[Samba] Unable to add computer to domain
Wesley Hobbie
whobbie81-linuxgeek at yahoo.com
Wed Mar 15 02:20:18 GMT 2006
I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not
working I went and grabbed the most recent. I am using Mandriva 2006
x86-64.
I am sorry, what was your advice that I did not follow?
-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Tuesday, March 14, 2006 7:58 PM
To: Wesley Hobbie
Cc: 'James Taylor'; samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
The idea that you could use one piece of his smbldap-tools was an exercise
in futility.
First of all, is your smbldap-tools up to date or very reasonably close to
up to date? I haven't a clue what OS you are using or version of
smbldap-tools, or packaging.
Second of all, there were other things wrong with the results from the
ldapsearch which returned the dn of uid=server-02
$,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at
that point because getent passwd couldn't find them anyway. I don't mind
that you don't want to follow my advice but would then prefer that you take
me off the reply list.
Whatever you've got installed and configured for smbldap-tools doesn't
appear to be configured correctly and may be too old.
At the point where you have a working ldap and smbldap-tools, we can review
the add user/machine scripts within samba.
Craig
On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote:
> I tried your script, but I am still getting the same error. I deleted
> the LDAP entry, tried again, and now the entry is not even being
> created. I checked my log file and I get slightly different results
> now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111)
> sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189)
> Matchname failed on server02 172.16.0.11
> [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597)
> Unable to open new log file /var/log/samba/server02.log: Permission
> denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111)
> sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189)
> Matchname failed on server02 172.16.0.11
> [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597)
> Unable to open new log file /var/log/samba/server02.log: Permission
> denied [2006/03/14 19:11:06, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "server02$"' gave 9 [2006/03/14 19:15:49, 0]
> lib/util_sock.c:matchname(1111)
> sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189)
> Matchname failed on server02 172.16.0.11
> [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597)
> Unable to open new log file /var/log/samba/server02.log: Permission
> denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111)
> sys_gethostbyname(server02): lookup failure.
> [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189)
> Matchname failed on server02 172.16.0.11
> [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597)
> Unable to open new log file /var/log/samba/server02.log: Permission
> denied
> Error: modifications require authentication at
> /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> line
> 283.
> [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "server02$"' gave 127
> [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597)
> Unable to open new log file /var/log/samba/server02.log: Permission
denied
>
> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Tuesday, March 14, 2006 12:23 PM
> To: 'Wesley Hobbie'; 'Craig White'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
>
>
> Here is what you are missing: sambaSAMAccount information.
>
> Use the script attached to this email to fix this problem.
>
> James
>
> -----Original Message-----
> From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
> Behalf Of Wesley Hobbie
> Sent: Monday, March 13, 2006 7:48 PM
> To: 'Craig White'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
>
> ldapsearch:
> # server02$, Hosts, bluemapletech.com
> dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: server02$
> sn: server02$
> uid: server02$
> uidNumber: 1002
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description:
> Computer gecos: Computer
>
> getent passwd | grep server02 returns nothing.
>
> Computers go in ou=Hosts and users go in ou=People.
>
> What exactly do you want from the ldap.config file?
>
> -----Original Message-----
> From: samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org
> [mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org]
> On Behalf Of Craig White
> Sent: Monday, March 13, 2006 9:27 PM
> To: Wesley Hobbie
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
>
>
> It might be helpful to put cards on table here...
>
> ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> -W '(uid=server02*)'
>
> getent passwd |grep server02
>
> and are you putting computers in the same container as users or do you
> have separate container for computers?
>
> what does the relevant section in ldap.conf look like?
>
> Craig
>
> On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > I did a search on Google and all I found was a bunch of copies of a
> > conversation between Fran Fabrizio and John H Terpstra, and in the
> > end Fran did not have the add machine script.
> >
> > I have the add machine script, that is not the problem, when I try
> > to join the domain from the Windows server, it does create the
> > account in LDAP and still fails :-(. I did look at the server02.log
> > file (log file for my Windows 2003 Server) and I see the following
> > entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log:
> > Permission
> > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log: Permission
> > denied [2006/03/13 20:55:52, 0]
> > rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
> > Running the command `/usr/sbin/smbldap-useradd -w "server02$"' gave 9
> >
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Monday, March 13, 2006 1:25 PM
> > To: 'Wesley Hobbie'; craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >
> >
> > Wes,
> >
> > Do a google search on this topic: [Samba] Can't join my domain
> >
> > You will see what the problem is with the username can't be found.
> >
> > James
> >
> > -----Original Message-----
> > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
> > Behalf Of Wesley Hobbie
> > Sent: Sunday, March 12, 2006 11:14 AM
> > To: craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >
> > Hey Craig,
> > Actually I found on the Internet that I needed to run
> > smbldap-populate, so I did and now I can manually add the user,
> > although when I go to my Windows 2003 Server to join the domain I am
> > still having a problem.
> >
> > Wes
> >
> > -----Original Message-----
> > From: Wesley Hobbie
> > Sent: Sunday, March 12, 2006 5:57 PM
> > To: craigwhite at azapple.com
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >
> > I can connect to LDAP via the command line, and I am using the same
> > user in smb.conf as I am in smbldap-tools_bind.config.
> >
> > Excerpt from smb.conf:
> > passdb backend = ldapsam:ldap://server01.bluemapletech.com
> > ldap suffix = dc=mydomain,dc=com
> > ldap machine suffix = ou=Hosts
> > ldap admin dn = cn=root,dc=mydomain,dc=com
> > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> >
> > Excerpt from smbldap.conf:
> > slaveLDAP="127.0.0.1"
> > slavePort="389"
> >
> > masterLDAP="127.0.0.1"
> > masterPort="389"
> >
> > ldapTLS="1"
> > suffix="dc=mydomain,dc=com"
> > usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}"
> >
> > with_smbpasswd="0"
> > smbpasswd="/usr/bin/smbpasswd" (I am wondering if this is right?)
> >
> > with_slappasswd="0"
> > slappasswd="/usr/sbin/slappasswd"
> >
> > Excerpt from smbldap_bind.conf: slaveDN="cn=root,dc=mydomain,dc=com"
> > slavePw="**********"
> > masterDN="cn=root,dc=mydomain,dc=com"
> > masterPw="**********"
> >
> > Actually, I while I was copying the info from the files I noticed I
> > mispelled my domain name, so I fixed it and tried it again. Now I
> > do not get an error about it cannot contact the LDAP server, only
> > that it could not find the next uid, "Error looking for next uid."
> >
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com]
> > Sent: Sunday, March 12, 2006 11:25 AM
> > To: Wesley Hobbie
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >
> >
> > I'm going to ignore other users problems since they may or may not
> > have similarities to your issues.
> >
> > Can you actually connect to your LDAP server from the command line?
> >
> > Can you actually connect to your LDAP server from the command line
> > with 'write' permissions as the user and parameters as indicated
> > within smb.conf ?
> >
> > Can you actually connect to your LDAP server from the command line
> > with 'write' permissions as the user and parameters as indicated
> > within smbldap-tools_bind.conf ?
> >
> > Craig
> >
> > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > Ok, I did not know that. I modified the two files in the
> > > /etc/smbldap-tools folder, although I am still getting the same
> > > error.
> > >
> > > I looked at the Samba archive for March and I notice some other
> > > people seem to be having the same issue. March 2 - Bevan Agard
> > > March 6 - Hakan BAYINDIR
> > >
> > > I try to add my Windows 2003 Server to the domain and I get an
> > > error
> > > that the user name could not be found. That is when I tried to
> > > manually execute the command that Samba is instructed to use when
> > > adding a machine, which is when I got the error about it cannot
> > > contact the LDAP server.
> > >
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Saturday, March 11, 2006 11:35 AM
> > > To: samba at lists.samba.org
> > > Subject: Re: [Samba] Unable to add computer to domain
> > >
> > >
> > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > I have an OpenLDAP backend, Samba knows how to talk to it, my
> > > > Samba users are stored in LDAP and file shares work fine
> > > > authenticating to the LDAP server. I tried executing
> > > > smbldap-useradd -w server02 on the command-line and got the
> > > > following error: failed to perform search; Can't contact LDAP
> > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line
> > > > 362, <DATA> line
> > > 283.
> > > > Error looking for next uid at
> > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA>
> > > > line
> > > 283.
> > > >
> > > > Anyone have any ideas?
> > > ----
> > > sounds as though you've been using tools other than smbldap to
> > > setup
> > > user accounts, etc.
> > >
> > > smbldap has to be configured to talk to your LDAP server if you
> > > expect it to work.
> > >
> > > depending upon which version of smbldap you are using, your config
> > > files will be in various places but I think the current place is
> > > /etc/smbldap-tools directory these days.
> > >
> > > Craig
> > >
> > >
> > >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list