[Samba] Unable to add computer to domain

Wesley Hobbie whobbie81-linuxgeek at yahoo.com
Thu Mar 16 01:20:56 GMT 2006 

James,
Once I got smbldap-tools configured, ran smbldap-populate, and used your
script, my problem was according to that the smb-ldap-3-howto I was
following said to use the Administrator account to do the join but the uid
they had for Administrator was 506, and I had read somewhere the uid needed
to be 0, so I kept trying both Administrator and root.  However, since I use
the cn=root to execute LDAP command line commands, and I thought I had set
the Samba root password the same/I forgot I had set it differently, I was
using the wrong password for root.  When I started getting the error about
user not found or bad password, I tried another password...I may have used,
and then it worked.  So like I said last night, after I got all of that
figured out I successfully got the machine joined to the domain.

No it is not a production environment, it is kind of a toy machine for now,
just trying to learn some things.  Trying to see if I can set up a Linux
domain controller equal to a Windows domain controller, and was joining a
Windows Server running SharePoint as a domain member to the domain.

Again, thanks you guys for your help.

-----Original Message-----
From: James Taylor [mailto:jtaylor at laszlosystems.com] 
Sent: Wednesday, March 15, 2006 12:47 PM
To: 'Craig White'; 'Wesley Hobbie'
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


Wesley,

Currently I am using Mandriva 2006 as well.  What Craig is telling you is
correct, if you do not have your /etc/ldap.conf configured correctly and as
mentioned before by both Craig and myself if your smbldap-tools conf files
are not correctly setup then this will not work and you will receive the
errors you are receiving.  

I would strongly suggest going through every file line by line and make sure
everything matches up correctly.  Just the statements that you tried several
different accounts and different passwords for the same account leaves me to
believe that you might not have the most organized installation.  Look at
your /openldap/slapd.conf file use your root cn for your bind configuration.
If you have a root user in your openldap database and you can successfully
bind then change your openldap root password and document it so you won't
have conflicting information.  

Start out simple, make sure you have the correct access to your ldap
directory structure within the slapd.access.conf file.  Then make it more
restrictive using the DSA accounts (if you used the IDEALX configuration
info).  Don't do this if this is production but from the sounds of it you
are not in a production environment with your LDAP Database, otherwise
yikes. 

Once you get yourself on some firm footing the pieces should all come
together.  

James

-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com] 
Sent: Tuesday, March 14, 2006 6:30 PM
To: Wesley Hobbie
Cc: 'James Taylor'; samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote:
> I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not
> working I went and grabbed the most recent.  I am using Mandriva 2006 
> x86-64.
> 
> I am sorry, what was your advice that I did not follow?
----
I think that you've answered it already...you are going to have to point
ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as
well as ou=People,dc=bluemapletech,dc=com

if getent can't find it, samba can't find it and it is not gonna work.

the above is what I suggested yesterday. As for now, why smbldap-useradd
doesn't work anymore...

smbldap-tools 0.9.2 will almost certainly put configuration files and ldap
bind configuration in /etc/smbldap-tools

hopefully, you still have your smbldap-useradd program...

# which smbldap-useradd
/usr/sbin/smbldap-useradd

(note this is on RHEL 4 system - Mandriva should be pretty close to the
same)
----
> 
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com]
> Sent: Tuesday, March 14, 2006 7:58 PM
> To: Wesley Hobbie
> Cc: 'James Taylor'; samba at lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
> 
> 
> The idea that you could use one piece of his smbldap-tools was an
> exercise in futility.
> 
> First of all, is your smbldap-tools up to date or very reasonably
> close to up to date? I haven't a clue what OS you are using or version 
> of smbldap-tools, or packaging.
> 
> Second of all, there were other things wrong with the results from the
> ldapsearch which returned the dn of uid=server-02 
> $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with 
> them at that point because getent passwd couldn't find them anyway. I 
> don't mind that you don't want to follow my advice but would then 
> prefer that you
take
> me off the reply list.
> 
> Whatever you've got installed and configured for smbldap-tools doesn't
> appear to be configured correctly and may be too old.
> 
> At the point where you have a working ldap and smbldap-tools, we can
review
> the add user/machine scripts within samba.
> 
> Craig
> 
> On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote:
> > I tried your script, but I am still getting the same error.  I
> > deleted
> > the LDAP entry, tried again, and now the entry is not even being 
> > created.  I checked my log file and I get slightly different results 
> > now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111)
> >   sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189)
> >   Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597)
> >   Unable to open new log file /var/log/samba/server02.log: Permission 
> > denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111)
> >   sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189)
> >   Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597)
> >   Unable to open new log file /var/log/samba/server02.log: Permission 
> > denied [2006/03/14 19:11:06, 0]
> rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> >   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd
> > -w
> > "server02$"' gave 9 [2006/03/14 19:15:49, 0] 
> > lib/util_sock.c:matchname(1111)
> >   sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189)
> >   Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597)
> >   Unable to open new log file /var/log/samba/server02.log: Permission 
> > denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111)
> >   sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189)
> >   Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597)
> >   Unable to open new log file /var/log/samba/server02.log: Permission 
> > denied
> > Error: modifications require authentication at
> > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> line
> > 283.
> > [2006/03/14 19:16:00, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> >   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd
> > -w "server02$"' gave 127 [2006/03/14 19:19:16, 0] 
> > lib/debug.c:reopen_logs(597)
> >   Unable to open new log file /var/log/samba/server02.log: 
> > Permission
> denied
> > 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Tuesday, March 14, 2006 12:23 PM
> > To: 'Wesley Hobbie'; 'Craig White'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > 
> > Here is what you are missing:  sambaSAMAccount information.
> > 
> > Use the script attached to this email to fix this problem.
> > 
> > James
> > 
> > -----Original Message-----
> > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On 
> > Behalf Of Wesley Hobbie
> > Sent: Monday, March 13, 2006 7:48 PM
> > To: 'Craig White'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > ldapsearch:
> > # server02$, Hosts, bluemapletech.com
> > dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > cn: server02$
> > sn: server02$
> > uid: server02$
> > uidNumber: 1002
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description:
> > Computer gecos: Computer
> > 
> > getent passwd | grep server02 returns nothing.
> > 
> > Computers go in ou=Hosts and users go in ou=People.
> > 
> > What exactly do you want from the ldap.config file?
> > 
> > -----Original Message-----
> > From: samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org
> > [mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com at lists.samba.org]
> > On Behalf Of Craig White
> > Sent: Monday, March 13, 2006 9:27 PM
> > To: Wesley Hobbie
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > 
> > It might be helpful to put cards on table here...
> > 
> > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> > -W '(uid=server02*)'
> > 
> > getent passwd |grep server02
> > 
> > and are you putting computers in the same container as users or do
> > you
> > have separate container for computers?
> > 
> > what does the relevant section in ldap.conf look like?
> > 
> > Craig
> > 
> > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > > I did a search on Google and all I found was a bunch of copies of
> > > a
> > > conversation between Fran Fabrizio and John H Terpstra, and in the 
> > > end Fran did not have the add machine script.
> > > 
> > > I have the add machine script, that is not the problem, when I try 
> > > to join the domain from the Windows server, it does create the 
> > > account in LDAP and still fails :-(.  I did look at the 
> > > server02.log file (log file for my Windows 2003 Server) and I see 
> > > the following
> > > entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> > >    sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> > >    Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> > >    Unable to open new log file /var/log/samba/server02.log: 
> > > Permission
> > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> > >    sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> > >    Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> > >    Unable to open new log file /var/log/samba/server02.log: Permission

> > > denied [2006/03/13 20:55:52, 0]
> > > rpc_server/srv_samr_nt.c:_samr_create_user(2404)   _samr_create_user:
> > > Running the command `/usr/sbin/smbldap-useradd -w "server02$"'
> > > gave 9
> > > 
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Monday, March 13, 2006 1:25 PM
> > > To: 'Wesley Hobbie'; craigwhite at azapple.com
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > 
> > > Wes,
> > > 
> > > Do a google search on this topic: [Samba] Can't join my domain
> > > 
> > > You will see what the problem is with the username can't be found.
> > > 
> > > James
> > > 
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org]
> > > On
> > > Behalf Of Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 11:14 AM
> > > To: craigwhite at azapple.com
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > Hey Craig,
> > > Actually I found on the Internet that I needed to run 
> > > smbldap-populate, so I did and now I can manually add the user, 
> > > although when I go to my Windows 2003 Server to join the domain I 
> > > am still having a problem.
> > >  
> > > Wes
> > > 
> > > -----Original Message-----
> > > From: Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 5:57 PM
> > > To: craigwhite at azapple.com
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > I can connect to LDAP via the command line, and I am using the
> > > same
> > > user in smb.conf as I am in smbldap-tools_bind.config.
> > > 
> > > Excerpt from smb.conf:
> > > passdb backend = ldapsam:ldap://server01.bluemapletech.com
> > > ldap suffix = dc=mydomain,dc=com
> > > ldap machine suffix = ou=Hosts
> > > ldap admin dn = cn=root,dc=mydomain,dc=com
> > > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> > > 
> > > Excerpt from smbldap.conf:
> > > slaveLDAP="127.0.0.1"
> > > slavePort="389"
> > > 
> > > masterLDAP="127.0.0.1"
> > > masterPort="389"
> > > 
> > > ldapTLS="1"
> > > suffix="dc=mydomain,dc=com"
> > > usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}"
> > > 
> > > with_smbpasswd="0"
> > > smbpasswd="/usr/bin/smbpasswd"  (I am wondering if this is right?)
> > > 
> > > with_slappasswd="0"
> > > slappasswd="/usr/sbin/slappasswd"
> > > 
> > > Excerpt from smbldap_bind.conf:
> > > slaveDN="cn=root,dc=mydomain,dc=com"
> > > slavePw="**********"
> > > masterDN="cn=root,dc=mydomain,dc=com"
> > > masterPw="**********"
> > > 
> > > Actually, I while I was copying the info from the files I noticed
> > > I
> > > mispelled my domain name, so I fixed it and tried it again.  Now I 
> > > do not get an error about it cannot contact the LDAP server, only 
> > > that it could not find the next uid, "Error looking for next uid."
> > > 
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Sunday, March 12, 2006 11:25 AM
> > > To: Wesley Hobbie
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > 
> > > I'm going to ignore other users problems since they may or may not 
> > > have similarities to your issues.
> > > 
> > > Can you actually connect to your LDAP server from the command
> > > line?
> > > 
> > > Can you actually connect to your LDAP server from the command line 
> > > with 'write' permissions as the user and parameters as indicated 
> > > within smb.conf ?
> > > 
> > > Can you actually connect to your LDAP server from the command line 
> > > with 'write' permissions as the user and parameters as indicated 
> > > within smbldap-tools_bind.conf ?
> > > 
> > > Craig
> > > 
> > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > > Ok, I did not know that.  I modified the two files in the
> > > > /etc/smbldap-tools folder, although I am still getting the same 
> > > > error.
> > > > 
> > > > I looked at the Samba archive for March and I notice some other 
> > > > people seem to be having the same issue. March 2 - Bevan Agard 
> > > > March 6 - Hakan BAYINDIR
> > > > 
> > > > I try to add my Windows 2003 Server to the domain and I get an 
> > > > error that the user name could not be found.  That is when I 
> > > > tried to manually execute the command that Samba is instructed 
> > > > to use when adding a machine, which is when I got the error 
> > > > about it cannot contact the LDAP server.
> > > > 
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Saturday, March 11, 2006 11:35 AM
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Unable to add computer to domain
> > > > 
> > > > 
> > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > > I have an OpenLDAP backend, Samba knows how to talk to it, my 
> > > > > Samba users are stored in LDAP and file shares work fine 
> > > > > authenticating to the LDAP server. I tried executing 
> > > > > smbldap-useradd -w server02 on the command-line and got the 
> > > > > following error: failed to perform search; Can't contact LDAP 
> > > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm 
> > > > > line 362, <DATA> line
> > > > 283.
> > > > > Error looking for next uid at
> > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, 
> > > > > <DATA>

> > > > > line
> > > > 283.
> > > > >  
> > > > > Anyone have any ideas?
> > > > ----
> > > > sounds as though you've been using tools other than smbldap to 
> > > > setup user accounts, etc.
> > > > 
> > > > smbldap has to be configured to talk to your LDAP server if you 
> > > > expect it to work.
> > > > 
> > > > depending upon which version of smbldap you are using, your
> > > > config files will be in various places but I think the current 
> > > > place is /etc/smbldap-tools directory these days.
> > > > 
> > > > Craig
> > > > 
> > > > 
> > > > 
> > > 
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 
> 
>

More information about the samba mailing list