I have three machines, two xp and one win2k, that join the samba pdc fine.
I have tried to join others to this same samba pdc using the same
accounts for authentication without success. The xp machine first says
the user does not exist, I click ok and go back to the screen for the
domain account authorized to join the domain and press ok (or next) again
and this time the xp box says the user already exists.

I think something is having an issue with the machine$ accounts in ldap.
I added a '-t 5' in smb.conf to the smbadd-useradd command for adding
a machine. I could tell a longer time before the first messages (missing
user) is returned, but I still have the same final situation with the
xp box not being a part of the samba pdc.

Any ideas?


fedora core 5 with all patches
$ uname -a
Linux elo.company.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux
$ rpm -qa | grep samba

------------------------------------ /etc/samba/smb.conf

# Samba config file created using SWAT
# from (
# Date: 2006/08/03 15:11:35

security = USER
client plaintext auth = Yes
client lanman auth = Yes
encrypt passwords = Yes
lanman auth = No
ntlm auth = Yes
password level = 0
guest account = nobody
#admin users = manager, root, mikee, jrc, bdhein
admin users =
hosts allow = 10.1.2., 10.1.3.
cups options = raw
wins support = yes
usershare allow guests = yes

workgroup = PWI
netbios aliases = loghost, mailhost, backuphost, ldaphost
server string = Samba Server (%h)
logon drive = P:
logon home = \\%N\%U
logon path = \\%N\%U\profile
logon script = /etc/samba/login.bat
ldap suffix = dc=company,dc=com
ldap admin dn = cn=manager,dc=company,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes

password server = ldaphost.company.com
passdb backend = ldapsam:ldap://ldaphost.company.com
ldap passwd sync = Yes
#unix password sync = Yes
#passwd program = /usr/sbin/smbldap-passwd %u
#passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n"
#passwd chat debug = Yes

os level = 66
preferred master = Yes
local master = Yes
domain master = Yes
domain logons = Yes
allow trusted domains = Yes
dns proxy = No

# log level = 255
# log level = 4
# log level = 3 ldap:10 passdb:10 auth:10 winbind:10
log level = 3
log file = /var/log/samba/%m.log
max log size = 500


#add user script = /usr/sbin/smbldap-useradd -m '%u'
add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D 'H:' -M "%u@company.com" %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
#add machine script = /usr/sbin/smbldap-useradd -w '%u'
#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
add machine script = /usr/sbin/smbldap-useradd -w -i '%u' -t 5

path = /etc/samba/netlogon
browseable = No
writable = Yes

comment = Home Directories
read only = No
guest ok = No
browseable = No

comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No

comment = Company Corporate Files
path = /opt/company
create mask = 0765
browseable = Yes
printable = No

comment = Backup files are stored here
path = /opt/backups
browseable = Yes
printable = No

comment = Storage for support and other data.
path = /opt/data
browseable = Yes
printable = No

comment = Company Cygwin Repositiory
path = /opt/cygwin
browseable = Yes
printable = No
guest ok = Yes
guest only = No
writeable = No
read only = Yes
------------------------------------ /etc/samba/smb.conf