[Samba] A device attached to the system is not functioning - When adding a computer to the domain

Chris Beach chrisb at pintys.com
Mon Jan 3 05:57:35 MST 2011


I wanted to send this out a 2nd (and last) time.. I got suggestions not to
use BLAH.COM and to use BLAH instead for my domain name, however I don't
think that's causing my problem as it's been this way for 6 years? Any way I
still can't add machines to my domain and am fairly panicked (this is
production, 140~ users).

Any other suggestions?

Thank you.

On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach <chrisb at pintys.com> wrote:

> Hi all,
>
> I just setup a Samba 3.3.14, with an ldap back-end.
>
> I migrated the ldap back end and samba shares from my old samba server.
> I've found when adding a machine (WinXP) to the domain, I get the following
> error on XP:
>
> The following error occurred attempting to join the domain "Blah.com":
> A device attached to the system is not functioning.
>
> in my /var/log/messages I have:
>
> Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0]
> passdb/pdb_get_set.cdb_get_group_sid(210)
> Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix
> account for OAKRND02$
>
> repeated about 6 times.
>
> My smb.conf looks like this for the scripts to run:
>
> * add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add user script = /usr/sbin/smbldap-useradd -m -a "%u"
> delete user script = /usr/sbin/smbldap-userdel -r "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> ldap passwd sync = yes
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new
> password*" %n\n"*
>
> When I do an LDAP search, I see there is an entry in LDAP for it the
> machine, so some of the add machine script must have worked:
>
> ldapsearch -b "dc=mydomain,dc=com" -x "(uid=oakrnd01$)"
>
> # OAKRND01$, Computers, mydomain, com
> dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com
> uid: OAKRND01$
> sambaSID: S-1-5-21-3318375643-2463009161-752822222-41448
> sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-752822222-515
> sambaAcctFlags: [W ]
> objectClass: sambaSamAccount
> objectClass: account
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> sambaPwdCanChange: 1291378566
> sambaPwdMustChange: 1299154566
> sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313
> sambaPwdLastSet: 1291378566
>
> Also, I get results in pdbedit:
>
> [root at happiness ~]# pdbedit -v oakrnd01$
> Unix username:        OAKRND01$
> NT username:          OAKRND01$
> Account Flags:        [W          ]
> User SID:             S-1-5-21-3318375643-2463009161-752822222-41448
> *pdb_get_group_sid: Failed to find Unix account for OAKRND01$*
> *Primary Group SID:    (NULL SID)*
> Full Name:
> Home Directory:
> HomeDir Drive:
> Logon Script:         logon.exe
> Profile Path:
> Domain:               MYDOMAIN.COM
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          never
> Kickoff time:         never
> Password last set:    Fri, 03 Dec 2010 06:16:06 CST
> Password can change:  Fri, 03 Dec 2010 06:16:06 CST
> Password must change: Thu, 03 Mar 2011 06:16:06 CST
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> Also:
>
> /usr/sbin/smbldap-useradd -w OAKRND02
> failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line
> 616.
>
> And then my slapd dies out (crashes)... this same behaviour happens when
> trying to use USRMGR.exe to add a new user (but doing it manually via
> smbldap DOES work for adding a new user).
>
> What's most annoying is I tested joining a Windows 7 machine to the domain
> before I went live with this server, and it was successful, so I've no clue
> why this isn't working now
>
> Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't
> get on the domain, so a user how can't work.
>
>


-- 
Chris Beach
IT Analyst


More information about the samba mailing list