RE: [Samba] Unable to add computer to domain
This is a discussion on RE: [Samba] Unable to add computer to domain within the Samba forums, part of the Networking and Network Related category; Well I would want a nss_base_hosts too as whenever the server looks for = host entries it should combine /etc/hosts ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-16-2006
|
|||
|
|||
RE: [Samba] Unable to add computer to domain
Well I would want a nss_base_hosts too as whenever the server looks for =
host entries it should combine /etc/hosts and ou=3DHosts. Also, can you = actually define nss_base_passwd twice? To me that would not seem legal. -----Original Message----- From: Craig White [mailto:craigwhite@azapple.com]=20 Sent: Wednesday, March 15, 2006 9:17 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain This makes more sense to me... nss_base_passwd ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom?one nss_base_shadow ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom?one nss_base_group ou=3DGroups,dc=3Dbluemapletech,dc=3Dcom?one nss_base_passwd ou=3DHosts,dc=3Dbluemapletech,dc=3Dcom?one Craig > On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote: Craig, > Ok, I think I understand what you are saying. When I do getent passwd = I get > a whole list of stuff but server02 is not listed. My ldap.conf has = the > following entries: > nss_base_passwd ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom?one > nss_base_shadow ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom?sub > nss_base_group ou=3DGroups,dc=3Dbluemapletech,dc=3Dcom?sub > nss_base_hosts ou=3DHosts,dc=3Dbluemapletech,dc=3Dcom?one >=20 > How would I modify this to include ou=3DHosts in the 'people' search?=20 > 'dc=3Dbluemapletech,dc=3Dcom?sub'? >=20 > -----Original Message----- > From: Craig White [mailto:craigwhite@azapple.com] > Sent: Monday, March 13, 2006 9:52 PM > To: Wesley Hobbie > Subject: RE: [Samba] Unable to add computer to domain >=20 > I think that you've answered it already...you are going to have to=20 > point ldap.conf to also search for 'people' in=20 > ou=3DHosts,dc=3Dbluemapletech,dc=3Dcom as well as=20 > ou=3DPeople,dc=3Dbluemapletech,dc=3Dcom >=20 > if getent can't find it, samba can't find it and it is not gonna work. >=20 > Craig >=20 > On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote: > > ldapsearch: > > # server02$, Hosts, bluemapletech.com > > dn: uid=3Dserver02$,ou=3DHosts,dc=3Dbluemapletech,dc=3 Dcom > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > cn: server02$ > > sn: server02$ > > uid: server02$ > > uidNumber: 1002 > > gidNumber: 515 > > homeDirectory: /dev/null > > loginShell: /bin/false > > description: > > Computer gecos: Computer > >=20 > > getent passwd | grep server02 returns nothing. > >=20 > > Computers go in ou=3DHosts and users go in ou=3DPeople. > >=20 > > What exactly do you want from the ldap.config file? > >=20 > > -----Original Message----- > > From: samba-bounces+whobbie81-linuxgeek=3Dyahoo.com@lists.samba.org > > = [mailto:samba-bounces+whobbie81-linuxgeek=3Dyahoo.com@lists.samba.org] > > On Behalf Of Craig White > > Sent: Monday, March 13, 2006 9:27 PM > > To: Wesley Hobbie > > Cc: samba@lists.samba.org > > Subject: RE: [Samba] Unable to add computer to domain > >=20 > >=20 > > It might be helpful to put cards on table here... > >=20 > > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ > > -W '(uid=3Dserver02*)' > >=20 > > getent passwd |grep server02 > >=20 > > and are you putting computers in the same container as users or do=20 > > you > > have separate container for computers? > >=20 > > what does the relevant section in ldap.conf look like? > >=20 > > Craig > >=20 > > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: > > > I did a search on Google and all I found was a bunch of copies of=20 > > > a conversation between Fran Fabrizio and John H Terpstra, and in=20 > > > the end Fran did not have the add machine script. > > >=20 > > > I have the add machine script, that is not the problem, when I try > > > to > > > join the domain from the Windows server, it does create the = account in > > > LDAP and still fails :-(. I did look at the server02.log file = (log=20 > > > file for my Windows 2003 Server) and I see the following entries:=20 > > > [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: = Permission > > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: = Permission > > > denied [2006/03/13 20:55:52, 0] > > > rpc_server/srv_samr_nt.c:_samr_create_user(2404) = _samr_create_user: > > > Running the command `/usr/sbin/smbldap-useradd -w "server02$"' = gave 9 > > >=20 > > > -----Original Message----- > > > From: James Taylor [mailto:jtaylor@laszlosystems.com] > > > Sent: Monday, March 13, 2006 1:25 PM > > > To: 'Wesley Hobbie'; craigwhite@azapple.com > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > >=20 > > >=20 > > > Wes, > > >=20 > > > Do a google search on this topic: [Samba] Can't join my domain > > >=20 > > > You will see what the problem is with the username can't be found. > > >=20 > > > James > > >=20 > > > -----Original Message----- > > > From: samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g > > > [mailto:samba-bounces+jtaylor=3Dlaszlosystems.com@lists.samba.or g] = > > > On Behalf Of Wesley Hobbie > > > Sent: Sunday, March 12, 2006 11:14 AM > > > To: craigwhite@azapple.com > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > >=20 > > > Hey Craig, > > > Actually I found on the Internet that I needed to run=20 > > > smbldap-populate, so I did and now I can manually add the user,=20 > > > although when I go to my Windows 2003 Server to join the domain I=20 > > > am still having a problem. > > > =20 > > > Wes > > >=20 > > > -----Original Message----- > > > From: Wesley Hobbie > > > Sent: Sunday, March 12, 2006 5:57 PM > > > To: craigwhite@azapple.com > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > >=20 > > > I can connect to LDAP via the command line, and I am using the=20 > > > same user in smb.conf as I am in smbldap-tools_bind.config. > > >=20 > > > Excerpt from smb.conf: > > > passdb backend =3D ldapsam:ldap://server01.bluemapletech.com > > > ldap suffix =3D dc=3Dmydomain,dc=3Dcom > > > ldap machine suffix =3D ou=3DHosts > > > ldap admin dn =3D cn=3Droot,dc=3Dmydomain,dc=3Dcom > > > add machine script =3D /usr/sbin/smbldap-useradd -w "%u" > > >=20 > > > Excerpt from smbldap.conf: > > > slaveLDAP=3D"127.0.0.1" > > > slavePort=3D"389" > > >=20 > > > masterLDAP=3D"127.0.0.1" > > > masterPort=3D"389" > > >=20 > > > ldapTLS=3D"1" > > > suffix=3D"dc=3Dmydomain,dc=3Dcom" > > > usersdn=3D"ou=3DPeople,${suffix}" = computersdn=3D"ou=3DHosts,${suffix}" > > >=20 > > > with_smbpasswd=3D"0" > > > smbpasswd=3D"/usr/bin/smbpasswd" (I am wondering if this is = right?) > > >=20 > > > with_slappasswd=3D"0" > > > slappasswd=3D"/usr/sbin/slappasswd" > > >=20 > > > Excerpt from smbldap_bind.conf:=20 > > > slaveDN=3D"cn=3Droot,dc=3Dmydomain,dc=3Dcom" > > > slavePw=3D"**********" > > > masterDN=3D"cn=3Droot,dc=3Dmydomain,dc=3Dcom" > > > masterPw=3D"**********" > > >=20 > > > Actually, I while I was copying the info from the files I noticed=20 > > > I mispelled my domain name, so I fixed it and tried it again. Now = > > > I do not get an error about it cannot contact the LDAP server,=20 > > > only that it could not find the next uid, "Error looking for next=20 > > > uid." > > >=20 > > > -----Original Message----- > > > From: Craig White [mailto:craigwhite at azapple.com] > > > Sent: Sunday, March 12, 2006 11:25 AM > > > To: Wesley Hobbie > > > Cc: samba at lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > >=20 > > >=20 > > > I'm going to ignore other users problems since they may or may not = > > > have similarities to your issues. > > >=20 > > > Can you actually connect to your LDAP server from the command=20 > > > line? > > >=20 > > > Can you actually connect to your LDAP server from the command line = > > > with 'write' permissions as the user and parameters as indicated=20 > > > within smb.conf ? > > >=20 > > > Can you actually connect to your LDAP server from the command line = > > > with 'write' permissions as the user and parameters as indicated=20 > > > within smbldap-tools_bind.conf ? > > >=20 > > > Craig > > >=20 > > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote: > > > > Ok, I did not know that. I modified the two files in the > > > > /etc/smbldap-tools folder, although I am still getting the same=20 > > > > error. > > > >=20 > > > > I looked at the Samba archive for March and I notice some other=20 > > > > people seem to be having the same issue. March 2 - Bevan Agard > > > > March 6 - Hakan BAYINDIR > > > >=20 > > > > I try to add my Windows 2003 Server to the domain and I get an > > > > error that the user name could not be found. That is when I = tried=20 > > > > to manually execute the command that Samba is instructed to use=20 > > > > when adding a machine, which is when I got the error about it=20 > > > > cannot contact the LDAP server. > > > >=20 > > > > -----Original Message----- > > > > From: Craig White [mailto:craigwhite at azapple.com] > > > > Sent: Saturday, March 11, 2006 11:35 AM > > > > To: samba at lists.samba.org > > > > Subject: Re: [Samba] Unable to add computer to domain > > > >=20 > > > >=20 > > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: > > > > > I have an OpenLDAP backend, Samba knows how to talk to it, my=20 > > > > > Samba users are stored in LDAP and file shares work fine=20 > > > > > authenticating to the LDAP server. I tried executing=20 > > > > > smbldap-useradd -w server02 on the command-line and got the=20 > > > > > following error: failed to perform search; Can't contact LDAP=20 > > > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm=20 > > > > > line 362, <DATA> line > > > > 283. > > > > > Error looking for next uid at > > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993,=20 > > > > > <DATA> line > > > > 283. > > > > > =20 > > > > > Anyone have any ideas? > > > > ---- > > > > sounds as though you've been using tools other than smbldap to > > > > setup user accounts, etc. > > > >=20 > > > > smbldap has to be configured to talk to your LDAP server if you=20 > > > > expect it to work. > > > >=20 > > > > depending upon which version of smbldap you are using, your=20 > > > > config > > > > files will be in various places but I think the current place is = > > > > /etc/smbldap-tools directory these days. > > > >=20 > > > > Craig > > > >=20 > > > >=20 > > > >=20 > > >=20 > >=20 >=20 >=20 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
