Hi,
I am not sure what's wrong with my Samba PDC+LDAP configuration, I've been getting message saying computer account not found when I try to join a domain in Samba PDC (running on CentOS 5.3).

This is the log /var/log/samba/log.root

Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1083.
[2009/12/07 18:29:14, 0] passdb/pdb_interface.cdb_default_create_user(329)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w "win2k8$"' gave 3


ldap structure

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: cn=root,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: root
userPassword:: e2NyeXB0fXg=
gidNumber: 0
memberUid: root

dn: cn=users,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: e2NyeXB0fXg=
gidNumber: 100

dn: uid=root,ou=People,dc=example,dc=com
uid: root
cn: root
homeDirectory: /root
uidNumber: 0
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowWarning: 7
gidNumber: 0
gecos: root
loginShell: /bin/bash
userPassword:: e1NTSEF9clZPN0xReGU0bGRDUFIzZnd6WVFpS05aaWVaa2NrWk s=
shadowLastChange: 14585
shadowMax: 45

dn: ou=Computers,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Computers

dn: ou=Idmap,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Idmap

dn: ou=Computers,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Computers

dn: ou=Idmap,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Idmap

dn: cn=Domain Admins,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-52963883-3504805698-1849000658-512
sambaGroupType: 2
displayName: Domain Admins

dn: cn=Domain Users,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-52963883-3504805698-1849000658-513
sambaGroupType: 2
displayName: Domain Users

dn: cn=Domain Guests,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-52963883-3504805698-1849000658-514
sambaGroupType: 2
displayName: Domain Guests

dn: cn=Domain Computers,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-52963883-3504805698-1849000658-515
sambaGroupType: 2
displayName: Domain Computers
memberUid: root

dn: cn=Administrators,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
memberUid: root
# Account Operators, Group, example.com
dn: cn=Account Operators,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
memberUid: root

dn: cn=Print Operators,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators

# Backup Operators, Group, example.com
dn: cn=Backup Operators,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
memberUid: root

dn: cn=Replicators,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators

# example, example.com
dn: sambaDomainName=example,dc=example,dc=com
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
gidNumber: 1000
uidNumber: 1000
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaSID: S-1-5-21-52963883-3504805698-1849000658
sambaNextRid: 1000
sambaDomainName: example

# root, example.com
dn: cn=root,dc=example,dc=com
cn: root
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: ZTFOVFNFRjljbFpQTjB4UmVHVTBiR1JEVUZJelpuZDZXVkZwUz A1YWFXVmFhMk5
yV2tzPQ==
description: Network and LDAP administrator
sambaSID: S-1-5-21-4049341300-984804467-2912306435-500
uid: Manager
sambaPrimaryGroupSID: S-1-5-21-4049341300-984804467-2912306435-512
gidNumber: 513
homeDirectory: /root
uidNumber: 0
sambaHomePath: \\EMS-PDC-SRV\root
sambaLMPassword: e1NTSEF9clZPN0xReGU0bGRDUFIzZnd6WVFpS05aaWVaa2NrWk s=
sambaNTPassword: e1NTSEF9clZPN0xReGU0bGRDUFIzZnd6WVFpS05aaWVaa2NrWk s=


/etc/samba/smb.conf

workgroup = example
netbios name = example-PDC-SRV
security = user
enable privileges = yes
server string = Samba Server %v
encrypt passwords = Yes
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home = \\%N\%U
logon path = \\%N\%U\profile
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://localhost/
ldap admin dn = cn=root,dc=example,dc=com
ldap suffix = dc=example,dc=com
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = yes
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no

/etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-52963883-3504805698-1849000658"
sambaDomain="example"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify="require"
cafile="/etc/pki/tls/certs/ldapserverca.pem"
clientcert="/etc/pki/tls/certs/ldapclient.pem"
clientkey="/etc/pki/tls/certs/ldapclientkey.pem"
suffix="dc=example,dc=com"
usersdn="ou=People,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Group,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\example-PDC-SRV\%U"
userProfile="\\example-PDC-SRV\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="example.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"


/etc/smbldap-tools/smbldap_bind.conf

slaveDN="cn=root,dc=example,dc=com"
slavePw="myPassword"
masterDN="cn=root,dc=example,dc=com"
masterPw="myPassword"