Windows Workstation Fails To Join Samba Domain. ERROR: The User Name Could Not Be Found

[2010/04/05 11:21:10, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
  _samr_create_user: Running the command `/usr/bin/namuseradd -a 'cn=admin,o=novell' -w 'novell' -x 'ou=SambaComputers,o=novell' -s /bin/false -d /dev/null -c 'Samba Machine Account' -g 'cn=DomainComputers,ou=Samba Groups,o=novell''jdh_xp3$'' gave 1

1. Make sure the [global] section of the /etc/samba/smb.conf does not contain 'enable privileges = no'.  By default it is set to 'yes'.  Feel free to add 'enable privileges = yes' in the smb.conf if desired.  See 'man smb.conf' for more details about this parameter.
2. Make sure that the user being used to add the machine to the domain has the correct privilege.  In this case, the privilege is called 'SeMachineAccountPrivilege'.  This can be checked and added with the following commands:
   • To list possible rights:  net rpc rights list (Enter root's password when prompted)
   • To list rights for a specific user:  net rpc rights list <user> (Enter root's password when prompted)
   • To add rights:  net rpc rights grant <user> <right> (In this case, the right is SeMachineAccountPrivilege.  Enter root's password when prompted)
   • To revoke rights:  net rpc rights revoke <user> <right> (Enter root's password when prompted)
3. For OES, either open ConsoleOne or iManager and browse to the domain object.  If your "workgroup" name, as specified under the smb.conf, is MYPDC, then look for an object called MYPDC in eDirectory.
   • Browse to the OTHER tab to review the Valued Attributes
   • Find sambaAlgorithmicRIDBase and delete it (If utilizing Samba without OES, this is not applicable).  This attribute should not be there by default, and a defect has been filed against it.  If left in, it is likely the error outlined inTID 7005361will be encountered.
4. Make sure the root user can execute the "add machine script" from the [global] section of the smb.conf manually from a shell.
   • Copy and paste (Do not retype the command.  Reasoning is outline below) the "add machine script" line from the smb.conf to a shell and execute the command.  Be sure to substitute necessary parameters
     • ie.  smb.conf may have the following line:
       • add machine script =  `/usr/bin/namuseradd -a 'cn=admin,o=novell' -w 'adminsecret' -x 'ou=SambaComputers,o=novell' -s /bin/false -d /dev/null -c 'Samba Machine Account' -g 'cn=DomainComputers,ou=Samba Groups,o=novell''%u''
     • Execute the following command based off of the information above:
       • /usr/bin/namuseradd -a 'cn=admin,o=novell' -w 'adminsecret' -x 'ou=SambaComputers,o=novell' -s /bin/false -d /dev/null -c 'Samba Machine Account' -g 'cn=DomainComputers,ou=Samba Groups,o=novell''MyWorkstationName$'
     • Correct any syntax issues that may be encountered.  In this case, there is a missing space between the last two arguments (ie o=novell''%u' should be o=novell' '%u').  Some editors make it easier to see problems like this than others.  Depending upon the font and/or application being used to view the files and logs, it may appear that there is a space there.
     • Syntax issues may show up in the log.smbd as simply as stated toward the beginning of this document.  (ie. 'Running the command . . . . gave 1').  This is the reason copying and pasting the command, and executing the command as the root user.  It is necessary to narrow down any syntax issues that are not readily seen
5. Restart smbd, nmbd, winbind (if applicable), and nscd
6. Attempt to join the domain with the user manipulated in step number two above