Re: [Samba] Unable to add computer to domain
Try this option in the smb.conf: add machine script = /usr/sbin/smbldap-useradd -w -i %u that should work. The -i tells smbldap-useradd to add a workstation trust account. Ferenc Ulrich - Original Message - From: Logan Shaw [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, July 18, 2006 11:33 PM Subject: Re: [Samba] Unable to add computer to domain On Tue, 18 Jul 2006, User 1 wrote: Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Hmm... $ grep -c 'exit.*9' smbldap-useradd 1 Seems like since there is only one way for smbldap-useradd to exit with code 9, maybe that's something you should look into. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to add computer to domain
This is the last progress: When trying to join to domain (I am using Win 2000 Pro SP4 and use root) .. I met the following: The user name could not be found .. Please help .. Thanks Regards Winanjaya - Original Message - From: User 1 [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, July 18, 2006 3:19 PM Subject: [Samba] Unable to add computer to domain Dear Expert, Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:56:01, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:56:33, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:59:43, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 15:20:36, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 15:21:30, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Thanks a lot in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. ***-*** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba *** Your mail has been scanned by MSS. ***-*** *** Our outgoing mail has been scanned by MSS. ***-*** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to add computer to domain
On Tue, 18 Jul 2006, User 1 wrote: Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Hmm... $ grep -c 'exit.*9' smbldap-useradd 1 Seems like since there is only one way for smbldap-useradd to exit with code 9, maybe that's something you should look into. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
Wesley, Currently I am using Mandriva 2006 as well. What Craig is telling you is correct, if you do not have your /etc/ldap.conf configured correctly and as mentioned before by both Craig and myself if your smbldap-tools conf files are not correctly setup then this will not work and you will receive the errors you are receiving. I would strongly suggest going through every file line by line and make sure everything matches up correctly. Just the statements that you tried several different accounts and different passwords for the same account leaves me to believe that you might not have the most organized installation. Look at your /openldap/slapd.conf file use your root cn for your bind configuration. If you have a root user in your openldap database and you can successfully bind then change your openldap root password and document it so you won't have conflicting information. Start out simple, make sure you have the correct access to your ldap directory structure within the slapd.access.conf file. Then make it more restrictive using the DSA accounts (if you used the IDEALX configuration info). Don't do this if this is production but from the sounds of it you are not in a production environment with your LDAP Database, otherwise yikes. Once you get yourself on some firm footing the pieces should all come together. James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 6:30 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review the add user/machine scripts within samba. Craig On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189
RE: [Samba] Unable to add computer to domain
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end Fran
did not have the add machine script.
I have the add machine script, that is not the problem, when I try to join
the domain from the Windows server, it does create the account in LDAP and
still fails :-(. I did look at the server02.log file (log file for my
Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run smbldap-populate, so I
did and now I can manually add the user, although when I go to my Windows
2003 Server to join the domain I am still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same user in
smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix}
computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf:
slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do not
get an error about it cannot contact the LDAP server, only that it could not
find the next uid, Error looking for next uid.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I'm going to ignore other users problems since they may or may not have
similarities to your issues.
Can you actually connect to your LDAP server from the command line?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within smb.conf
?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smbldap-tools_bind.conf ?
Craig
On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
Ok, I did not know that. I modified the two files in the
/etc/smbldap-tools folder, although I am still getting the same error.
I looked at the Samba archive for March and I notice some other people
seem to be having the same issue. March 2 - Bevan Agard
March 6 - Hakan BAYINDIR
I try to add my Windows 2003 Server to the domain and I get an error
that the user name could not be found. That is when I tried to
manually execute the command that Samba is instructed to use when
adding a machine, which is when I got the error about it cannot
contact the LDAP server.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Saturday, March 11, 2006 11:35 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Unable
RE: [Samba] Unable to add computer to domain
James, Once I got smbldap-tools configured, ran smbldap-populate, and used your script, my problem was according to that the smb-ldap-3-howto I was following said to use the Administrator account to do the join but the uid they had for Administrator was 506, and I had read somewhere the uid needed to be 0, so I kept trying both Administrator and root. However, since I use the cn=root to execute LDAP command line commands, and I thought I had set the Samba root password the same/I forgot I had set it differently, I was using the wrong password for root. When I started getting the error about user not found or bad password, I tried another password...I may have used, and then it worked. So like I said last night, after I got all of that figured out I successfully got the machine joined to the domain. No it is not a production environment, it is kind of a toy machine for now, just trying to learn some things. Trying to see if I can set up a Linux domain controller equal to a Windows domain controller, and was joining a Windows Server running SharePoint as a domain member to the domain. Again, thanks you guys for your help. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 12:47 PM To: 'Craig White'; 'Wesley Hobbie' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wesley, Currently I am using Mandriva 2006 as well. What Craig is telling you is correct, if you do not have your /etc/ldap.conf configured correctly and as mentioned before by both Craig and myself if your smbldap-tools conf files are not correctly setup then this will not work and you will receive the errors you are receiving. I would strongly suggest going through every file line by line and make sure everything matches up correctly. Just the statements that you tried several different accounts and different passwords for the same account leaves me to believe that you might not have the most organized installation. Look at your /openldap/slapd.conf file use your root cn for your bind configuration. If you have a root user in your openldap database and you can successfully bind then change your openldap root password and document it so you won't have conflicting information. Start out simple, make sure you have the correct access to your ldap directory structure within the slapd.access.conf file. Then make it more restrictive using the DSA accounts (if you used the IDEALX configuration info). Don't do this if this is production but from the sounds of it you are not in a production environment with your LDAP Database, otherwise yikes. Once you get yourself on some firm footing the pieces should all come together. James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 6:30 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review
RE: [Samba] Unable to add computer to domain
Great! I am glad you got it. JT -Original Message- From: Wesley Hobbie [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 5:21 PM To: 'James Taylor'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain James, Once I got smbldap-tools configured, ran smbldap-populate, and used your script, my problem was according to that the smb-ldap-3-howto I was following said to use the Administrator account to do the join but the uid they had for Administrator was 506, and I had read somewhere the uid needed to be 0, so I kept trying both Administrator and root. However, since I use the cn=root to execute LDAP command line commands, and I thought I had set the Samba root password the same/I forgot I had set it differently, I was using the wrong password for root. When I started getting the error about user not found or bad password, I tried another password...I may have used, and then it worked. So like I said last night, after I got all of that figured out I successfully got the machine joined to the domain. No it is not a production environment, it is kind of a toy machine for now, just trying to learn some things. Trying to see if I can set up a Linux domain controller equal to a Windows domain controller, and was joining a Windows Server running SharePoint as a domain member to the domain. Again, thanks you guys for your help. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 12:47 PM To: 'Craig White'; 'Wesley Hobbie' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wesley, Currently I am using Mandriva 2006 as well. What Craig is telling you is correct, if you do not have your /etc/ldap.conf configured correctly and as mentioned before by both Craig and myself if your smbldap-tools conf files are not correctly setup then this will not work and you will receive the errors you are receiving. I would strongly suggest going through every file line by line and make sure everything matches up correctly. Just the statements that you tried several different accounts and different passwords for the same account leaves me to believe that you might not have the most organized installation. Look at your /openldap/slapd.conf file use your root cn for your bind configuration. If you have a root user in your openldap database and you can successfully bind then change your openldap root password and document it so you won't have conflicting information. Start out simple, make sure you have the correct access to your ldap directory structure within the slapd.access.conf file. Then make it more restrictive using the DSA accounts (if you used the IDEALX configuration info). Don't do this if this is production but from the sounds of it you are not in a production environment with your LDAP Database, otherwise yikes. Once you get yourself on some firm footing the pieces should all come together. James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 6:30 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would
RE: [Samba] Unable to add computer to domain
This makes more sense to me... nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?one nss_base_group ou=Groups,dc=bluemapletech,dc=com?one nss_base_passwd ou=Hosts,dc=bluemapletech,dc=com?one Craig On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote: Craig, Ok, I think I understand what you are saying. When I do getent passwd I get a whole list of stuff but server02 is not listed. My ldap.conf has the following entries: nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?sub nss_base_groupou=Groups,dc=bluemapletech,dc=com?sub nss_base_hostsou=Hosts,dc=bluemapletech,dc=com?one How would I modify this to include ou=Hosts in the 'people' search? 'dc=bluemapletech,dc=com?sub'? -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 9:52 PM To: Wesley Hobbie Subject: RE: [Samba] Unable to add computer to domain I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. Craig On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote: ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine script, that is not the problem, when I try to join the domain from the Windows server, it does create the account in LDAP and still fails :-(. I did look at the server02.log file (log file for my Windows 2003 Server) and I see the following entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:52, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 1:25 PM To: 'Wesley Hobbie'; [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wes, Do a google search on this topic: [Samba] Can't join my domain You will see what the problem is with the username can't be found. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Sunday, March 12, 2006 11:14 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Hey Craig, Actually I found on the Internet that I needed to run smbldap-populate, so I did and now I can manually add the user, although when I go to my Windows 2003 Server to join the domain I am still
RE: [Samba] Unable to add computer to domain
Well I would want a nss_base_hosts too as whenever the server looks for host entries it should combine /etc/hosts and ou=Hosts. Also, can you actually define nss_base_passwd twice? To me that would not seem legal. -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 9:17 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain This makes more sense to me... nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?one nss_base_group ou=Groups,dc=bluemapletech,dc=com?one nss_base_passwd ou=Hosts,dc=bluemapletech,dc=com?one Craig On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote: Craig, Ok, I think I understand what you are saying. When I do getent passwd I get a whole list of stuff but server02 is not listed. My ldap.conf has the following entries: nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?sub nss_base_groupou=Groups,dc=bluemapletech,dc=com?sub nss_base_hostsou=Hosts,dc=bluemapletech,dc=com?one How would I modify this to include ou=Hosts in the 'people' search? 'dc=bluemapletech,dc=com?sub'? -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 9:52 PM To: Wesley Hobbie Subject: RE: [Samba] Unable to add computer to domain I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. Craig On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote: ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine script, that is not the problem, when I try to join the domain from the Windows server, it does create the account in LDAP and still fails :-(. I did look at the server02.log file (log file for my Windows 2003 Server) and I see the following entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:52, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 1:25 PM To: 'Wesley Hobbie'; [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wes, Do a google search on this topic: [Samba] Can't join my domain You will see what the problem is with the username can't be found. James -Original Message- From: [EMAIL PROTECTED
RE: [Samba] Unable to add computer to domain
It's your dsa - put an extra line in there for nss_base_hosts if you want. I haven't a clue what you are going to use to look in there or why, other than samba because the attributes are user related and not really 'host' related - and in fact, I generally call the storage bin 'Computers' myself and I also suspect that you aren't going to replace dns with LDAP but again, it's your DSA. Craig On Wed, 2006-03-15 at 21:24 -0600, Wesley Hobbie wrote: Well I would want a nss_base_hosts too as whenever the server looks for host entries it should combine /etc/hosts and ou=Hosts. Also, can you actually define nss_base_passwd twice? To me that would not seem legal. -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 9:17 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain This makes more sense to me... nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?one nss_base_groupou=Groups,dc=bluemapletech,dc=com?one nss_base_passwd ou=Hosts,dc=bluemapletech,dc=com?one Craig On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote: Craig, Ok, I think I understand what you are saying. When I do getent passwd I get a whole list of stuff but server02 is not listed. My ldap.conf has the following entries: nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?sub nss_base_group ou=Groups,dc=bluemapletech,dc=com?sub nss_base_hosts ou=Hosts,dc=bluemapletech,dc=com?one How would I modify this to include ou=Hosts in the 'people' search? 'dc=bluemapletech,dc=com?sub'? -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 9:52 PM To: Wesley Hobbie Subject: RE: [Samba] Unable to add computer to domain I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. Craig On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote: ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine script, that is not the problem, when I try to join the domain from the Windows server, it does create the account in LDAP and still fails :-(. I did look at the server02.log file (log file for my Windows 2003 Server) and I see the following entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:52, 0] rpc_server/srv_samr_nt.c
RE: [Samba] Unable to add computer to domain
Here is what you are missing: sambaSAMAccount information.
Use the script attached to this email to fix this problem.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Wesley Hobbie
Sent: Monday, March 13, 2006 7:48 PM
To: 'Craig White'
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
ldapsearch:
# server02$, Hosts, bluemapletech.com
dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: server02$
sn: server02$
uid: server02$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description:
Computer gecos: Computer
getent passwd | grep server02 returns nothing.
Computers go in ou=Hosts and users go in ou=People.
What exactly do you want from the ldap.config file?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Craig White
Sent: Monday, March 13, 2006 9:27 PM
To: Wesley Hobbie
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
It might be helpful to put cards on table here...
ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
-W '(uid=server02*)'
getent passwd |grep server02
and are you putting computers in the same container as users or do you have
separate container for computers?
what does the relevant section in ldap.conf look like?
Craig
On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end
Fran did not have the add machine script.
I have the add machine script, that is not the problem, when I try to
join the domain from the Windows server, it does create the account in
LDAP and still fails :-(. I did look at the server02.log file (log
file for my Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run
smbldap-populate, so I did and now I can manually add the user,
although when I go to my Windows 2003 Server to join the domain I am
still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same
user in smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix} computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf: slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do
not get an error about
RE: [Samba] Unable to add computer to domain
I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine script, that is not the problem, when I try to join the domain from the Windows server, it does create the account in LDAP and still fails :-(. I did look at the server02.log file (log file for my Windows 2003 Server) and I see the following entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs
RE: [Samba] Unable to add computer to domain
What user are you using to create the account? I know the script works since several users are currently using it. You need to be using a user with Administrative access rights to the LDAP Database so the machine account can be created properly. If you are getting a permission denied you aren't using the right account to create the machine. You can also run the smbldap-useradd script manually from the LDAP server, (make sure your SMBLDAP_BIND.CONF file is setup correctly). Your command should look like this: smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' Where %u is the Machine name you are adding. JT -Original Message- From: Wesley Hobbie [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 5:38 PM To: 'James Taylor'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine
RE: [Samba] Unable to add computer to domain
The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review the add user/machine scripts within samba. Craig On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I
RE: [Samba] Unable to add computer to domain
I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review the add user/machine scripts within samba. Craig On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain
RE: [Samba] Unable to add computer to domain
I was using Administrator, which does exist in my directory, I had tried following other guides to get this thing working (i.e. http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#Scenarios). I had actually tried both Administrator and root but neither seemed to be working. I did run that command manually and then tried joining the domain with Administrator, I was getting Access denied. Then I tried root again, and got a could not find user name or bad password, so I tried another password and then it worked. I know I have a different password for my Samba root user then I did for my Unix root account, and I had a different password for cn=root,dc=... and I was using the password for cn=root rather than Samba root. Still not sure why the Administrator account did not work. Thanks for your help. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:45 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain What user are you using to create the account? I know the script works since several users are currently using it. You need to be using a user with Administrative access rights to the LDAP Database so the machine account can be created properly. If you are getting a permission denied you aren't using the right account to create the machine. You can also run the smbldap-useradd script manually from the LDAP server, (make sure your SMBLDAP_BIND.CONF file is setup correctly). Your command should look like this: smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' Where %u is the Machine name you are adding. JT -Original Message- From: Wesley Hobbie [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 5:38 PM To: 'James Taylor'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin
RE: [Samba] Unable to add computer to domain
On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review the add user/machine scripts within samba. Craig On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable
RE: [Samba] Unable to add computer to domain
Wes, Do a google search on this topic: [Samba] Can't join my domain You will see what the problem is with the username can't be found. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Sunday, March 12, 2006 11:14 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Hey Craig, Actually I found on the Internet that I needed to run smbldap-populate, so I did and now I can manually add the user, although when I go to my Windows 2003 Server to join the domain I am still having a problem. Wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end Fran
did not have the add machine script.
I have the add machine script, that is not the problem, when I try to join
the domain from the Windows server, it does create the account in LDAP and
still fails :-(. I did look at the server02.log file (log file for my
Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run smbldap-populate, so I
did and now I can manually add the user, although when I go to my Windows
2003 Server to join the domain I am still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same user in
smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix}
computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf: slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do not
get an error about it cannot contact the LDAP server, only that it could not
find the next uid, Error looking for next uid.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I'm going to ignore other users problems since they may or may not have
similarities to your issues.
Can you actually connect to your LDAP server from the command line?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within smb.conf
?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smbldap-tools_bind.conf ?
Craig
On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
Ok, I did not know that. I modified the two files in the
/etc/smbldap-tools folder, although I am still getting the same error.
I looked at the Samba archive for March and I notice some other people
seem to be having the same issue. March 2 - Bevan Agard
March 6 - Hakan BAYINDIR
I try to add my Windows 2003 Server to the domain and I get an error
that the user name could not be found. That is when I tried to
manually execute the command that Samba is instructed to use when
adding a machine, which is when I got the error about it cannot
contact the LDAP server.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Saturday, March 11, 2006 11:35 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Unable
RE: [Samba] Unable to add computer to domain
It might be helpful to put cards on table here...
ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
-W '(uid=server02*)'
getent passwd |grep server02
and are you putting computers in the same container as users or do you
have separate container for computers?
what does the relevant section in ldap.conf look like?
Craig
On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end Fran
did not have the add machine script.
I have the add machine script, that is not the problem, when I try to join
the domain from the Windows server, it does create the account in LDAP and
still fails :-(. I did look at the server02.log file (log file for my
Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run smbldap-populate, so I
did and now I can manually add the user, although when I go to my Windows
2003 Server to join the domain I am still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same user in
smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix}
computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf:
slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do not
get an error about it cannot contact the LDAP server, only that it could not
find the next uid, Error looking for next uid.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I'm going to ignore other users problems since they may or may not have
similarities to your issues.
Can you actually connect to your LDAP server from the command line?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within smb.conf
?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smbldap-tools_bind.conf ?
Craig
On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
Ok, I did not know that. I modified the two files in the
/etc/smbldap-tools folder, although I am still getting the same error.
I looked at the Samba archive for March and I notice some other people
seem to be having the same issue. March 2
RE: [Samba] Unable to add computer to domain
ldapsearch:
# server02$, Hosts, bluemapletech.com
dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: server02$
sn: server02$
uid: server02$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description:
Computer gecos: Computer
getent passwd | grep server02 returns nothing.
Computers go in ou=Hosts and users go in ou=People.
What exactly do you want from the ldap.config file?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Craig White
Sent: Monday, March 13, 2006 9:27 PM
To: Wesley Hobbie
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
It might be helpful to put cards on table here...
ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
-W '(uid=server02*)'
getent passwd |grep server02
and are you putting computers in the same container as users or do you have
separate container for computers?
what does the relevant section in ldap.conf look like?
Craig
On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end
Fran did not have the add machine script.
I have the add machine script, that is not the problem, when I try to
join the domain from the Windows server, it does create the account in
LDAP and still fails :-(. I did look at the server02.log file (log
file for my Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run
smbldap-populate, so I did and now I can manually add the user,
although when I go to my Windows 2003 Server to join the domain I am
still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same
user in smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix} computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf: slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do
not get an error about it cannot contact the LDAP server, only that it
could not find the next uid, Error looking for next uid.
-Original Message-
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I'm going to ignore other users
RE: [Samba] Unable to add computer to domain
oops...meant to send to list
I think that you've answered it already...you are going to have to point
ldap.conf to also search for 'people' in
ou=Hosts,dc=bluemapletech,dc=com as well as
ou=People,dc=bluemapletech,dc=com
if getent can't find it, samba can't find it and it is not gonna work.
Craig
On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote:
ldapsearch:
# server02$, Hosts, bluemapletech.com
dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: server02$
sn: server02$
uid: server02$
uidNumber: 1002
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description:
Computer gecos: Computer
getent passwd | grep server02 returns nothing.
Computers go in ou=Hosts and users go in ou=People.
What exactly do you want from the ldap.config file?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Craig White
Sent: Monday, March 13, 2006 9:27 PM
To: Wesley Hobbie
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
It might be helpful to put cards on table here...
ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
-W '(uid=server02*)'
getent passwd |grep server02
and are you putting computers in the same container as users or do you have
separate container for computers?
what does the relevant section in ldap.conf look like?
Craig
On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end
Fran did not have the add machine script.
I have the add machine script, that is not the problem, when I try to
join the domain from the Windows server, it does create the account in
LDAP and still fails :-(. I did look at the server02.log file (log
file for my Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname()
sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9
-Original Message-
From: James Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Wes,
Do a google search on this topic: [Samba] Can't join my domain
You will see what the problem is with the username can't be found.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
Hey Craig,
Actually I found on the Internet that I needed to run
smbldap-populate, so I did and now I can manually add the user,
although when I go to my Windows 2003 Server to join the domain I am
still having a problem.
Wes
-Original Message-
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same
user in smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix} computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf: slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying
RE: [Samba] Unable to add computer to domain
Ok, I did not know that. I modified the two files in the /etc/smbldap-tools folder, although I am still getting the same error. I looked at the Samba archive for March and I notice some other people seem to be having the same issue. March 2 - Bevan Agard March 6 - Hakan BAYINDIR I try to add my Windows 2003 Server to the domain and I get an error that the user name could not be found. That is when I tried to manually execute the command that Samba is instructed to use when adding a machine, which is when I got the error about it cannot contact the LDAP server. -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Saturday, March 11, 2006 11:35 AM To: samba@lists.samba.org Subject: Re: [Samba] Unable to add computer to domain On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users are stored in LDAP and file shares work fine authenticating to the LDAP server. I tried executing smbldap-useradd -w server02 on the command-line and got the following error: failed to perform search; Can't contact LDAP server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, DATA line 283. Error looking for next uid at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, DATA line 283. Anyone have any ideas? sounds as though you've been using tools other than smbldap to setup user accounts, etc. smbldap has to be configured to talk to your LDAP server if you expect it to work. depending upon which version of smbldap you are using, your config files will be in various places but I think the current place is /etc/smbldap-tools directory these days. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
I'm going to ignore other users problems since they may or may not have similarities to your issues. Can you actually connect to your LDAP server from the command line? Can you actually connect to your LDAP server from the command line with 'write' permissions as the user and parameters as indicated within smb.conf ? Can you actually connect to your LDAP server from the command line with 'write' permissions as the user and parameters as indicated within smbldap-tools_bind.conf ? Craig On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote: Ok, I did not know that. I modified the two files in the /etc/smbldap-tools folder, although I am still getting the same error. I looked at the Samba archive for March and I notice some other people seem to be having the same issue. March 2 - Bevan Agard March 6 - Hakan BAYINDIR I try to add my Windows 2003 Server to the domain and I get an error that the user name could not be found. That is when I tried to manually execute the command that Samba is instructed to use when adding a machine, which is when I got the error about it cannot contact the LDAP server. -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Saturday, March 11, 2006 11:35 AM To: samba@lists.samba.org Subject: Re: [Samba] Unable to add computer to domain On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users are stored in LDAP and file shares work fine authenticating to the LDAP server. I tried executing smbldap-useradd -w server02 on the command-line and got the following error: failed to perform search; Can't contact LDAP server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, DATA line 283. Error looking for next uid at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, DATA line 283. Anyone have any ideas? sounds as though you've been using tools other than smbldap to setup user accounts, etc. smbldap has to be configured to talk to your LDAP server if you expect it to work. depending upon which version of smbldap you are using, your config files will be in various places but I think the current place is /etc/smbldap-tools directory these days. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
I can connect to LDAP via the command line, and I am using the same user in
smb.conf as I am in smbldap-tools_bind.config.
Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w %u
Excerpt from smbldap.conf:
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=1
suffix=dc=mydomain,dc=com
usersdn=ou=People,${suffix}
computersdn=ou=Hosts,${suffix}
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?)
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
Excerpt from smbldap_bind.conf:
slaveDN=cn=root,dc=mydomain,dc=com
slavePw=**
masterDN=cn=root,dc=mydomain,dc=com
masterPw=**
Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again. Now I do not
get an error about it cannot contact the LDAP server, only that it could not
find the next uid, Error looking for next uid.
-Original Message-
From: Craig White [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain
I'm going to ignore other users problems since they may or may not have
similarities to your issues.
Can you actually connect to your LDAP server from the command line?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within smb.conf
?
Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smbldap-tools_bind.conf ?
Craig
On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
Ok, I did not know that. I modified the two files in the
/etc/smbldap-tools folder, although I am still getting the same error.
I looked at the Samba archive for March and I notice some other people
seem to be having the same issue. March 2 - Bevan Agard
March 6 - Hakan BAYINDIR
I try to add my Windows 2003 Server to the domain and I get an error
that the user name could not be found. That is when I tried to
manually execute the command that Samba is instructed to use when
adding a machine, which is when I got the error about it cannot
contact the LDAP server.
-Original Message-
From: Craig White [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 11, 2006 11:35 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Unable to add computer to domain
On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
I have an OpenLDAP backend, Samba knows how to talk to it, my Samba
users are stored in LDAP and file shares work fine authenticating to
the LDAP server. I tried executing smbldap-useradd -w server02 on the
command-line and got the following error:
failed to perform search; Can't contact LDAP server at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, DATA line
283.
Error looking for next uid at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, DATA
line
283.
Anyone have any ideas?
sounds as though you've been using tools other than smbldap to setup
user accounts, etc.
smbldap has to be configured to talk to your LDAP server if you expect
it to work.
depending upon which version of smbldap you are using, your config
files will be in various places but I think the current place is
/etc/smbldap-tools directory these days.
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
Hey Craig, Actually I found on the Internet that I needed to run smbldap-populate, so I did and now I can manually add the user, although when I go to my Windows 2003 Server to join the domain I am still having a problem. Wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to add computer to domain
I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users are stored in LDAP and file shares work fine authenticating to the LDAP server. I tried executing smbldap-useradd -w server02 on the command-line and got the following error: failed to perform search; Can't contact LDAP server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, DATA line 283. Error looking for next uid at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, DATA line 283. Anyone have any ideas? Wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to add computer to domain
On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users are stored in LDAP and file shares work fine authenticating to the LDAP server. I tried executing smbldap-useradd -w server02 on the command-line and got the following error: failed to perform search; Can't contact LDAP server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, DATA line 283. Error looking for next uid at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, DATA line 283. Anyone have any ideas? sounds as though you've been using tools other than smbldap to setup user accounts, etc. smbldap has to be configured to talk to your LDAP server if you expect it to work. depending upon which version of smbldap you are using, your config files will be in various places but I think the current place is /etc/smbldap-tools directory these days. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
