samba - Mar 2006 - Unable to add computer to domain

I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users
are stored in LDAP and file shares work fine authenticating to the LDAP
server.
I tried executing smbldap-useradd -w server02 on the command-line and got
the following error:
failed to perform search; Can't contact LDAP server at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, <DATA> line
283.
Error looking for next uid at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA> line
283.
 
Anyone have any ideas?
 
Wes

On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> I have an OpenLDAP backend, Samba knows how to talk to it, my Samba users
> are stored in LDAP and file shares work fine authenticating to the LDAP
> server.
> I tried executing smbldap-useradd -w server02 on the command-line and got
> the following error:
> failed to perform search; Can't contact LDAP server at
> /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362, <DATA>
line 283.
> Error looking for next uid at
> /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993, <DATA>
line 283.
>  
> Anyone have any ideas?
----
sounds as though you've been using tools other than smbldap to setup
user accounts, etc.

smbldap has to be configured to talk to your LDAP server if you expect
it to work.

depending upon which version of smbldap you are using, your config files
will be in various places but I think the current place
is /etc/smbldap-tools directory these days.

Craig

Hey Craig,
Actually I found on the Internet that I needed to run smbldap-populate, so I
did and now I can manually add the user, although when I go to my Windows
2003 Server to join the domain I am still having a problem.
 
Wes

I did a search on Google and all I found was a bunch of copies of a
conversation between Fran Fabrizio and John H Terpstra, and in the end Fran
did not have the add machine script.

I have the add machine script, that is not the problem, when I try to join
the domain from the Windows server, it does create the account in LDAP and
still fails :-(.  I did look at the server02.log file (log file for my
Windows 2003 Server) and I see the following entries:
[2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
   sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
   Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
   Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
   sys_gethostbyname(server02): lookup failure.
[2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
   Matchname failed on server02 172.16.0.11
[2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
   Unable to open new log file /var/log/samba/server02.log: Permission
denied [2006/03/13 20:55:52, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2404)   _samr_create_user:
Running the command `/usr/sbin/smbldap-useradd -w "server02$"'
gave 9

-----Original Message-----
From: James Taylor [mailto:jtaylor@laszlosystems.com] 
Sent: Monday, March 13, 2006 1:25 PM
To: 'Wesley Hobbie'; craigwhite@azapple.com
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


Wes,

Do a google search on this topic: [Samba] Can't join my domain

You will see what the problem is with the username can't be found.

James

-----Original Message-----
From: samba-bounces+jtaylor=laszlosystems.com@lists.samba.org
[mailto:samba-bounces+jtaylor=laszlosystems.com@lists.samba.org] On Behalf
Of Wesley Hobbie
Sent: Sunday, March 12, 2006 11:14 AM
To: craigwhite@azapple.com
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

Hey Craig,
Actually I found on the Internet that I needed to run smbldap-populate, so I
did and now I can manually add the user, although when I go to my Windows
2003 Server to join the domain I am still having a problem.
 
Wes

-----Original Message-----
From: Wesley Hobbie
Sent: Sunday, March 12, 2006 5:57 PM
To: craigwhite@azapple.com
Cc: samba@lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain

I can connect to LDAP via the command line, and I am using the same user in
smb.conf as I am in smbldap-tools_bind.config.

Excerpt from smb.conf:
passdb backend = ldapsam:ldap://server01.bluemapletech.com
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Hosts
ldap admin dn = cn=root,dc=mydomain,dc=com
add machine script = /usr/sbin/smbldap-useradd -w "%u"

Excerpt from smbldap.conf:
slaveLDAP="127.0.0.1"
slavePort="389"

masterLDAP="127.0.0.1"
masterPort="389"

ldapTLS="1"
suffix="dc=mydomain,dc=com"
usersdn="ou=People,${suffix}"
computersdn="ou=Hosts,${suffix}"

with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"  (I am wondering if this is right?)

with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

Excerpt from smbldap_bind.conf: slaveDN="cn=root,dc=mydomain,dc=com"
slavePw="**********"
masterDN="cn=root,dc=mydomain,dc=com"
masterPw="**********"

Actually, I while I was copying the info from the files I noticed I
mispelled my domain name, so I fixed it and tried it again.  Now I do not
get an error about it cannot contact the LDAP server, only that it could not
find the next uid, "Error looking for next uid."

-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com] 
Sent: Sunday, March 12, 2006 11:25 AM
To: Wesley Hobbie
Cc: samba at lists.samba.org
Subject: RE: [Samba] Unable to add computer to domain


I'm going to ignore other users problems since they may or may not have
similarities to your issues.

Can you actually connect to your LDAP server from the command line?

Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smb.conf
?

Can you actually connect to your LDAP server from the command line with
'write' permissions as the user and parameters as indicated within
smbldap-tools_bind.conf ?

Craig

On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> Ok, I did not know that.  I modified the two files in the
> /etc/smbldap-tools folder, although I am still getting the same error.
> 
> I looked at the Samba archive for March and I notice some other people
> seem to be having the same issue. March 2 - Bevan Agard
> March 6 - Hakan BAYINDIR
> 
> I try to add my Windows 2003 Server to the domain and I get an error
> that the user name could not be found.  That is when I tried to 
> manually execute the command that Samba is instructed to use when 
> adding a machine, which is when I got the error about it cannot 
> contact the LDAP server.
> 
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com]
> Sent: Saturday, March 11, 2006 11:35 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Unable to add computer to domain
> 
> 
> On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > I have an OpenLDAP backend, Samba knows how to talk to it, my Samba 
> > users are stored in LDAP and file shares work fine authenticating to 
> > the LDAP server. I tried executing smbldap-useradd -w server02 on 
> > the command-line and got the following error: failed to perform 
> > search; Can't contact LDAP server at 
> > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 362,
<DATA>
> > line
> 283.
> > Error looking for next uid at
> > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 993,
<DATA>
> > line
> 283.
> >  
> > Anyone have any ideas?
> ----
> sounds as though you've been using tools other than smbldap to setup
> user accounts, etc.
> 
> smbldap has to be configured to talk to your LDAP server if you expect
> it to work.
> 
> depending upon which version of smbldap you are using, your config
> files will be in various places but I think the current place is 
> /etc/smbldap-tools directory these days.
> 
> Craig
> 
> 
>

This makes more sense to me...

nss_base_passwd		ou=People,dc=bluemapletech,dc=com?one
nss_base_shadow		ou=People,dc=bluemapletech,dc=com?one
nss_base_group		ou=Groups,dc=bluemapletech,dc=com?one
nss_base_passwd		ou=Hosts,dc=bluemapletech,dc=com?one

Craig
> On Wed, 2006-03-15 at 19:20 -0600, Wesley Hobbie wrote:
> Craig,
> Ok, I think I understand what you are saying.  When I do getent passwd I
get
> a whole list of stuff but server02 is not listed.  My ldap.conf has the
> following entries:
> nss_base_passwd		ou=People,dc=bluemapletech,dc=com?one
> nss_base_shadow		ou=People,dc=bluemapletech,dc=com?sub
> nss_base_group		ou=Groups,dc=bluemapletech,dc=com?sub
> nss_base_hosts		ou=Hosts,dc=bluemapletech,dc=com?one
> 
> How would I modify this to include ou=Hosts in the 'people' search?
> 'dc=bluemapletech,dc=com?sub'?
> 
> -----Original Message-----
> From: Craig White [mailto:craigwhite@azapple.com] 
> Sent: Monday, March 13, 2006 9:52 PM
> To: Wesley Hobbie
> Subject: RE: [Samba] Unable to add computer to domain
> 
> I think that you've answered it already...you are going to have to
point
> ldap.conf to also search for 'people' in
ou=Hosts,dc=bluemapletech,dc=com as
> well as ou=People,dc=bluemapletech,dc=com
> 
> if getent can't find it, samba can't find it and it is not gonna
work.
> 
> Craig
> 
> On Mon, 2006-03-13 at 21:47 -0600, Wesley Hobbie wrote:
> > ldapsearch:
> > # server02$, Hosts, bluemapletech.com
> > dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > cn: server02$
> > sn: server02$
> > uid: server02$
> > uidNumber: 1002
> > gidNumber: 515
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > description:
> > Computer gecos: Computer
> > 
> > getent passwd | grep server02 returns nothing.
> > 
> > Computers go in ou=Hosts and users go in ou=People.
> > 
> > What exactly do you want from the ldap.config file?
> > 
> > -----Original Message-----
> > From: samba-bounces+whobbie81-linuxgeek=yahoo.com@lists.samba.org
> > [mailto:samba-bounces+whobbie81-linuxgeek=yahoo.com@lists.samba.org] 
> > On Behalf Of Craig White
> > Sent: Monday, March 13, 2006 9:27 PM
> > To: Wesley Hobbie
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Unable to add computer to domain
> > 
> > 
> > It might be helpful to put cards on table here...
> > 
> > ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \
> > -W '(uid=server02*)'
> > 
> > getent passwd |grep server02
> > 
> > and are you putting computers in the same container as users or do you
> > have separate container for computers?
> > 
> > what does the relevant section in ldap.conf look like?
> > 
> > Craig
> > 
> > On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote:
> > > I did a search on Google and all I found was a bunch of copies of
a
> > > conversation between Fran Fabrizio and John H Terpstra, and in
the end
> > > Fran did not have the add machine script.
> > > 
> > > I have the add machine script, that is not the problem, when I
try
> > > to
> > > join the domain from the Windows server, it does create the
account in
> > > LDAP and still fails :-(.  I did look at the server02.log file
(log
> > > file for my Windows 2003 Server) and I see the following entries:
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname(1111)
> > >    sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189)
> > >    Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597)
> > >    Unable to open new log file /var/log/samba/server02.log:
Permission
> > > denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname(1111)
> > >    sys_gethostbyname(server02): lookup failure.
> > > [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189)
> > >    Matchname failed on server02 172.16.0.11
> > > [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597)
> > >    Unable to open new log file /var/log/samba/server02.log:
Permission
> > > denied [2006/03/13 20:55:52, 0]
> > > rpc_server/srv_samr_nt.c:_samr_create_user(2404)  
_samr_create_user:
> > > Running the command `/usr/sbin/smbldap-useradd -w
"server02$"' gave 9
> > > 
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor@laszlosystems.com]
> > > Sent: Monday, March 13, 2006 1:25 PM
> > > To: 'Wesley Hobbie'; craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > 
> > > Wes,
> > > 
> > > Do a google search on this topic: [Samba] Can't join my
domain
> > > 
> > > You will see what the problem is with the username can't be
found.
> > > 
> > > James
> > > 
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=laszlosystems.com@lists.samba.org
> > > [mailto:samba-bounces+jtaylor=laszlosystems.com@lists.samba.org]
On
> > > Behalf Of Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 11:14 AM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > Hey Craig,
> > > Actually I found on the Internet that I needed to run
> > > smbldap-populate, so I did and now I can manually add the user, 
> > > although when I go to my Windows 2003 Server to join the domain I
am
> > > still having a problem.
> > >  
> > > Wes
> > > 
> > > -----Original Message-----
> > > From: Wesley Hobbie
> > > Sent: Sunday, March 12, 2006 5:57 PM
> > > To: craigwhite@azapple.com
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > I can connect to LDAP via the command line, and I am using the
same
> > > user in smb.conf as I am in smbldap-tools_bind.config.
> > > 
> > > Excerpt from smb.conf:
> > > passdb backend = ldapsam:ldap://server01.bluemapletech.com
> > > ldap suffix = dc=mydomain,dc=com
> > > ldap machine suffix = ou=Hosts
> > > ldap admin dn = cn=root,dc=mydomain,dc=com
> > > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> > > 
> > > Excerpt from smbldap.conf:
> > > slaveLDAP="127.0.0.1"
> > > slavePort="389"
> > > 
> > > masterLDAP="127.0.0.1"
> > > masterPort="389"
> > > 
> > > ldapTLS="1"
> > > suffix="dc=mydomain,dc=com"
> > > usersdn="ou=People,${suffix}"
computersdn="ou=Hosts,${suffix}"
> > > 
> > > with_smbpasswd="0"
> > > smbpasswd="/usr/bin/smbpasswd"  (I am wondering if this
is right?)
> > > 
> > > with_slappasswd="0"
> > > slappasswd="/usr/sbin/slappasswd"
> > > 
> > > Excerpt from smbldap_bind.conf:
slaveDN="cn=root,dc=mydomain,dc=com"
> > > slavePw="**********"
> > > masterDN="cn=root,dc=mydomain,dc=com"
> > > masterPw="**********"
> > > 
> > > Actually, I while I was copying the info from the files I noticed
I
> > > mispelled my domain name, so I fixed it and tried it again.  Now
I do
> > > not get an error about it cannot contact the LDAP server, only
that it
> > > could not find the next uid, "Error looking for next
uid."
> > > 
> > > -----Original Message-----
> > > From: Craig White [mailto:craigwhite at azapple.com]
> > > Sent: Sunday, March 12, 2006 11:25 AM
> > > To: Wesley Hobbie
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Unable to add computer to domain
> > > 
> > > 
> > > I'm going to ignore other users problems since they may or
may not
> > > have similarities to your issues.
> > > 
> > > Can you actually connect to your LDAP server from the command
line?
> > > 
> > > Can you actually connect to your LDAP server from the command
line
> > > with 'write' permissions as the user and parameters as
indicated
> > > within smb.conf ?
> > > 
> > > Can you actually connect to your LDAP server from the command
line
> > > with 'write' permissions as the user and parameters as
indicated
> > > within smbldap-tools_bind.conf ?
> > > 
> > > Craig
> > > 
> > > On Sun, 2006-03-12 at 10:57 -0600, Wesley Hobbie wrote:
> > > > Ok, I did not know that.  I modified the two files in the 
> > > > /etc/smbldap-tools folder, although I am still getting the
same
> > > > error.
> > > > 
> > > > I looked at the Samba archive for March and I notice some
other
> > > > people
> > > > seem to be having the same issue. March 2 - Bevan Agard
> > > > March 6 - Hakan BAYINDIR
> > > > 
> > > > I try to add my Windows 2003 Server to the domain and I get
an
> > > > error that the user name could not be found.  That is when I
tried
> > > > to manually execute the command that Samba is instructed to
use
> > > > when adding a machine, which is when I got the error about
it
> > > > cannot contact the LDAP server.
> > > > 
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Saturday, March 11, 2006 11:35 AM
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Unable to add computer to domain
> > > > 
> > > > 
> > > > On Sat, 2006-03-11 at 11:10 -0600, Wesley Hobbie wrote:
> > > > > I have an OpenLDAP backend, Samba knows how to talk to
it, my
> > > > > Samba users are stored in LDAP and file shares work
fine
> > > > > authenticating to the LDAP server. I tried executing 
> > > > > smbldap-useradd -w server02 on the command-line and got
the
> > > > > following error: failed to perform search; Can't
contact LDAP
> > > > > server at
/usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line
> > > > > 362, <DATA> line
> > > > 283.
> > > > > Error looking for next uid at 
> > > > > /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line
993,
> > > > > <DATA> line
> > > > 283.
> > > > >  
> > > > > Anyone have any ideas?
> > > > ----
> > > > sounds as though you've been using tools other than
smbldap to
> > > > setup user accounts, etc.
> > > > 
> > > > smbldap has to be configured to talk to your LDAP server if
you
> > > > expect
> > > > it to work.
> > > > 
> > > > depending upon which version of smbldap you are using, your
config
> > > > files will be in various places but I think the current
place is
> > > > /etc/smbldap-tools directory these days.
> > > > 
> > > > Craig
> > > > 
> > > > 
> > > > 
> > > 
> > 
> 
>