In my smb.cfg I have follow command for adding machine user to my PDC server:
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false "%u"
When I want to join new Win7 machine to my PDC with root user (this is default configuration) I got follow message:
_samr_create_user: Running the command `/usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false "flab001$"' gave 83
[2016/10/12 16:26:21.481697, 3] ../source3/passdb/pdb_interface.c:499(pdb_default_create_user)
Could not find user FLAB001$, add script did not work
I tried adding follows, but without success (same error message)
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.rb %m$ add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
Note:
If I run command manually:
/usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false "flab001$" in command line with root permissions, I can join machine without any problem! And I can login in windows machine with other users (LDAP+SAMBA users).
So, in this case, I think, but I’m not 100% sure, this is permission problem when adding new machines. Anybody know how to resolve this issue, please?
Advertisement
Answer
Yes, problem was with permissions, who can add new posix/ldap user. By default LDAP user (via SAMBA) cannot manage users on Linux and I added configuration SSSD for ldap access and define permissions and rules.
On opensuse it is very easy via Yast2->Authentication Client, on other distribution user should use command line and edit /etc/sssd/sssd.conf file with appropriate parameters. Of course if user use command line, have not forgot adapt /etc/nsswitch.conf file, specially parameters:
passwd: compat sss
group: compat sss
and file /etc/ldap.conf