Re: [Samba] can't create workstation account
Hi all, Found this thread while searching for the problem you have and have found a cure that works for me. Whenever joining the domain from a Windows XP machine it was only creating the Posix side of the account and not the sambaSamAccount that's required for a successful account creation. Found the following in another thread from 2005. Basically, change your add machine script in smb.conf from: smbldap-useradd -w %u to smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false %m -d sets the home directory of the machine user to non-existant (/dev/null) -c sets the gecos and may not be strictly necessary (haven't tried without) -s disables sets a non-existent login shell and most importantly, %m sets the account name to the correct machine name parameter, not user name. Ironically, if I now run: smbldap-usershow jpb-laptop$ after successfully connecting my laptop to the domain, I get no entry returned. Slapcat'ing my ldap database however, shows the machine account with all the correct Samba and Posix entries and logins work fine. Let me know if this works for you and post it as [Solved] if it does. Cheers, Jools Sascha Bieler wrote: `/usr/sbin/smbldap-useradd -w blackhawk$' gave 9 The command smbldap-useradd exit with exit code 9, which means error. It should exit with error 9, try running something like this: I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070521123527Z entryCSN: 20070521123527Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070521123527Z /usr/sbin/smbldap-useradd -w test123$ and see if there is an error No error and account is added like this: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1017 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070522075607Z entryCSN: 20070522075607Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070522075607Z While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong. Thanks for helping and thinking! Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't create workstation account
Unfortunatly this does not help also. Still get message: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Using interface ppp1 Connect: ppp1 -- /dev/pts/1 Winbind has declined authentication for user! NT_STATUS_CANT_ACCESS_DOMAIN_INFO Peer MUSIC\\pwm failed CHAP authentication Connection terminated. When trying to authenticate against SMB-Domain. Too bad... :-( Best regards Sascha -Original Message- From: Julian Pilfold-Bagwell [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 23, 2007 12:54 PM To: Sascha Bieler Cc: samba@lists.samba.org Subject: Re: [Samba] can't create workstation account Hi all, Found this thread while searching for the problem you have and have found a cure that works for me. Whenever joining the domain from a Windows XP machine it was only creating the Posix side of the account and not the sambaSamAccount that's required for a successful account creation. Found the following in another thread from 2005. Basically, change your add machine script in smb.conf from: smbldap-useradd -w %u to smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false %m -d sets the home directory of the machine user to non-existant (/dev/null) -c sets the gecos and may not be strictly necessary (haven't tried without) -s disables sets a non-existent login shell and most importantly, %m sets the account name to the correct machine name parameter, not user name. Ironically, if I now run: smbldap-usershow jpb-laptop$ after successfully connecting my laptop to the domain, I get no entry returned. Slapcat'ing my ldap database however, shows the machine account with all the correct Samba and Posix entries and logins work fine. Let me know if this works for you and post it as [Solved] if it does. Cheers, Jools Sascha Bieler wrote: `/usr/sbin/smbldap-useradd -w blackhawk$' gave 9 The command smbldap-useradd exit with exit code 9, which means error. It should exit with error 9, try running something like this: I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070521123527Z entryCSN: 20070521123527Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070521123527Z /usr/sbin/smbldap-useradd -w test123$ and see if there is an error No error and account is added like this: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1017 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070522075607Z entryCSN: 20070522075607Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070522075607Z While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong. Thanks for helping and thinking! Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
`/usr/sbin/smbldap-useradd -w blackhawk$' gave 9 The command smbldap-useradd exit with exit code 9, which means error. It should exit with error 9, try running something like this: I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070521123527Z entryCSN: 20070521123527Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070521123527Z /usr/sbin/smbldap-useradd -w test123$ and see if there is an error No error and account is added like this: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1017 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070522075607Z entryCSN: 20070522075607Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070522075607Z While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong. Thanks for helping and thinking! Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't create workstation account
Found also this one in logs... _net_auth2: failed to get machine password for account BLACKHAWK$: NT_STATUS_ACCESS_DENIED Mmmmhh? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
Are you joining a Samba domain ? If so, that error msg is probably not your problem. Yes, I try to... Does somebody have a hint form e, plz? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
You need to post the error from the .log file not the error that appears in the output of the command. Try looking at the log files in the samba server HTH Oliver -- Oliver Schulze L. | http://tinymailto.com/oliver Asuncion - Paraguay | http://www.solojuegos.mobi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't create workstation account
Aham, I posted the log files, please hav a look again... -Original Message- From: Sascha Bieler [mailto:[EMAIL PROTECTED] Sent: Monday, May 21, 2007 6:53 PM To: 'Sascha Bieler' Subject: RE: [Samba] can't create workstation account net join -U Administrator gives: == log.192.168.100.222 == [2007/05/21 18:51:58, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 514 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 514 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 512 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: Administrator [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/05/21 18:51:58, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/05/21 18:51:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation BLACKHAWK$: no account in domain [2007/05/21 18:51:58, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account BLACKHAWK$: NT_STATUS_ACCESS_DENIED == log.blackhawk == [2007/05/21 18:51:59, 0] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w blackhawk$' gave 9 [2007/05/21 18:51:59, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp and still cannot join the samba domain. What do I miss? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
`/usr/sbin/smbldap-useradd -w blackhawk$' gave 9 The command smbldap-useradd exit with exit code 9, which means error. It should exit with error 9, try running something like this: /usr/sbin/smbldap-useradd -w test123$ and see if there is an error HTH Oliver -- Oliver Schulze L. | http://tinymailto.com/oliver Asuncion - Paraguay | http://www.solojuegos.mobi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't create workstation account
Hi there, trying to setup ntlm authentication for vpn-networking and now having trouble to get the machin in domain account trust state. wbinfo -u and -g works well smbclient works well also Starting winbind daemons generates following error: cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine MEATLOAF pipe \lsarpc fnum 0x75af! net join -U administrator - Creation of workstation account failed Unable to join domain Having a look in the ldif extracted from slapcat says: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1011 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: f9b8d4d6-99a0-102b-9a06-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070518153413Z entryCSN: 20070518153413Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070518153413Z So the machine account is half alive... smb.conf: [global] workgroup = MUSIC netbios name = BLACKHAWK security = domain server string = VPN Gateway %v password server = 192.168.100.1 wins support = no wins server = 192.168.100.1 max log size = 1 local master = no winbind enum users = yes winbind enum groups = yes #winbind use default domain = yes winbind separator = / idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false interfaces = lo, eth0 bind interfaces only = Yes syslog = 0 os level = 16 DNS works correctly. WINS too. # /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Linux is debian 4.0 Has anyone a hint what may go wrong? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sascha Bieler wrote: Hi there, trying to setup ntlm authentication for vpn-networking and now having trouble to get the machin in domain account trust state. wbinfo -u and -g works well smbclient works well also Starting winbind daemons generates following error: cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine MEATLOAF pipe \lsarpc fnum 0x75af! Are you joining a Samba domain ? If so, that error msg is probably not your problem. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTczmIR7qMdg1EfYRAibbAJ4mpZNXbBuhFpyBRCrQuurKRTpJ8ACgvSnM l+7Ij5gCJDjTLvZLcPbcRwE= =XYqS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba