[Samba] Can No Longer Join to Domain

Tue Mar 27 05:48:50 GMT 2007

I don't know it it's going to make a difference, but my "calls" to the 
smbldap scripts in smb.conf don't have quoted parameters, ie I have the 
parameters without quotes 
-> 
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add user script = /usr/local/sbin/smbldap-useradd -a %u
etc...

HTH

Bert

Jason Baker <jbaker at glastender.com> 
Sent by: samba-bounces+bdr=peopleware.be at lists.samba.org
26/03/2007 16:36

To
sato x <garasi9 at gmail.com>
cc
samba List <samba at lists.samba.org>
Subject
Re: [Samba] Can No Longer Join to Domain

I tried recreating the password and I still get the same error.

*Jason Baker
*/IT Coordinator/

*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------

On 3/24/2007 10:32 AM, sato x wrote:
> Hi...
>
> Sorry if I was wrong. I just want to ask, did you join the machine 
> (via windows machine) using root account? If it's true, then I guess 
> you have to have samba password for your root. If you have made it 
> before, try to recreate your root's samba password (with 
> smbldap-passwd), then try to join the machine. Let me know if it 
> failed. :)
>
> Regards,
>
> sato
>
> On 3/24/07, *Jason Baker* <jbaker at glastender.com 
> <mailto:jbaker at glastender.com>> wrote:
>
>     I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP 
backend.
>     When I first set everything up, I could join workstations to the
>     domain
>     automatically with the  Windows Network ID Wizard. Now when I try to
>     join a workstation I get:
>
>         Your computer could not be joined to the domain because the
>         following error has occurred:
>         The user name could not be found.
>
>     If I add the computer name to the domain manually from the command
>     line
>     or with LDAP Account Manager, then go back and join it, it works.
>     But it
>     sure would be nice not to have to set up each machine manually. Any
>     thoughts?
>
>     [global]
>             unix charset = LOCALE
>             workgroup = glastendernet
>             netbios name = aster
>             server string = Glastender Domain Controller running %v
>             interfaces = eth1, lo
>             bind interfaces only = yes
>             os level = 255
>             preferred master = yes
>             local master = yes
>             domain master = yes
>             security = user
>             time server = yes
>             username map = /etc/samba/smbusers
>             wins support = yes
>             encrypt passwords = yes
>             pam password change = yes
>             name resolve order = wins bcast hosts
>             winbind nested groups = no
>             passdb backend = ldapsam:ldap://127.0.0.1/
>             ldap passwd sync = Yes
>             ldap suffix = dc=glastender,dc=com
>             ldap admin dn = cn=Manager,dc=glastender,dc=com
>             ldap ssl = no
>             ldap group suffix = ou=Groups
>             ldap user suffix = ou=People
>             ldap machine suffix = ou=People
>             ldap idmap suffix = ou=Idmap
>             idmap backend = ldap:ldap://127.0.0.1/
>             idmap uid = 10000-20000
>             idmap gid = 10000-20000
>             map acl inherit = yes
>             add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
>             #delete user script = /etc/smbldap-tools/smbldap-userdel 
"%u"
>             add machine script = /etc/smbldap-tools/smbldap-useradd -w
>     "%u"
>             add group script = /etc/smbldap-tools/smbldap-groupadd -p
>     "%g"
>             #delete group script = /etc/smbldap-tools/smbldap-groupdel
>     "%g"
>             add user to group script = 
/etc/smbldap-tools/smbldap-groupmod
>     -m "%u" "%g"
>             delete user from group script =
>     /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
>             set primary group script =
>     /etc/smbldap-tools/smbldap-usermod -g
>     "%g" "%u"
>             domain logons = yes
>             log file = /var/log/samba/log.%m
>             log level = 1
>             syslog = 0
>             max log size = 50
>             #smb ports = 139 445
>             smb ports = 139
>             hosts allow = 127.0.0.1 <http://127.0.0.1>
>     172.16.0.0/255.255.0.0 <http://172.16.0.0/255.255.0.0>
>             # User profiles and home directories
>             logon drive = U:
>             logon path = \\%L\profiles\%U
>             logon script = %U.bat
>             large readwrite = no
>             read raw = no
>             write raw = no
>             printcap name = /etc/printcap
>             load printers = no
>             printing =
>
>     #=========Shares=======
>        template shell = /bin/false
>        winbind use default domain = no
>
>     [homes]
>             comment = Home Directories
>             browseable = no
>
>     --
>
>     *Jason Baker
>     */IT Coordinator/
>
>
>     *Glastender Inc.*
>     5400 North Michigan Road
>     Saginaw, Michigan 48604 USA
>     800.748.0423
>     Phone: 989.752.4275 ext. 228
>     Fax: 989.752.4444
>     www.glastender.com <http://www.glastender.com>
>     <http://www.glastender.com>
>
>     -----BEGIN GEEK CODE BLOCK-----
>     Version: 3.1
>     GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
>     w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
>     r+++ y+++
>     ------END GEEK CODE BLOCK------
>
>     --
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba