[Samba] Re: PLEASE HELP! Can't add machines to domain! - SOLVED

Dan samba at the-rusty-nail.com
Tue Sep 26 22:26:39 GMT 2006 

I figured out what my problem was.  It was with nss_ldap not 
authenticating off of ldap.  I didn't notice it before because I had all 
the same users etc in the local file as I did in ldap.  After adding 
some more users to ldap and running "getent passwd", I realized they 
weren't showing up.  I looked around and tried to turn on debugging but 
it didn't work.  I then realized it obviously wasn't reading the 
ldap.conf under my /etc/openldap directory.  I linked that conf to /etc 
and voila everything works!  Something to keep in mind for people seeing 
what I was seeing.

Dan wrote:
> I have spent days now trying to debug why I can not add machines to 
> the domain.  I am using samba 3.0.23c with an openldap backend.  I can 
> authenticate fine using smbclient with the administrator account but 
> when I go to add a machine it fails.  I have checked the debug logs 
> and know what is happening, I am just not sure why or how to fix it.  
> I am using the idealx scripts to add machines.  It adds the machine to 
> ldap but does not add any of the necessary samba attributes.  I 
> thought the machine was supposed to do this now and not the scripts.  
> Is this correct?  If so I am seeing one thing in the log for the 
> machine that I think may have something to do with it.  It says 
> "secrets_fetch failed!" just before the check for the machine and 
> failing.  What does this mean and is this a problem?  As you can see 
> the administrator authenticates fine.  When it fails the check for the 
> machine account with NT_STATUS_NO_SUCH_USER it is searching the ldap 
> for "(&(uid=xplaptop$)(objectClass=sambaSamAccount))"  but the entry 
> created does not contain any "samba*" entries like it should.  I am 
> curious to know if the secrets check failing is the machine trying to 
> add that stuff to ldap?  I have read the how to a few times and don't 
> see anything I missed, but obviously I have something amiss here.  Any 
> help would be GREATLY appreciated as I have spent many many hours 
> trying to find out why this is happening.
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_username(534)
>  pdb_set_username: setting username Administrator, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_domain(557)
>  pdb_set_domain: setting domain DOMAIN_UK, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580)
>  pdb_set_nt_username: setting nt username Administrator, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(603)
>  pdb_set_full_name: setting full name System User, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(696)
>  pdb_set_homedir: setting home dir \UK_PDC\Administrator, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672)
>  pdb_set_dir_drive: setting dir drive c:, was NULL
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626)
>  pdb_set_logon_script: setting logon script logon.bat, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649)
>  pdb_set_profile_path: setting profile path c:\Documents and 
> Settings\Administrator, was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_workstations(739)
>  pdb_set_workstations: setting workstations , was
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463)
>  pdb_set_user_sid: setting user sid 
> S-1-5-21-334771251-3296030561-843139161-500
> [2006/09/26 10:35:53, 10] 
> passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
>  pdb_set_user_sid_from_rid:
>        setting user sid S-1-5-21-334771251-3296030561-843139161-500 
> from rid 500
> [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521)
>  pdb_set_group_sid: setting group sid 
> S-1-5-21-334771251-3296030561-843139161-512
> [2006/09/26 10:35:53, 10] 
> passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
>  pdb_set_group_sid_from_rid:
>        setting group sid S-1-5-21-334771251-3296030561-843139161-512 
> from rid 512
> [2006/09/26 10:35:53, 5] 
> passdb/secrets.c:secrets_fetch_trusted_domain_password(340)
>  secrets_fetch failed!
> [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396)
>  ldapsam_getsampwnam: Unable to locate user [XPLAPTOP$] count=0
> [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
>  ldapsam_getgroup: Did not find group
> [2006/09/26 10:36:00, 3] 
> passdb/pdb_interface.c:pdb_default_create_user(368)
>  _samr_create_user: Running the command 
> `/usr/local/sbin/smbldap-useradd -t 5 -w 'xplaptop$'' gave 0
> [2006/09/26 10:36:00, 3] 
> passdb/pdb_interface.c:pdb_default_create_user(381)
>  pdb_default_create_user: failed to create a new user structure: 
> NT_STATUS_NO_SUCH_USER
> [2006/09/26 10:36:00, 5] lib/gencache.c:gencache_shutdown(90)
>  Closing cache file
>
>

More information about the samba mailing list