[Samba] Can not add machine to the domain
Chris Boyd
chris.boyd at usit.ie
Wed May 23 16:20:30 GMT 2007
-----Original Message-----
From: Sascha Bieler [mailto:sascha.bieler at radiogong.de]
Sent: 23 May 2007 16:57
To: 'Chris Boyd '; samba at lists.samba.org
Subject: RE: [Samba] Can not add machine to the domain
Did you modify
/usr/share/perl5/smbldap_tools.pm and
/etc/samba/smbldap.conf
to fit your needs?
my $smbldap_conf;
if (-e "/etc/smbldap-tools/smbldap.conf") {
$smbldap_conf="/etc/smbldap-tools/smbldap.conf";
} else {
$smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
}
my $smbldap_bind_conf;
if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
$smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
} else {
$smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
}
smbldap.conf
SID="S-1-5-21-1953726507-754737620-746616776"
sambaDomain="usit"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="10.133.1.21"
masterPort="389"
ldapTLS="1"
verify="require"
cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"
clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
suffix="dc=usit,dc=ie"
usersdn="ou=users,${suffix}"
computersdn="ou=machines,${suffix}"
groupsdn="ou=groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=usit,${suffix}"
scope="sub"
hash_encrypt="MD5"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\PDC-SRV\%U"
userProfile="\\PDC-SRV\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="usit.ie"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
slappasswd="/usr/sbin/slappasswd"
Do you have a proper working DNS server?
yes
Does your PDC act as WinS server also? If not, do so.
I just tried that to no avail
What does your logfile say???
sh: /usr/local/smbldap-tools/smbldap-useradd: No such file or directory
[2007/05/23 14:56:07, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127
sh: /usr/local/smbldap-tools/smbldap-useradd: No such file or directory
[2007/05/23 16:05:55, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127
sh: /usr/local/smbldap-tools/smbldap-useradd: No such file or directory
[2007/05/23 16:21:45, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127
sh: /usr/local/smbldap-tools/smbldap-useradd: No such file or directory
[2007/05/23 16:57:49, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127
Here's a working smb.conf from debian etch:
[global]
interfaces = lo eth3
bind interfaces only = Yes
name resolve order = wins bcast lmhosts host
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
load printers = Yes
unix charset = UTF-8
display charset = UTF-8
workgroup = usit
admin users = @"Domain Admins",MUSIC\Administrator
guest account = nobody
server string = %h %v
security = user
encrypt passwords = true
log level = 2 vfs:2
log file = /var/log/samba/log.%m
syslog = 0
max log size = 100000
domain logons = Yes
os level = 255
domain master = Yes
local master = Yes
wins support = Yes
wins proxy = Yes
dns proxy = Yes
time server = Yes
#ldap##
passdb backend = ldapsam:"ldap://127.0.0.1/"
ldap admin dn = cn=admin,dc=usit,dc=ie
ldap suffix = dc=usit,dc=ie
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = no
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -a -P "%u"
delete user script = /usr/sbin/smbldap-userdel -r "%u"; rm -r
/home/"%u"; rm -r /opt/profiles/"%u"
# add machine script = /usr/sbin/smbldap-useradd -w "%u"
add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c
'Machine Account' -s /bin/false "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
ldap passwd sync = Yes
utmp = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ldap:ldap://127.0.0.1/
shutdown script = /sbin/shutdown
abort shutdown script = /sbin/shutdown -c
nt acl support = yes
kernel oplocks = yes
enable privileges = Yes
template shell = /bin/false
logon script = logon.bat
logon path =
logon home =
Good Luck!
-----Original Message-----
From: samba-bounces+sascha.bieler=radiogong.de at lists.samba.org
[mailto:samba-bounces+sascha.bieler=radiogong.de at lists.samba.org] On Behalf
Of Chris Boyd
Sent: Wednesday, May 23, 2007 5:22 PM
To: samba at lists.samba.org
Subject: [Samba] Can not add machine to the domain
Running samba-3.0.24 with ldap on debian etch.
Whenever I try to add an xp pro machine to the domain I get (on the pc) "the
username can not be found". I'm loggin in as admin. In the samba log I get
(for this pc)
" passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command
`/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127"
I changed disabled the digital encryption for domain on the xp box in
security policy. I can add the machine from the debian command line with no
problems.
Here is the smb.conf
[global]
workgroup = usit
server string = %h server
dns proxy = no
interfaces = 127.0.0.0/8 eth0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = ldapsam:ldap://10.133.1.21
ldap suffix = dc=usit,dc=ie
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=usit,dc=ie
ldap delete dn = no
obey pam restrictions = yes
ldap password sync = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
enable privileges = yes
logon path = \\%N\profiles\%U
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.cmd
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos ""
%u
add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
preferred master = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
valid users = %S
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
smbldap_bind.conf:
slaveDN="cn=admin,dc=usit,dc=ie"
slavePw="********"
masterDN="cn=admin,dc=usit,dc=ie"
masterPw="********"
nsswitch.conf:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------------------------------------------------------------
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted. If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay
Dublin 2.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-----------------------------------------------------------------
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted. If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.
More information about the samba
mailing list