On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: > I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not > working I went and grabbed the most recent. I am using Mandriva 2006 > x86-64. > > I am sorry, what was your advice that I did not follow? ---- I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com
if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) ---- > > -----Original Message----- > From: Craig White [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 14, 2006 7:58 PM > To: Wesley Hobbie > Cc: 'James Taylor'; [email protected] > Subject: RE: [Samba] Unable to add computer to domain > > > The idea that you could use one piece of his smbldap-tools was an exercise > in futility. > > First of all, is your smbldap-tools up to date or very reasonably close to > up to date? I haven't a clue what OS you are using or version of > smbldap-tools, or packaging. > > Second of all, there were other things wrong with the results from the > ldapsearch which returned the dn of uid=server-02 > $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at > that point because getent passwd couldn't find them anyway. I don't mind > that you don't want to follow my advice but would then prefer that you take > me off the reply list. > > Whatever you've got installed and configured for smbldap-tools doesn't > appear to be configured correctly and may be too old. > > At the point where you have a working ldap and smbldap-tools, we can review > the add user/machine scripts within samba. > > Craig > > On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: > > I tried your script, but I am still getting the same error. I deleted > > the LDAP entry, tried again, and now the entry is not even being > > created. I checked my log file and I get slightly different results > > now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname(1111) > > sys_gethostbyname(server02): lookup failure. > > [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) > > Matchname failed on server02 172.16.0.11 > > [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/server02.log: Permission > > denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname(1111) > > sys_gethostbyname(server02): lookup failure. > > [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) > > Matchname failed on server02 172.16.0.11 > > [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/server02.log: Permission > > denied [2006/03/14 19:11:06, 0] > rpc_server/srv_samr_nt.c:_samr_create_user(2404) > > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w > > "server02$"' gave 9 [2006/03/14 19:15:49, 0] > > lib/util_sock.c:matchname(1111) > > sys_gethostbyname(server02): lookup failure. > > [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) > > Matchname failed on server02 172.16.0.11 > > [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/server02.log: Permission > > denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname(1111) > > sys_gethostbyname(server02): lookup failure. > > [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) > > Matchname failed on server02 172.16.0.11 > > [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/server02.log: Permission > > denied > > Error: modifications require authentication at > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, <DATA> line > > 283. > > [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) > > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w > > "server02$"' gave 127 > > [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/server02.log: Permission > denied > > > > -----Original Message----- > > From: James Taylor [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 14, 2006 12:23 PM > > To: 'Wesley Hobbie'; 'Craig White' > > Cc: [email protected] > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > Here is what you are missing: sambaSAMAccount information. > > > > Use the script attached to this email to fix this problem. > > > > James > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Wesley Hobbie > > Sent: Monday, March 13, 2006 7:48 PM > > To: 'Craig White' > > Cc: [email protected] > > Subject: RE: [Samba] Unable to add computer to domain > > > > ldapsearch: > > # server02$, Hosts, bluemapletech.com > > dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > cn: server02$ > > sn: server02$ > > uid: server02$ > > uidNumber: 1002 > > gidNumber: 515 > > homeDirectory: /dev/null > > loginShell: /bin/false > > description: > > Computer gecos: Computer > > > > getent passwd | grep server02 returns nothing. > > > > Computers go in ou=Hosts and users go in ou=People. > > > > What exactly do you want from the ldap.config file? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > On Behalf Of Craig White > > Sent: Monday, March 13, 2006 9:27 PM > > To: Wesley Hobbie > > Cc: [email protected] > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > It might be helpful to put cards on table here... > > > > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ > > -W '(uid=server02*)' > > > > getent passwd |grep server02 > > > > and are you putting computers in the same container as users or do you > > have separate container for computers? > > > > what does the relevant section in ldap.conf look like? > > > > Craig > > > > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: > > > I did a search on Google and all I found was a bunch of copies of a > > > conversation between Fran Fabrizio and John H Terpstra, and in the > > > end Fran did not have the add machine script. > > > > > > I have the add machine script, that is not the problem, when I try > > > to join the domain from the Windows server, it does create the > > > account in LDAP and still fails :-(. I did look at the server02.log > > > file (log file for my Windows 2003 Server) and I see the following > > > entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: > > > Permission > > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: Permission > > > denied [2006/03/13 20:55:52, 0] > > > rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: > > > Running the command `/usr/sbin/smbldap-useradd -w "server02$"' gave 9 > > > > > > -----Original Message----- > > > From: James Taylor [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 13, 2006 1:25 PM > > > To: 'Wesley Hobbie'; [EMAIL PROTECTED] > > > Cc: [email protected] > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > > > > Wes, > > > > > > Do a google search on this topic: [Samba] Can't join my domain > > > > > > You will see what the problem is with the username can't be found. > > > > > > James > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > > > Behalf Of Wesley Hobbie > > > Sent: Sunday, March 12, 2006 11:14 AM > > > To: [EMAIL PROTECTED] > > > Cc: [email protected] > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > Hey Craig, > > > Actually I found on the Internet that I needed to run > > > smbldap-populate, so I did and now I can manually add the user, > > > although when I go to my Windows 2003 Server to join the domain I am > > > still having a problem. > > > > > > Wes > > > > > > -----Original Message----- > > > From: Wesley Hobbie > > > Sent: Sunday, March 12, 2006 5:57 PM > > > To: [EMAIL PROTECTED] > > > Cc: [email protected] > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > I can connect to LDAP via the command line, and I am using the same > > > user in smb.conf as I am in smbldap-tools_bind.config. > > > > > > Excerpt from smb.conf: > > > passdb backend = ldapsam:ldap://server01.bluemapletech.com > > > ldap suffix = dc=mydomain,dc=com > > > ldap machine suffix = ou=Hosts > > > ldap admin dn = cn=root,dc=mydomain,dc=com > > > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > > > > > Excerpt from smbldap.conf: > > > slaveLDAP="127.0.0.1" > > > slavePort="389" > > > > > > masterLDAP="127.0.0.1" > > > masterPort="389" > > > > > > ldapTLS="1" > > > suffix="dc=mydomain,dc=com" > > > usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}" > > > > > > with_smbpasswd="0" > > > smbpasswd="/usr/bin/smbpasswd" (I am wondering if this is right?) > > > > > > with_slappasswd="0" > > > slappasswd="/usr/sbin/slappasswd" > > > > > > Excerpt from smbldap_bind.conf: slaveDN="cn=root,dc=mydomain,dc=com" > > > slavePw="**********" > > > masterDN="cn=root,dc=mydomain,dc=com" > > > masterPw="**********" > > > > > > Actually, I while I was copying the info from the files I noticed I > > > mispelled my domain name, so I fixed it and tried it again. Now I > > > do not get an error about it cannot contact the LDAP server, only > > > that it could not find the next uid, "Error looking for next uid." > > > > > > -----Original Message----- > > > From: Craig White [mailto:craigwhite at azapple.com] > > > Sent: Sunday, March 12, 2006 11:25 AM > > > To: Wesley Hobbie > > > Cc: samba at lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > > > > I'm going to ignore other users problems since they may or may not > > > have similarities to your issues. > > > > > > Can you actually connect to your LDAP server from the command line? > > > > > > Can you actually connect to your LDAP server from the command line > > > with 'write' permissions as the user and parameters as indicated > > > within smb.conf ? > > > > > > Can you actually connect to your LDAP server from the command line > > > with 'write' permissions as the user and parameters as indicated > > > within smbldap-tools_bind.conf ? > > > > > > Craig > > > > > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote: > > > > Ok, I did not know that. I modified the two files in the > > > > /etc/smbldap-tools folder, although I am still getting the same > > > > error. > > > > > > > > I looked at the Samba archive for March and I notice some other > > > > people seem to be having the same issue. March 2 - Bevan Agard > > > > March 6 - Hakan BAYINDIR > > > > > > > > I try to add my Windows 2003 Server to the domain and I get an > > > > error > > > > that the user name could not be found. That is when I tried to > > > > manually execute the command that Samba is instructed to use when > > > > adding a machine, which is when I got the error about it cannot > > > > contact the LDAP server. > > > > > > > > -----Original Message----- > > > > From: Craig White [mailto:craigwhite at azapple.com] > > > > Sent: Saturday, March 11, 2006 11:35 AM > > > > To: samba at lists.samba.org > > > > Subject: Re: [Samba] Unable to add computer to domain > > > > > > > > > > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: > > > > > I have an OpenLDAP backend, Samba knows how to talk to it, my > > > > > Samba users are stored in LDAP and file shares work fine > > > > > authenticating to the LDAP server. I tried executing > > > > > smbldap-useradd -w server02 on the command-line and got the > > > > > following error: failed to perform search; Can't contact LDAP > > > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line > > > > > 362, <DATA> line > > > > 283. > > > > > Error looking for next uid at > > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA> > > > > > line > > > > 283. > > > > > > > > > > Anyone have any ideas? > > > > ---- > > > > sounds as though you've been using tools other than smbldap to > > > > setup > > > > user accounts, etc. > > > > > > > > smbldap has to be configured to talk to your LDAP server if you > > > > expect it to work. > > > > > > > > depending upon which version of smbldap you are using, your config > > > > files will be in various places but I think the current place is > > > > /etc/smbldap-tools directory these days. > > > > > > > > Craig > > > > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
