[Samba] Unable to add computer to domain

Wesley Hobbie whobbie81-linuxgeek at yahoo.com
Wed Mar 15 02:20:18 GMT 2006


I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not
working I went and grabbed the most recent.  I am using Mandriva 2006
x86-64.

I am sorry, what was your advice that I did not follow?

-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com] 
Sent: Tuesday, March 14, 2006 7:58 PM
To: Wesley Hobbie
Cc: 'James Taylor'; samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


The idea that you could use one piece of his smbldap-tools was an exercise
in futility.

First of all, is your smbldap-tools up to date or very reasonably close to
up to date? I haven't a clue what OS you are using or version of
smbldap-tools, or packaging.

Second of all, there were other things wrong with the results from the
ldapsearch which returned the dn of uid=server-02
$,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at
that point because getent passwd couldn't find them anyway. I don't mind
that you don't want to follow my advice but would then prefer that you take
me off the reply list.

Whatever you've got installed and configured for smbldap-tools doesn't
appear to be configured correctly and may be too old.

At the point where you have a working ldap and smbldap-tools, we can review
the add user/machine scripts within samba.

Craig

On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote:
> I tried your script, but I am still getting the same error.  I deleted 
> the LDAP entry, tried again, and now the entry is not even being 
> created.  I checked my log file and I get slightly different results 
> now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111)
>   sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189)
>   Matchname failed on server02 172.16.0.11
> [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597)
>   Unable to open new log file /var/log/samba/server02.log: Permission 
> denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111)
>   sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189)
>   Matchname failed on server02 172.16.0.11
> [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597)
>   Unable to open new log file /var/log/samba/server02.log: Permission 
> denied [2006/03/14 19:11:06, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 
> "server02$"' gave 9 [2006/03/14 19:15:49, 0] 
> lib/util_sock.c:matchname(1111)
>   sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189)
>   Matchname failed on server02 172.16.0.11
> [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597)
>   Unable to open new log file /var/log/samba/server02.log: Permission 
> denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111)
>   sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189)
>   Matchname failed on server02 172.16.0.11
> [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597)
>   Unable to open new log file /var/log/samba/server02.log: Permission 
> denied
> Error: modifications require authentication at
> /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> line
> 283.
> [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "server02$"' gave 127
> [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597)
>   Unable to open new log file /var/log/samba/server02.log: Permission
denied
> 
> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Tuesday, March 14, 2006 12:23 PM
> To: 'Wesley Hobbie'; 'Craig White'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> 
> Here is what you are missing:  sambaSAMAccount information.
> 
> Use the script attached to this email to fix this problem.
> 
> James
> 
> -----Original Message-----
> From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On 
> Behalf Of Wesley Hobbie
> Sent: Monday, March 13, 2006 7:48 PM
> To: 'Craig White'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> ldapsearch:
> # server02$, Hosts, bluemapletech.com
> dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: server02$
> sn: server02$
> uid: server02$
> uidNumber: 1002
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description:
> Computer gecos: Computer
> 
> getent passwd | grep server02 returns nothing.
> 
> Computers go in ou=Hosts and users go in ou=People.
> 
> What exactly do you want from the ldap.config file?
> 
> -----Original Message-----
> From: samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org
> [mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org] 
> On Behalf Of Craig White
> Sent: Monday, March 13, 2006 9:27 PM
> To: Wesley Hobbie
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> 
> It might be helpful to put cards on table here...
> 
> ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> -W '(uid=server02*)'
> 
> getent passwd |grep server02
> 
> and are you putting computers in the same container as users or do you 
> have separate container for computers?
> 
> what does the relevant section in ldap.conf look like?
> 
> Craig
> 
> On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > I did a search on Google and all I found was a bunch of copies of a 
> > conversation between Fran Fabrizio and John H Terpstra, and in the 
> > end Fran did not have the add machine script.
> > 
> > I have the add machine script, that is not the problem, when I try 
> > to join the domain from the Windows server, it does create the 
> > account in LDAP and still fails :-(.  I did look at the server02.log 
> > file (log file for my Windows 2003 Server) and I see the following 
> > entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> >    sys_gethostbyname(server02): lookup failure.
> > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> >    Matchname failed on server02 172.16.0.11
> > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> >    Unable to open new log file /var/log/samba/server02.log: 
> > Permission
> > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> >    sys_gethostbyname(server02): lookup failure.
> > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> >    Matchname failed on server02 172.16.0.11
> > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> >    Unable to open new log file /var/log/samba/server02.log: Permission 
> > denied [2006/03/13 20:55:52, 0]
> > rpc_server/srv_samr_nt.c:_samr_create_user(2404)   _samr_create_user:
> > Running the command `/usr/sbin/smbldap-useradd -w "server02$"' gave 9
> > 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Monday, March 13, 2006 1:25 PM
> > To: 'Wesley Hobbie'; craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > 
> > Wes,
> > 
> > Do a google search on this topic: [Samba] Can't join my domain
> > 
> > You will see what the problem is with the username can't be found.
> > 
> > James
> > 
> > -----Original Message-----
> > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On 
> > Behalf Of Wesley Hobbie
> > Sent: Sunday, March 12, 2006 11:14 AM
> > To: craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > Hey Craig,
> > Actually I found on the Internet that I needed to run 
> > smbldap-populate, so I did and now I can manually add the user, 
> > although when I go to my Windows 2003 Server to join the domain I am 
> > still having a problem.
> >  
> > Wes
> > 
> > -----Original Message-----
> > From: Wesley Hobbie
> > Sent: Sunday, March 12, 2006 5:57 PM
> > To: craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > I can connect to LDAP via the command line, and I am using the same 
> > user in smb.conf as I am in smbldap-tools_bind.config.
> > 
> > Excerpt from smb.conf:
> > passdb backend = ldapsam:ldap://server01.bluemapletech.com
> > ldap suffix = dc=mydomain,dc=com
> > ldap machine suffix = ou=Hosts
> > ldap admin dn = cn=root,dc=mydomain,dc=com
> > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> > 
> > Excerpt from smbldap.conf:
> > slaveLDAP="127.0.0.1"
> > slavePort="389"
> > 
> > masterLDAP="127.0.0.1"
> > masterPort="389"
> > 
> > ldapTLS="1"
> > suffix="dc=mydomain,dc=com"
> > usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}"
> > 
> > with_smbpasswd="0"
> > smbpasswd="/usr/bin/smbpasswd"  (I am wondering if this is right?)
> > 
> > with_slappasswd="0"
> > slappasswd="/usr/sbin/slappasswd"
> > 
> > Excerpt from smbldap_bind.conf: slaveDN="cn=root,dc=mydomain,dc=com"
> > slavePw="**********"
> > masterDN="cn=root,dc=mydomain,dc=com"
> > masterPw="**********"
> > 
> > Actually, I while I was copying the info from the files I noticed I 
> > mispelled my domain name, so I fixed it and tried it again.  Now I 
> > do not get an error about it cannot contact the LDAP server, only 
> > that it could not find the next uid, "Error looking for next uid."
> > 
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com]
> > Sent: Sunday, March 12, 2006 11:25 AM
> > To: Wesley Hobbie
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > 
> > I'm going to ignore other users problems since they may or may not 
> > have similarities to your issues.
> > 
> > Can you actually connect to your LDAP server from the command line?
> > 
> > Can you actually connect to your LDAP server from the command line 
> > with 'write' permissions as the user and parameters as indicated 
> > within smb.conf ?
> > 
> > Can you actually connect to your LDAP server from the command line 
> > with 'write' permissions as the user and parameters as indicated 
> > within smbldap-tools_bind.conf ?
> > 
> > Craig
> > 
> > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > Ok, I did not know that.  I modified the two files in the
> > > /etc/smbldap-tools folder, although I am still getting the same 
> > > error.
> > > 
> > > I looked at the Samba archive for March and I notice some other 
> > > people seem to be having the same issue. March 2 - Bevan Agard
> > > March 6 - Hakan BAYINDIR
> > > 
> > > I try to add my Windows 2003 Server to the domain and I get an 
> > > error
> > > that the user name could not be found.  That is when I tried to 
> > > manually execute the command that Samba is instructed to use when 
> > > adding a machine, which is when I got the error about it cannot 
> > > contact the LDAP server.
> > > 
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Saturday, March 11, 2006 11:35 AM
> > > To: samba at lists.samba.org
> > > Subject: Re: [Samba] Unable to add computer to domain
> > > 
> > > 
> > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > I have an OpenLDAP backend, Samba knows how to talk to it, my 
> > > > Samba users are stored in LDAP and file shares work fine 
> > > > authenticating to the LDAP server. I tried executing 
> > > > smbldap-useradd -w server02 on the command-line and got the 
> > > > following error: failed to perform search; Can't contact LDAP 
> > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 
> > > > 362, <DATA> line
> > > 283.
> > > > Error looking for next uid at
> > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA> 
> > > > line
> > > 283.
> > > >  
> > > > Anyone have any ideas?
> > > ----
> > > sounds as though you've been using tools other than smbldap to 
> > > setup
> > > user accounts, etc.
> > > 
> > > smbldap has to be configured to talk to your LDAP server if you 
> > > expect it to work.
> > > 
> > > depending upon which version of smbldap you are using, your config
> > > files will be in various places but I think the current place is 
> > > /etc/smbldap-tools directory these days.
> > > 
> > > Craig
> > > 
> > > 
> > > 
> > 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 




More information about the samba mailing list