Samba Ldap problem when joining Windows to the domain
 

Hi Expert,

Sorry for my bad English but I hope you can understand. I have Samba version 3.5.2 and OpenLDAP: slapd 2.3.43 which running for about 1 year as PDC, and it running smoothly until last week. When I want to join to the domain with Windows XP, after I key in Domain Administrator username and password to join to the domain, an error message has appeared as below:

"Computer Name Changes
The following error occurred attempting to join the domain 'ABC'
The remote call procedure call failed."

Then when I click OK, my machine doesn't join to my domain. But when I check at the LDAP tree using Jxplorer, I can see my Windows XP computer name has been registered under Computers account, but I notice at SambaAcctFlags, the value was set to [DW], not [W] as other computers account. I don't know how it was set to [DW], as I know D means Account was Disabled. I have try to change the value to [W] and rejoin back the computer but the same error will come out and the SambaAcctFlags will change back to [DW].

I hope somebody can help me or maybe has experienced the same problem before and have the solution to fix it. Below is my smb.conf for your reference. Thank you again.

#======== Global Settings ===================
[global]

workgroup = ABC
server string = ABC PRIMARY DOMAIN CONTROLER
interfaces = lo eth0

domain master = yes
domain logons = yes
preferred master = yes
os level = 255
wins support = yes
wins proxy = no
dns proxy = yes
client ntlmv2 auth = yes
lanman auth = yes
ntlm auth = yes

remote announce = 10.23.36.255 10.23.37.255 10.23.38.255
remote browse sync = 10.23.36.255 10.23.37.255 10.23.38.255

log level = 0
log file = /var/log/samba/samba.log
max log size = 50
syslog = 0

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = ou=OxObjects,dc=abc,dc=com
ldap admin dn = cn=sambaadmin,ou=OxObjects,dc=abc,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap passwd sync = yes

add machine script = smbldap-useradd -W "%u"
add user script = smbldap-useradd "%u"
add group script = smbldap-groupadd "%g"

delete user script = smbldap-userdel "%u"
delete group script = smbldap-groupdel "%g"

add user to group script = smbldap-groupmod -m "%u" "%g"
delete user from group script = smbldap-groupmod -x "%u" "%g"

set primary group script = smbldap-usermod -g "%g" "%u"

admin users = root administrator @"Domain Admins"
guest ok = no

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

logon script = default.bat
logon drive =
logon path =
logon home =

#name resolve order = wins lmhosts bcast
#lm announce = yes
#browse list = yes

# printing
printing = bsd
printcap name = /dev/null

#=================== Share Definitions ============
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
read only = no
create mask = 0664
directory mask = 0775
write list = @"domain admins"
force group = "domain admins"

[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
nt acl support = yes
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
force user = %U
valid users = %U "Domain Admins"

[regset]
path = /home/samba/regset
writeable = yes
force user = root
create mask = 0644
hide dot files = no
sync always = yes

[Public]
path = /home/samba/smbshares/public
comment = Public Shared Folder
create mask = 0770
directory mask = 2770
force group = "Domain Admins"
write list = @"Domain Admins"

[Applications]
path = /home/samba/smbshares/applications
comment = Application Sources
create mask = 0770
directory mask = 2770
force group = "Domain Admins"
write list = @"Domain Admins"