RE: [Samba] Unable to add computer to domain

Great! I am glad you got it.

JT

-----Original Message-----
From: Wesley Hobbie [mailto:whobbie81-linuxgeek@yahoo.com]=20
Sent: Wednesday, March 15, 2006 5:21 PM
To: 'James Taylor'; 'Craig White'
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

James,
Once I got smbldap-tools configured, ran smbldap-populate, and used your
script, my problem was according to that the smb-ldap-3-howto I was
following said to use the Administrator account to do the join but the =
uid
they had for Administrator was 506, and I had read somewhere the uid =
needed
to be 0, so I kept trying both Administrator and root. However, since I =
use
the cn=3Droot to execute LDAP command line commands, and I thought I had =
set
the Samba root password the same/I forgot I had set it differently, I =
was
using the wrong password for root. When I started getting the error =
about
user not found or bad password, I tried another password...I may have =
used,
and then it worked. So like I said last night, after I got all of that
figured out I successfully got the machine joined to the domain.

No it is not a production environment, it is kind of a toy machine for =
now,
just trying to learn some things. Trying to see if I can set up a Linux
domain controller equal to a Windows domain controller, and was joining =
a
Windows Server running SharePoint as a domain member to the domain.

Again, thanks you guys for your help.

-----Original Message-----
From: James Taylor [mailto:jtaylor@laszlosystems.com]=20
Sent: Wednesday, March 15, 2006 12:47 PM
To: 'Craig White'; 'Wesley Hobbie'
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


Wesley,

Currently I am using Mandriva 2006 as well. What Craig is telling you =
is
correct, if you do not have your /etc/ldap.conf configured correctly and =
as
mentioned before by both Craig and myself if your smbldap-tools conf =
files
are not correctly setup then this will not work and you will receive the
errors you are receiving. =20

I would strongly suggest going through every file line by line and make =
sure
everything matches up correctly. Just the statements that you tried =
several
different accounts and different passwords for the same account leaves =
me to
believe that you might not have the most organized installation. Look =
at
your /openldap/slapd.conf file use your root cn for your bind =
configuration.
If you have a root user in your openldap database and you can =
successfully
bind then change your openldap root password and document it so you =
won't
have conflicting information. =20

Start out simple, make sure you have the correct access to your ldap
directory structure within the slapd.access.conf file. Then make it =
more
restrictive using the DSA accounts (if you used the IDEALX configuration
info). Don't do this if this is production but from the sounds of it =
you
are not in a production environment with your LDAP Database, otherwise
yikes.=20

Once you get yourself on some firm footing the pieces should all come
together. =20

James

-----Original Message-----
From: Craig White [mailto:craigwhite@azapple.com]=20
Sent: Tuesday, March 14, 2006 6:30 PM
To: Wesley Hobbie
Cc: 'James Taylor'; samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote:
> I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not
> working I went and grabbed the most recent. I am using Mandriva 2006=20
> x86-64.
>=20
> I am sorry, what was your advice that I did not follow?
----
I think that you've answered it already...you are going to have to point
ldap.conf to also search for 'people' in =
ou=3DHosts,dc=3Dbluemapletech,dc=3Dcom as
well as ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom

if getent can't find it, samba can't find it and it is not gonna work.

the above is what I suggested yesterday. As for now, why smbldap-useradd
doesn't work anymore...

smbldap-tools 0.9.2 will almost certainly put configuration files and =
ldap
bind configuration in /etc/smbldap-tools

hopefully, you still have your smbldap-useradd program...

# which smbldap-useradd
/usr/sbin/smbldap-useradd

(note this is on RHEL 4 system - Mandriva should be pretty close to the
same)
----
>=20
> -----Original Message-----
> From: Craig White [mailto:craigwhite@azapple.com]
> Sent: Tuesday, March 14, 2006 7:58 PM
> To: Wesley Hobbie
> Cc: 'James Taylor'; samba@lists.samba.org
> Subject: RE: [Samba] Unable to add computer to domain
>=20
>=20
> The idea that you could use one piece of his smbldap-tools was an
> exercise in futility.
>=20
> First of all, is your smbldap-tools up to date or very reasonably
> close to up to date? I haven't a clue what OS you are using or version =

> of smbldap-tools, or packaging.
>=20
> Second of all, there were other things wrong with the results from the
> ldapsearch which returned the dn of uid=3Dserver-02=20
> $,ou=3DHost,dc=3Dbluemapletech,dc=3Dcom but I didn't concern myself =
with=20
> them at that point because getent passwd couldn't find them anyway. I=20
> don't mind that you don't want to follow my advice but would then=20
> prefer that you
take
> me off the reply list.
>=20
> Whatever you've got installed and configured for smbldap-tools doesn't
> appear to be configured correctly and may be too old.
>=20
> At the point where you have a working ldap and smbldap-tools, we can
review
> the add user/machine scripts within samba.
>=20
> Craig
>=20
> On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote:
> > I tried your script, but I am still getting the same error. I
> > deleted
> > the LDAP entry, tried again, and now the entry is not even being=20
> > created. I checked my log file and I get slightly different results =

> > now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log: =
Permission=20
> > denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log: =
Permission=20
> > denied [2006/03/14 19:11:06, 0]
> rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd
> > -w
> > "server02$"' gave 9 [2006/03/14 19:15:49, 0]=20
> > lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log: =
Permission=20
> > denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111)
> > sys_gethostbyname(server02): lookup failure.
> > [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189)
> > Matchname failed on server02 172.16.0.11
> > [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log: =
Permission=20
> > denied
> > Error: modifications require authentication at
> > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> =
line
> > 283.
> > [2006/03/14 19:16:00, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404)
> > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd
> > -w "server02$"' gave 127 [2006/03/14 19:19:16, 0]=20
> > lib/debug.c:reopen_logs(597)
> > Unable to open new log file /var/log/samba/server02.log:=20
> > Permission
> denied
> >=20
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor@laszlosystems.com]
> > Sent: Tuesday, March 14, 2006 12:23 PM
> > To: 'Wesley Hobbie'; 'Craig White'
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >=20
> >=20
> > Here is what you are missing: sambaSAMAccount information.
> >=20
> > Use the script attached to this email to fix this problem.
> >=20
> > James
> >=20
> > -----Original Message-----
> > From: samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g
> > [mailto:samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g] =
On=20
> > Behalf Of Wesley Hobbie
> > Sent: Monday, March 13, 2006 7:48 PM
> > To: 'Craig White'
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >=20
> > ldapsearch:
> > # server02$, Hosts, bluemapletech.com
> > dn: uid=3Dserver02$,ou=3DHosts,dc=3Dbluemapletech,dc=3 Dcom
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > cn: server02$
> > sn: server02$
> > uid: server02$
> > uidNumber: 1002
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description:
> > Computer gecos: Computer
> >=20
> > getent passwd | grep server02 returns nothing.
> >=20
> > Computers go in ou=3DHosts and users go in ou=3DPeople.
> >=20
> > What exactly do you want from the ldap.config file?
> >=20
> > -----Original Message-----
> > From: samba-bounces+whobbie81-linuxgeek=3Dyahoo.com@lists.samba.org
> > =
[mailto:samba-bounces+whobbie81-linuxgeek=3Dyahoo.com@lists.samba.org]
> > On Behalf Of Craig White
> > Sent: Monday, March 13, 2006 9:27 PM
> > To: Wesley Hobbie
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >=20
> >=20
> > It might be helpful to put cards on table here...
> >=20
> > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> > -W '(uid=3Dserver02*)'
> >=20
> > getent passwd |grep server02
> >=20
> > and are you putting computers in the same container as users or do
> > you
> > have separate container for computers?
> >=20
> > what does the relevant section in ldap.conf look like?
> >=20
> > Craig
> >=20
> > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > > I did a search on Google and all I found was a bunch of copies of
> > > a
> > > conversation between Fran Fabrizio and John H Terpstra, and in the =

> > > end Fran did not have the add machine script.
> > >=20
> > > I have the add machine script, that is not the problem, when I try =

> > > to join the domain from the Windows server, it does create the=20
> > > account in LDAP and still fails :-(. I did look at the=20
> > > server02.log file (log file for my Windows 2003 Server) and I see=20
> > > the following
> > > entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> > > sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> > > Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> > > Unable to open new log file /var/log/samba/server02.log:=20
> > > Permission
> > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> > > sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> > > Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> > > Unable to open new log file /var/log/samba/server02.log: =
Permission

> > > denied [2006/03/13 20:55:52, 0]
> > > rpc_server/srv_samr_nt.c:_samr_create_user(2404) =
_samr_create_user:
> > > Running the command `/usr/sbin/smbldap-useradd -w "server02$"'
> > > gave 9
> > >=20
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor@laszlosystems.com]
> > > Sent: Monday, March 13, 2006 1:25 PM
> > > To: 'Wesley Hobbie'; craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >=20
> > >=20
> > > Wes,
> > >=20
> > > Do a google search on this topic: [Samba] Can't join my domain
> > >=20
> > > You will see what the problem is with the username can't be found.
> > >=20
> > > James
> > >=20
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g
> > > [mailto:samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g]
> > > On
> > > Behalf Of Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 11:14 AM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >=20
> > > Hey Craig,
> > > Actually I found on the Internet that I needed to run=20
> > > smbldap-populate, so I did and now I can manually add the user,=20
> > > although when I go to my Windows 2003 Server to join the domain I=20
> > > am still having a problem.
> > > =20
> > > Wes
> > >=20
> > > -----Original Message-----
> > > From: Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 5:57 PM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >=20
> > > I can connect to LDAP via the command line, and I am using the
> > > same
> > > user in smb.conf as I am in smbldap-tools_bind.config.
> > >=20
> > > Excerpt from smb.conf:
> > > passdb backend =3D ldapsam:ldap://server01.bluemapletech.com
> > > ldap suffix =3D dc=3Dmydomain,dc=3Dcom
> > > ldap machine suffix =3D ou=3DHosts
> > > ldap admin dn =3D cn=3Droot,dc=3Dmydomain,dc=3Dcom
> > > add machine script =3D /usr/sbin/smbldap-useradd -w "%u"
> > >=20
> > > Excerpt from smbldap.conf:
> > > slaveLDAP=3D"127.0.0.1"
> > > slavePort=3D"389"
> > >=20
> > > masterLDAP=3D"127.0.0.1"
> > > masterPort=3D"389"
> > >=20
> > > ldapTLS=3D"1"
> > > suffix=3D"dc=3Dmydomain,dc=3Dcom"
> > > usersdn=3D"ou=3DPeople,${suffix}" =
computersdn=3D"ou=3DHosts,${suffix}"
> > >=20
> > > with_smbpasswd=3D"0"
> > > smbpasswd=3D"/usr/bin/smbpasswd" (I am wondering if this is =
right?)
> > >=20
> > > with_slappasswd=3D"0"
> > > slappasswd=3D"/usr/sbin/slappasswd"
> > >=20
> > > Excerpt from smbldap_bind.conf:
> > > slaveDN=3D"cn=3Droot,dc=3Dmydomain,dc=3Dcom"
> > > slavePw=3D"**********"
> > > masterDN=3D"cn=3Droot,dc=3Dmydomain,dc=3Dcom"
> > > masterPw=3D"**********"
> > >=20
> > > Actually, I while I was copying the info from the files I noticed
> > > I
> > > mispelled my domain name, so I fixed it and tried it again. Now I =

> > > do not get an error about it cannot contact the LDAP server, only=20
> > > that it could not find the next uid, "Error looking for next uid."
> > >=20
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Sunday, March 12, 2006 11:25 AM
> > > To: Wesley Hobbie
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >=20
> > >=20
> > > I'm going to ignore other users problems since they may or may not =

> > > have similarities to your issues.
> > >=20
> > > Can you actually connect to your LDAP server from the command
> > > line?
> > >=20
> > > Can you actually connect to your LDAP server from the command line =

> > > with 'write' permissions as the user and parameters as indicated=20
> > > within smb.conf ?
> > >=20
> > > Can you actually connect to your LDAP server from the command line =

> > > with 'write' permissions as the user and parameters as indicated=20
> > > within smbldap-tools_bind.conf ?
> > >=20
> > > Craig
> > >=20
> > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > > Ok, I did not know that. I modified the two files in the
> > > > /etc/smbldap-tools folder, although I am still getting the same=20
> > > > error.
> > > >=20
> > > > I looked at the Samba archive for March and I notice some other=20
> > > > people seem to be having the same issue. March 2 - Bevan Agard=20
> > > > March 6 - Hakan BAYINDIR
> > > >=20
> > > > I try to add my Windows 2003 Server to the domain and I get an=20
> > > > error that the user name could not be found. That is when I=20
> > > > tried to manually execute the command that Samba is instructed=20
> > > > to use when adding a machine, which is when I got the error=20
> > > > about it cannot contact the LDAP server.
> > > >=20
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Saturday, March 11, 2006 11:35 AM
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Unable to add computer to domain
> > > >=20
> > > >=20
> > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > > I have an OpenLDAP backend, Samba knows how to talk to it, my=20
> > > > > Samba users are stored in LDAP and file shares work fine=20
> > > > > authenticating to the LDAP server. I tried executing=20
> > > > > smbldap-useradd -w server02 on the command-line and got the=20
> > > > > following error: failed to perform search; Can't contact LDAP=20
> > > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm=20
> > > > > line 362, <DATA> line
> > > > 283.
> > > > > Error looking for next uid at
> > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993,=20
> > > > > <DATA>

> > > > > line
> > > > 283.
> > > > > =20
> > > > > Anyone have any ideas?
> > > > ----
> > > > sounds as though you've been using tools other than smbldap to=20
> > > > setup user accounts, etc.
> > > >=20
> > > > smbldap has to be configured to talk to your LDAP server if you=20
> > > > expect it to work.
> > > >=20
> > > > depending upon which version of smbldap you are using, your
> > > > config files will be in various places but I think the current=20
> > > > place is /etc/smbldap-tools directory these days.
> > > >=20
> > > > Craig
> > > >=20
> > > >=20
> > > >=20
> > >=20
> >=20
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >=20
>=20
>=20




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba