[Samba] Unable to add computer to domain

James Taylor jtaylor at laszlosystems.com
Wed Mar 15 01:44:38 GMT 2006 

What user are you using to create the account?  I know the script works
since several users are currently using it.  You need to be using a user
with Administrative access rights to the LDAP Database so the machine
account can be created properly.  If you are getting a permission denied you
aren't using the right account to create the machine.  You can also run the
smbldap-useradd script manually from the LDAP server, (make sure your
SMBLDAP_BIND.CONF file is setup correctly).

Your command should look like this:
smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u'

Where %u is the Machine name you are adding.

JT

-----Original Message-----
From: Wesley Hobbie [mailto:whobbie81-linuxgeek at yahoo.com] 
Sent: Tuesday, March 14, 2006 5:38 PM
To: 'James Taylor'; 'Craig White'
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

I tried your script, but I am still getting the same error.  I deleted the
LDAP entry, tried again, and now the entry is not even being created.  I
checked my log file and I get slightly different results now:
[2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111)
  sys_gethostbyname(server02): lookup failure.
[2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189)
  Matchname failed on server02 172.16.0.11
[2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /var/log/samba/server02.log: Permission denied
[2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111)
  sys_gethostbyname(server02): lookup failure.
[2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189)
  Matchname failed on server02 172.16.0.11
[2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /var/log/samba/server02.log: Permission denied
[2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"server02$"' gave 9
[2006/03/14 19:15:49, 0] lib/util_sock.c:matchname(1111)
  sys_gethostbyname(server02): lookup failure.
[2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189)
  Matchname failed on server02 172.16.0.11
[2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /var/log/samba/server02.log: Permission denied
[2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111)
  sys_gethostbyname(server02): lookup failure.
[2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189)
  Matchname failed on server02 172.16.0.11
[2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /var/log/samba/server02.log: Permission denied
Error: modifications require authentication at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> line
283.
[2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"server02$"' gave 127
[2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /var/log/samba/server02.log: Permission denied

-----Original Message-----
From: James Taylor [mailto:jtaylor at laszlosystems.com] 
Sent: Tuesday, March 14, 2006 12:23 PM
To: 'Wesley Hobbie'; 'Craig White'
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


Here is what you are missing:  sambaSAMAccount information.

Use the script attached to this email to fix this problem.

James

-----Original Message-----
From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
[mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On Behalf
Of Wesley Hobbie
Sent: Monday, March 13, 2006 7:48 PM
To: 'Craig White'
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

ldapsearch:
# server02$, Hosts, bluemapletech.com
dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: server02$
sn: server02$
uid: server02$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description:
Computer gecos: Computer

getent passwd | grep server02 returns nothing.

Computers go in ou=Hosts and users go in ou=People.

What exactly do you want from the ldap.config file?

-----Original Message-----
From: samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org
[mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org] On
Behalf Of Craig White
Sent: Monday, March 13, 2006 9:27 PM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


It might be helpful to put cards on table here...

ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
-W '(uid=server02*)'

getent passwd |grep server02

and are you putting computers in the same container as users or do you have
separate container for computers?

what does the relevant section in ldap.conf look like?

Craig

On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> I did a search on Google and all I found was a bunch of copies of a
> conversation between Fran Fabrizio and John H Terpstra, and in the end 
> Fran did not have the add machine script.
> 
> I have the add machine script, that is not the problem, when I try to
> join the domain from the Windows server, it does create the account in 
> LDAP and still fails :-(.  I did look at the server02.log file (log 
> file for my Windows 2003 Server) and I see the following entries: 
> [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
>    sys_gethostbyname(server02): lookup failure.
> [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
>    Matchname failed on server02 172.16.0.11
> [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
>    Unable to open new log file /var/log/samba/server02.log: Permission 
> denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
>    sys_gethostbyname(server02): lookup failure.
> [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
>    Matchname failed on server02 172.16.0.11
> [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
>    Unable to open new log file /var/log/samba/server02.log: Permission 
> denied [2006/03/13 20:55:52, 0]
> rpc_server/srv_samr_nt.c:_samr_create_user(2404)   _samr_create_user:
> Running the command `/usr/sbin/smbldap-useradd -w "server02$"' gave 9
> 
> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Monday, March 13, 2006 1:25 PM
> To: 'Wesley Hobbie'; craigwhite at azapple.com
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> 
> Wes,
> 
> Do a google search on this topic: [Samba] Can't join my domain
> 
> You will see what the problem is with the username can't be found.
> 
> James
> 
> -----Original Message-----
> From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
> Behalf Of Wesley Hobbie
> Sent: Sunday, March 12, 2006 11:14 AM
> To: craigwhite at azapple.com
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> Hey Craig,
> Actually I found on the Internet that I needed to run
> smbldap-populate, so I did and now I can manually add the user, 
> although when I go to my Windows 2003 Server to join the domain I am 
> still having a problem.
>  
> Wes
> 
> -----Original Message-----
> From: Wesley Hobbie
> Sent: Sunday, March 12, 2006 5:57 PM
> To: craigwhite at azapple.com
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> I can connect to LDAP via the command line, and I am using the same
> user in smb.conf as I am in smbldap-tools_bind.config.
> 
> Excerpt from smb.conf:
> passdb backend = ldapsam:ldap://server01.bluemapletech.com
> ldap suffix = dc=mydomain,dc=com
> ldap machine suffix = ou=Hosts
> ldap admin dn = cn=root,dc=mydomain,dc=com
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> 
> Excerpt from smbldap.conf:
> slaveLDAP="127.0.0.1"
> slavePort="389"
> 
> masterLDAP="127.0.0.1"
> masterPort="389"
> 
> ldapTLS="1"
> suffix="dc=mydomain,dc=com"
> usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}"
> 
> with_smbpasswd="0"
> smbpasswd="/usr/bin/smbpasswd"  (I am wondering if this is right?)
> 
> with_slappasswd="0"
> slappasswd="/usr/sbin/slappasswd"
> 
> Excerpt from smbldap_bind.conf: slaveDN="cn=root,dc=mydomain,dc=com"
> slavePw="**********"
> masterDN="cn=root,dc=mydomain,dc=com"
> masterPw="**********"
> 
> Actually, I while I was copying the info from the files I noticed I
> mispelled my domain name, so I fixed it and tried it again.  Now I do 
> not get an error about it cannot contact the LDAP server, only that it 
> could not find the next uid, "Error looking for next uid."
> 
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com]
> Sent: Sunday, March 12, 2006 11:25 AM
> To: Wesley Hobbie
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> 
> I'm going to ignore other users problems since they may or may not
> have similarities to your issues.
> 
> Can you actually connect to your LDAP server from the command line?
> 
> Can you actually connect to your LDAP server from the command line
> with 'write' permissions as the user and parameters as indicated 
> within smb.conf ?
> 
> Can you actually connect to your LDAP server from the command line
> with 'write' permissions as the user and parameters as indicated 
> within smbldap-tools_bind.conf ?
> 
> Craig
> 
> On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > Ok, I did not know that.  I modified the two files in the 
> > /etc/smbldap-tools folder, although I am still getting the same 
> > error.
> > 
> > I looked at the Samba archive for March and I notice some other
> > people
> > seem to be having the same issue. March 2 - Bevan Agard
> > March 6 - Hakan BAYINDIR
> > 
> > I try to add my Windows 2003 Server to the domain and I get an error 
> > that the user name could not be found.  That is when I tried to 
> > manually execute the command that Samba is instructed to use when 
> > adding a machine, which is when I got the error about it cannot 
> > contact the LDAP server.
> > 
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com]
> > Sent: Saturday, March 11, 2006 11:35 AM
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Unable to add computer to domain
> > 
> > 
> > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > I have an OpenLDAP backend, Samba knows how to talk to it, my
> > > Samba users are stored in LDAP and file shares work fine 
> > > authenticating to the LDAP server. I tried executing 
> > > smbldap-useradd -w server02 on the command-line and got the 
> > > following error: failed to perform search; Can't contact LDAP 
> > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 
> > > 362, <DATA> line
> > 283.
> > > Error looking for next uid at 
> > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA> 
> > > line
> > 283.
> > >  
> > > Anyone have any ideas?
> > ----
> > sounds as though you've been using tools other than smbldap to setup 
> > user accounts, etc.
> > 
> > smbldap has to be configured to talk to your LDAP server if you
> > expect
> > it to work.
> > 
> > depending upon which version of smbldap you are using, your config 
> > files will be in various places but I think the current place is 
> > /etc/smbldap-tools directory these days.
> > 
> > Craig
> > 
> > 
> > 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list