This makes more sense to me...
nss_base_passwd ou=People,dc=bluemapletech,dc=com?one
nss_base_shadow ou=People,dc=bluemapletech,dc=com?one
nss_base_group ou=Groups,dc=bluemapletech,dc=com?one
nss_base_passwd ou=Hosts,dc=bluemapletech,dc=com?one
Craig
> On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote:
> Craig,
> Ok, I think I understand what you are saying. When I do getent passwd I
get
> a whole list of stuff but server02 is not listed. My ldap.conf has the
> following entries:
> nss_base_passwd ou=People,dc=bluemapletech,dc=com?one
> nss_base_shadow ou=People,dc=bluemapletech,dc=com?sub
> nss_base_group ou=Groups,dc=bluemapletech,dc=com?sub
> nss_base_hosts ou=Hosts,dc=bluemapletech,dc=com?one
>
> How would I modify this to include ou=Hosts in the 'people' search?
> 'dc=bluemapletech,dc=com?sub'?
>
> -----Original Message-----
> From: Craig White [mailto:craigwhite@azapple.com]
> Sent: Monday, March 13, 2006 9:52 PM
> To: Wesley Hobbie
> Subject: RE: [Samba] Unable to add computer to domain
>
> I think that you've answered it already...you are going to have to
point
> ldap.conf to also search for 'people' in
ou=Hosts,dc=bluemapletech,dc=com as
> well as ou=People,dc=bluemapletech,dc=com
>
> if getent can't find it, samba can't find it and it is not gonna
work.
>
> Craig
>
> On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote:
> > ldapsearch:
> > # server02$, Hosts, bluemapletech.com
> > dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > cn: server02$
> > sn: server02$
> > uid: server02$
> > uidNumber: 1002
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description:
> > Computer gecos: Computer
> >
> > getent passwd | grep server02 returns nothing.
> >
> > Computers go in ou=Hosts and users go in ou=People.
> >
> > What exactly do you want from the ldap.config file?
> >
> > -----Original Message-----
> > From: samba-bounces+whobbie81-linuxgeek=yahoo.com@lists.samba.org
> > [mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com@lists.samba.org]
> > On Behalf Of Craig White
> > Sent: Monday, March 13, 2006 9:27 PM
> > To: Wesley Hobbie
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> >
> >
> > It might be helpful to put cards on table here...
> >
> > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> > -W '(uid=server02*)'
> >
> > getent passwd |grep server02
> >
> > and are you putting computers in the same container as users or do you
> > have separate container for computers?
> >
> > what does the relevant section in ldap.conf look like?
> >
> > Craig
> >
> > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > > I did a search on Google and all I found was a bunch of copies of
a
> > > conversation between Fran Fabrizio and John H Terpstra, and in
the end
> > > Fran did not have the add machine script.
> > >
> > > I have the add machine script, that is not the problem, when I
try
> > > to
> > > join the domain from the Windows server, it does create the
account in
> > > LDAP and still fails :-(. I did look at the server02.log file
(log
> > > file for my Windows 2003 Server) and I see the following entries:
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> > > sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> > > Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> > > Unable to open new log file /var/log/samba/server02.log:
Permission
> > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> > > sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> > > Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> > > Unable to open new log file /var/log/samba/server02.log:
Permission
> > > denied [2006/03/13 20:55:52, 0]
> > > rpc_server/srv_samr_nt.c:_samr_create_user(2404)
_samr_create_user:
> > > Running the command `/usr/sbin/smbldap-useradd -w
"server02$"' gave 9
> > >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor@laszlosystems.com]
> > > Sent: Monday, March 13, 2006 1:25 PM
> > > To: 'Wesley Hobbie'; craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >
> > >
> > > Wes,
> > >
> > > Do a google search on this topic: [Samba] Can't join my
domain
> > >
> > > You will see what the problem is with the username can't be
found.
> > >
> > > James
> > >
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=laszlosystems.com@lists.samba.org
> > > [mailto:samba-bounces+jtaylor=laszlosystems.com@lists.samba.org]
On
> > > Behalf Of Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 11:14 AM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >
> > > Hey Craig,
> > > Actually I found on the Internet that I needed to run
> > > smbldap-populate, so I did and now I can manually add the user,
> > > although when I go to my Windows 2003 Server to join the domain I
am
> > > still having a problem.
> > >
> > > Wes
> > >
> > > -----Original Message-----
> > > From: Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 5:57 PM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >
> > > I can connect to LDAP via the command line, and I am using the
same
> > > user in smb.conf as I am in smbldap-tools_bind.config.
> > >
> > > Excerpt from smb.conf:
> > > passdb backend = ldapsam:ldap://server01.bluemapletech.com
> > > ldap suffix = dc=mydomain,dc=com
> > > ldap machine suffix = ou=Hosts
> > > ldap admin dn = cn=root,dc=mydomain,dc=com
> > > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> > >
> > > Excerpt from smbldap.conf:
> > > slaveLDAP="127.0.0.1"
> > > slavePort="389"
> > >
> > > masterLDAP="127.0.0.1"
> > > masterPort="389"
> > >
> > > ldapTLS="1"
> > > suffix="dc=mydomain,dc=com"
> > > usersdn="ou=People,${suffix}"
computersdn="ou=Hosts,${suffix}"
> > >
> > > with_smbpasswd="0"
> > > smbpasswd="/usr/bin/smbpasswd" (I am wondering if this
is right?)
> > >
> > > with_slappasswd="0"
> > > slappasswd="/usr/sbin/slappasswd"
> > >
> > > Excerpt from smbldap_bind.conf:
slaveDN="cn=root,dc=mydomain,dc=com"
> > > slavePw="**********"
> > > masterDN="cn=root,dc=mydomain,dc=com"
> > > masterPw="**********"
> > >
> > > Actually, I while I was copying the info from the files I noticed
I
> > > mispelled my domain name, so I fixed it and tried it again. Now
I do
> > > not get an error about it cannot contact the LDAP server, only
that it
> > > could not find the next uid, "Error looking for next
uid."
> > >
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Sunday, March 12, 2006 11:25 AM
> > > To: Wesley Hobbie
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > >
> > >
> > > I'm going to ignore other users problems since they may or
may not
> > > have similarities to your issues.
> > >
> > > Can you actually connect to your LDAP server from the command
line?
> > >
> > > Can you actually connect to your LDAP server from the command
line
> > > with 'write' permissions as the user and parameters as
indicated
> > > within smb.conf ?
> > >
> > > Can you actually connect to your LDAP server from the command
line
> > > with 'write' permissions as the user and parameters as
indicated
> > > within smbldap-tools_bind.conf ?
> > >
> > > Craig
> > >
> > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > > Ok, I did not know that. I modified the two files in the
> > > > /etc/smbldap-tools folder, although I am still getting the
same
> > > > error.
> > > >
> > > > I looked at the Samba archive for March and I notice some
other
> > > > people
> > > > seem to be having the same issue. March 2 - Bevan Agard
> > > > March 6 - Hakan BAYINDIR
> > > >
> > > > I try to add my Windows 2003 Server to the domain and I get
an
> > > > error that the user name could not be found. That is when I
tried
> > > > to manually execute the command that Samba is instructed to
use
> > > > when adding a machine, which is when I got the error about
it
> > > > cannot contact the LDAP server.
> > > >
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Saturday, March 11, 2006 11:35 AM
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Unable to add computer to domain
> > > >
> > > >
> > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > > I have an OpenLDAP backend, Samba knows how to talk to
it, my
> > > > > Samba users are stored in LDAP and file shares work
fine
> > > > > authenticating to the LDAP server. I tried executing
> > > > > smbldap-useradd -w server02 on the command-line and got
the
> > > > > following error: failed to perform search; Can't
contact LDAP
> > > > > server at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line
> > > > > 362, <DATA> line
> > > > 283.
> > > > > Error looking for next uid at
> > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line
993,
> > > > > <DATA> line
> > > > 283.
> > > > >
> > > > > Anyone have any ideas?
> > > > ----
> > > > sounds as though you've been using tools other than
smbldap to
> > > > setup user accounts, etc.
> > > >
> > > > smbldap has to be configured to talk to your LDAP server if
you
> > > > expect
> > > > it to work.
> > > >
> > > > depending upon which version of smbldap you are using, your
config
> > > > files will be in various places but I think the current
place is
> > > > /etc/smbldap-tools directory these days.
> > > >
> > > > Craig
> > > >
> > > >
> > > >
> > >
> >
>
>