[Samba] PLEASE HELP! Can't add machines to domain!

Chuck Theobald chuckt at uoregon.edu
Wed Sep 27 14:53:36 GMT 2006


I see this sort of behavior about half the time I add a machine to the 
domain.  The workstation comes back with a message expressing 
NT_STATUS_NO_SUCH_USER.  A second attempt generally succeeds. 

It looks like your "add machine script" in smb.conf is correct.  I would 
try running the smbldap-useradd command from the command-line, then 
checking the output and your LDAP database.  I have discovered stderr 
messages that do not make it back to the workstation level.

I think that the idealx scripts are wholly responsible for what goes 
into the LDAP database, the workstation does not have direct contact 
with your LDAP database.

Good luck,

I have spent days now trying to debug why I can not add machines to the 
domain.  I am using samba 3.0.23c with an openldap backend.  I can 
authenticate fine using smbclient with the administrator account but 
when I go to add a machine it fails.  I have checked the debug logs and 
know what is happening, I am just not sure why or how to fix it.  I am 
using the idealx scripts to add machines.  It adds the machine to ldap 
but does not add any of the necessary samba attributes.  I thought the 
machine was supposed to do this now and not the scripts.  Is this 
correct?  If so I am seeing one thing in the log for the machine that I 
think may have something to do with it.  It says "secrets_fetch failed!" 
just before the check for the machine and failing.  What does this mean 
and is this a problem?  As you can see the administrator authenticates 
fine.  When it fails the check for the machine account with 
NT_STATUS_NO_SUCH_USER it is searching the ldap for 
"(&(uid=xplaptop$)(objectClass=sambaSamAccount))"  but the entry created 
does not contain any "samba*" entries like it should.  I am curious to 
know if the secrets check failing is the machine trying to add that 
stuff to ldap?  I have read the how to a few times and don't see 
anything I missed, but obviously I have something amiss here.  Any help 
would be GREATLY appreciated as I have spent many many hours trying to 
find out why this is happening.
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_username(534)
 pdb_set_username: setting username Administrator, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_domain(557)
 pdb_set_domain: setting domain DOMAIN_UK, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580)
 pdb_set_nt_username: setting nt username Administrator, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(603)
 pdb_set_full_name: setting full name System User, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(696)
 pdb_set_homedir: setting home dir \UK_PDC\Administrator, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672)
 pdb_set_dir_drive: setting dir drive c:, was NULL
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626)
 pdb_set_logon_script: setting logon script logon.bat, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649)
 pdb_set_profile_path: setting profile path c:\Documents and 
Settings\Administrator, was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_workstations(739)
 pdb_set_workstations: setting workstations , was
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463)
 pdb_set_user_sid: setting user sid 
[2006/09/26 10:35:53, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
       setting user sid S-1-5-21-334771251-3296030561-843139161-500 from 
rid 500
[2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521)
 pdb_set_group_sid: setting group sid 
[2006/09/26 10:35:53, 10] 
       setting group sid S-1-5-21-334771251-3296030561-843139161-512 
from rid 512
[2006/09/26 10:35:53, 5] 
 secrets_fetch failed!
[2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396)
 ldapsam_getsampwnam: Unable to locate user [XPLAPTOP$] count=0
[2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
 ldapsam_getgroup: Did not find group
[2006/09/26 10:36:00, 3] 
 _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd 
-t 5 -w 'xplaptop$'' gave 0
[2006/09/26 10:36:00, 3] 
 pdb_default_create_user: failed to create a new user structure: 
[2006/09/26 10:36:00, 5] lib/gencache.c:gencache_shutdown(90)
 Closing cache file

Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345

More information about the samba mailing list