NT or Windows 2000 Domain Controller is available for domain
INSTRUCTION. The following error occurred:
The account used is a computer account. Use your global user account or
local user account to access this server.

I see the same error in the event log when the affected machines boot up.

The accounts for all of these affected machines are in the ldap directory,
in the correct container.  They do not appear to vary in any significant way
from the entries for unaffected machines.  

In the samba logs, we see entries for affected machines as follows:

[2002/11/04 08:40:21, 0] passdb/pdb_ldap.c:pdb_getsampwnam(867)
  LDAP search "(&(uid=pod8-5424_)(objectclass=sambaAccount))" returned 0
entr
.
[2002/11/04 08:40:21, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
  get_md4pw: Workstation pod8-5424$: no account in domain

I notice that the LDAP search is for "uid=pod8-5424_" and not
"uid=pod8-5424$"

Does this ring any bells?  

James Affeld
Network Administrator
South Seattle Community College
(206) 768-6872