Well I would want a nss_base_hosts too as whenever the server looks for host entries it should combine /etc/hosts and ou=Hosts. Also, can you actually define nss_base_passwd twice? To me that would not seem legal.
-----Original Message----- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 9:17 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain This makes more sense to me... nss_base_passwd ou=People,dc=bluemapletech,dc=com?one nss_base_shadow ou=People,dc=bluemapletech,dc=com?one nss_base_group ou=Groups,dc=bluemapletech,dc=com?one nss_base_passwd ou=Hosts,dc=bluemapletech,dc=com?one Craig > On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote: Craig, > Ok, I think I understand what you are saying. When I do getent passwd I get > a whole list of stuff but server02 is not listed. My ldap.conf has the > following entries: > nss_base_passwd ou=People,dc=bluemapletech,dc=com?one > nss_base_shadow ou=People,dc=bluemapletech,dc=com?sub > nss_base_group ou=Groups,dc=bluemapletech,dc=com?sub > nss_base_hosts ou=Hosts,dc=bluemapletech,dc=com?one > > How would I modify this to include ou=Hosts in the 'people' search? > 'dc=bluemapletech,dc=com?sub'? > > -----Original Message----- > From: Craig White [mailto:[EMAIL PROTECTED] > Sent: Monday, March 13, 2006 9:52 PM > To: Wesley Hobbie > Subject: RE: [Samba] Unable to add computer to domain > > I think that you've answered it already...you are going to have to > point ldap.conf to also search for 'people' in > ou=Hosts,dc=bluemapletech,dc=com as well as > ou=People,dc=bluemapletech,dc=com > > if getent can't find it, samba can't find it and it is not gonna work. > > Craig > > On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote: > > ldapsearch: > > # server02$, Hosts, bluemapletech.com > > dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > cn: server02$ > > sn: server02$ > > uid: server02$ > > uidNumber: 1002 > > gidNumber: 515 > > homeDirectory: /dev/null > > loginShell: /bin/false > > description: > > Computer gecos: Computer > > > > getent passwd | grep server02 returns nothing. > > > > Computers go in ou=Hosts and users go in ou=People. > > > > What exactly do you want from the ldap.config file? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > On Behalf Of Craig White > > Sent: Monday, March 13, 2006 9:27 PM > > To: Wesley Hobbie > > Cc: samba@lists.samba.org > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > It might be helpful to put cards on table here... > > > > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ > > -W '(uid=server02*)' > > > > getent passwd |grep server02 > > > > and are you putting computers in the same container as users or do > > you > > have separate container for computers? > > > > what does the relevant section in ldap.conf look like? > > > > Craig > > > > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: > > > I did a search on Google and all I found was a bunch of copies of > > > a conversation between Fran Fabrizio and John H Terpstra, and in > > > the end Fran did not have the add machine script. > > > > > > I have the add machine script, that is not the problem, when I try > > > to > > > join the domain from the Windows server, it does create the account in > > > LDAP and still fails :-(. I did look at the server02.log file (log > > > file for my Windows 2003 Server) and I see the following entries: > > > [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: Permission > > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111) > > > sys_gethostbyname(server02): lookup failure. > > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) > > > Matchname failed on server02 172.16.0.11 > > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) > > > Unable to open new log file /var/log/samba/server02.log: Permission > > > denied [2006/03/13 20:55:52, 0] > > > rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: > > > Running the command `/usr/sbin/smbldap-useradd -w "server02$"' gave 9 > > > > > > -----Original Message----- > > > From: James Taylor [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 13, 2006 1:25 PM > > > To: 'Wesley Hobbie'; [EMAIL PROTECTED] > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > > > > Wes, > > > > > > Do a google search on this topic: [Samba] Can't join my domain > > > > > > You will see what the problem is with the username can't be found. > > > > > > James > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > On Behalf Of Wesley Hobbie > > > Sent: Sunday, March 12, 2006 11:14 AM > > > To: [EMAIL PROTECTED] > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > Hey Craig, > > > Actually I found on the Internet that I needed to run > > > smbldap-populate, so I did and now I can manually add the user, > > > although when I go to my Windows 2003 Server to join the domain I > > > am still having a problem. > > > > > > Wes > > > > > > -----Original Message----- > > > From: Wesley Hobbie > > > Sent: Sunday, March 12, 2006 5:57 PM > > > To: [EMAIL PROTECTED] > > > Cc: samba@lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > I can connect to LDAP via the command line, and I am using the > > > same user in smb.conf as I am in smbldap-tools_bind.config. > > > > > > Excerpt from smb.conf: > > > passdb backend = ldapsam:ldap://server01.bluemapletech.com > > > ldap suffix = dc=mydomain,dc=com > > > ldap machine suffix = ou=Hosts > > > ldap admin dn = cn=root,dc=mydomain,dc=com > > > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > > > > > Excerpt from smbldap.conf: > > > slaveLDAP="127.0.0.1" > > > slavePort="389" > > > > > > masterLDAP="127.0.0.1" > > > masterPort="389" > > > > > > ldapTLS="1" > > > suffix="dc=mydomain,dc=com" > > > usersdn="ou=People,${suffix}" computersdn="ou=Hosts,${suffix}" > > > > > > with_smbpasswd="0" > > > smbpasswd="/usr/bin/smbpasswd" (I am wondering if this is right?) > > > > > > with_slappasswd="0" > > > slappasswd="/usr/sbin/slappasswd" > > > > > > Excerpt from smbldap_bind.conf: > > > slaveDN="cn=root,dc=mydomain,dc=com" > > > slavePw="**********" > > > masterDN="cn=root,dc=mydomain,dc=com" > > > masterPw="**********" > > > > > > Actually, I while I was copying the info from the files I noticed > > > I mispelled my domain name, so I fixed it and tried it again. Now > > > I do not get an error about it cannot contact the LDAP server, > > > only that it could not find the next uid, "Error looking for next > > > uid." > > > > > > -----Original Message----- > > > From: Craig White [mailto:craigwhite at azapple.com] > > > Sent: Sunday, March 12, 2006 11:25 AM > > > To: Wesley Hobbie > > > Cc: samba at lists.samba.org > > > Subject: RE: [Samba] Unable to add computer to domain > > > > > > > > > I'm going to ignore other users problems since they may or may not > > > have similarities to your issues. > > > > > > Can you actually connect to your LDAP server from the command > > > line? > > > > > > Can you actually connect to your LDAP server from the command line > > > with 'write' permissions as the user and parameters as indicated > > > within smb.conf ? > > > > > > Can you actually connect to your LDAP server from the command line > > > with 'write' permissions as the user and parameters as indicated > > > within smbldap-tools_bind.conf ? > > > > > > Craig > > > > > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote: > > > > Ok, I did not know that. I modified the two files in the > > > > /etc/smbldap-tools folder, although I am still getting the same > > > > error. > > > > > > > > I looked at the Samba archive for March and I notice some other > > > > people seem to be having the same issue. March 2 - Bevan Agard > > > > March 6 - Hakan BAYINDIR > > > > > > > > I try to add my Windows 2003 Server to the domain and I get an > > > > error that the user name could not be found. That is when I tried > > > > to manually execute the command that Samba is instructed to use > > > > when adding a machine, which is when I got the error about it > > > > cannot contact the LDAP server. > > > > > > > > -----Original Message----- > > > > From: Craig White [mailto:craigwhite at azapple.com] > > > > Sent: Saturday, March 11, 2006 11:35 AM > > > > To: samba at lists.samba.org > > > > Subject: Re: [Samba] Unable to add computer to domain > > > > > > > > > > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote: > > > > > I have an OpenLDAP backend, Samba knows how to talk to it, my > > > > > Samba users are stored in LDAP and file shares work fine > > > > > authenticating to the LDAP server. I tried executing > > > > > smbldap-useradd -w server02 on the command-line and got the > > > > > following error: failed to perform search; Can't contact LDAP > > > > > server at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm > > > > > line 362, <DATA> line > > > > 283. > > > > > Error looking for next uid at > > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, > > > > > <DATA> line > > > > 283. > > > > > > > > > > Anyone have any ideas? > > > > ---- > > > > sounds as though you've been using tools other than smbldap to > > > > setup user accounts, etc. > > > > > > > > smbldap has to be configured to talk to your LDAP server if you > > > > expect it to work. > > > > > > > > depending upon which version of smbldap you are using, your > > > > config > > > > files will be in various places but I think the current place is > > > > /etc/smbldap-tools directory these days. > > > > > > > > Craig > > > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba