[Samba] Can No Longer Join to Domain

Author

Message

Jason Baker
External

Since: Jan 11, 2007
Posts: 62

Posted: Fri Mar 23, 2007 3:02 pm Post subject: [Samba] Can No Longer Join to Domain Archived from groups: linux>samba (more info?)

I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. When I first set everything up, I could join workstations to the domain automatically with the Windows Network ID Wizard. Now when I try to join a workstation I get: Your computer could not be joined to the domain because the following error has occurred: The user name could not be found. If I add the computer name to the domain manually from the command line or with LDAP Account Manager, then go back and join it, it works. But it sure would be nice not to have to set up each machine manually. Any thoughts? [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1/ ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u" add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g" #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g" add user to group script = /etc/smbldap-tools/smbldap-groupmod -m "%u" "%g" delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" set primary group script = /etc/smbldap-tools/smbldap-usermod -g "%g" "%u" domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = #=========Shares======= template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no -- Jason Baker /IT Coordinator/ Glastender Inc. 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

sato x
External

Since: Nov 14, 2006
Posts: 17

Posted: Sat Mar 24, 2007 11:01 am Post subject: Re: [Samba] Can No Longer Join to Domain [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi... Sorry if I was wrong. I just want to ask, did you join the machine (via windows machine) using root account? If it's true, then I guess you have to have samba password for your root. If you have made it before, try to recreate your root's samba password (with smbldap-passwd), then try to join the machine. Let me know if it failed. Regards, sato On 3/24/07, Jason Baker <jbaker DeleteThis @glastender.com> wrote: > > I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. > When I first set everything up, I could join workstations to the domain > automatically with the Windows Network ID Wizard. Now when I try to > join a workstation I get: > > Your computer could not be joined to the domain because the > following error has occurred: > The user name could not be found. > > If I add the computer name to the domain manually from the command line > or with LDAP Account Manager, then go back and join it, it works. But it > sure would be nice not to have to set up each machine manually. Any > thoughts? > > [global] > unix charset = LOCALE > workgroup = glastendernet > netbios name = aster > server string = Glastender Domain Controller running %v > interfaces = eth1, lo > bind interfaces only = yes > os level = 255 > preferred master = yes > local master = yes > domain master = yes > security = user > time server = yes > username map = /etc/samba/smbusers > wins support = yes > encrypt passwords = yes > pam password change = yes > name resolve order = wins bcast hosts > winbind nested groups = no > passdb backend = ldapsam:ldap://127.0.0.1/ > ldap passwd sync = Yes > ldap suffix = dc=glastender,dc=com > ldap admin dn = cn=Manager,dc=glastender,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap://127.0.0.1/ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = yes > add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" > #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" > add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u" > add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g" > #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g" > add user to group script = /etc/smbldap-tools/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" > set primary group script = /etc/smbldap-tools/smbldap-usermod -g > "%g" "%u" > domain logons = yes > log file = /var/log/samba/log.%m > log level = 1 > syslog = 0 > max log size = 50 > #smb ports = 139 445 > smb ports = 139 > hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 > # User profiles and home directories > logon drive = U: > logon path = \\%L\profiles\%U > logon script = %U.bat > large readwrite = no > read raw = no > write raw = no > printcap name = /etc/printcap > load printers = no > printing = > > #=========Shares======= > template shell = /bin/false > winbind use default domain = no > > [homes] > comment = Home Directories > browseable = no > > -- > > Jason Baker > /IT Coordinator/ > > > Glastender Inc. > 5400 North Michigan Road > Saginaw, Michigan 48604 USA > 800.748.0423 > Phone: 989.752.4275 ext. 228 > Fax: 989.752.4444 > www.glastender.com <http://www.glastender.com> > > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? > w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- > r+++ y+++ > ------END GEEK CODE BLOCK------ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

John Drescher
External

Since: Nov 07, 2006
Posts: 90

Posted: Sat Mar 24, 2007 12:01 pm Post subject: Re: [Samba] Can No Longer Join to Domain [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

On 3/23/07, Jason Baker <jbaker RemoveThis @glastender.com> wrote: > I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. > When I first set everything up, I could join workstations to the domain > automatically with the Windows Network ID Wizard. Now when I try to > join a workstation I get: > > Your computer could not be joined to the domain because the > following error has occurred: > The user name could not be found. > > If I add the computer name to the domain manually from the command line > or with LDAP Account Manager, then go back and join it, it works. But it > sure would be nice not to have to set up each machine manually. Any > thoughts? > Nothing helpful from me as I have the same problem but this is this has been how it has always worked for me. I actually thought that was a feature. Thanks for starting the thread. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

Jason Baker
External

Since: Jan 11, 2007
Posts: 62

Posted: Mon Mar 26, 2007 11:02 am Post subject: Re: [Samba] Can No Longer Join to Domain [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

I tried recreating the password and I still get the same error. Jason Baker /IT Coordinator/ Glastender Inc. 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ On 3/24/2007 10:32 AM, sato x wrote: > Hi... > > Sorry if I was wrong. I just want to ask, did you join the machine > (via windows machine) using root account? If it's true, then I guess > you have to have samba password for your root. If you have made it > before, try to recreate your root's samba password (with > smbldap-passwd), then try to join the machine. Let me know if it > failed. > > Regards, > > sato > > On 3/24/07, Jason Baker <jbaker.RemoveThis@glastender.com > <mailto:jbaker@glastender.com>> wrote: > > I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. > When I first set everything up, I could join workstations to the > domain > automatically with the Windows Network ID Wizard. Now when I try to > join a workstation I get: > > Your computer could not be joined to the domain because the > following error has occurred: > The user name could not be found. > > If I add the computer name to the domain manually from the command > line > or with LDAP Account Manager, then go back and join it, it works. > But it > sure would be nice not to have to set up each machine manually. Any > thoughts? > > [global] > unix charset = LOCALE > workgroup = glastendernet > netbios name = aster > server string = Glastender Domain Controller running %v > interfaces = eth1, lo > bind interfaces only = yes > os level = 255 > preferred master = yes > local master = yes > domain master = yes > security = user > time server = yes > username map = /etc/samba/smbusers > wins support = yes > encrypt passwords = yes > pam password change = yes > name resolve order = wins bcast hosts > winbind nested groups = no > passdb backend = ldapsam:ldap://127.0.0.1/ > ldap passwd sync = Yes > ldap suffix = dc=glastender,dc=com > ldap admin dn = cn=Manager,dc=glastender,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap://127.0.0.1/ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = yes > add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" > #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" > add machine script = /etc/smbldap-tools/smbldap-useradd -w > "%u" > add group script = /etc/smbldap-tools/smbldap-groupadd -p > "%g" > #delete group script = /etc/smbldap-tools/smbldap-groupdel > "%g" > add user to group script = /etc/smbldap-tools/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" > set primary group script = > /etc/smbldap-tools/smbldap-usermod -g > "%g" "%u" > domain logons = yes > log file = /var/log/samba/log.%m > log level = 1 > syslog = 0 > max log size = 50 > #smb ports = 139 445 > smb ports = 139 > hosts allow = 127.0.0.1 <http://127.0.0.1> > 172.16.0.0/255.255.0.0 <http://172.16.0.0/255.255.0.0> > # User profiles and home directories > logon drive = U: > logon path = \\%L\profiles\%U > logon script = %U.bat > large readwrite = no > read raw = no > write raw = no > printcap name = /etc/printcap > load printers = no > printing = > > #=========Shares======= > template shell = /bin/false > winbind use default domain = no > > [homes] > comment = Home Directories > browseable = no > > -- > > Jason Baker > /IT Coordinator/ > > > Glastender Inc. > 5400 North Michigan Road > Saginaw, Michigan 48604 USA > 800.748.0423 > Phone: 989.752.4275 ext. 228 > Fax: 989.752.4444 > www.glastender.com <http://www.glastender.com> > <http://www.glastender.com> > > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? > w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- > r+++ y+++ > ------END GEEK CODE BLOCK------ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

Bert_De_Ridder
External

Since: Mar 13, 2007
Posts: 4

Posted: Tue Mar 27, 2007 7:50 am Post subject: Re: [Samba] Can No Longer Join to Domain [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

I don't know it it's going to make a difference, but my "calls" to the smbldap scripts in smb.conf don't have quoted parameters, ie I have the parameters without quotes -> add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/local/sbin/smbldap-useradd -a %u etc... HTH Bert Jason Baker <jbaker RemoveThis @glastender.com> Sent by: samba-bounces+bdr=peopleware.be@lists.samba.org 26/03/2007 16:36 To sato x <garasi9 RemoveThis @gmail.com> cc samba List <samba RemoveThis @lists.samba.org> Subject Re: [Samba] Can No Longer Join to Domain I tried recreating the password and I still get the same error. Jason Baker /IT Coordinator/ Glastender Inc. 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ On 3/24/2007 10:32 AM, sato x wrote: > Hi... > > Sorry if I was wrong. I just want to ask, did you join the machine > (via windows machine) using root account? If it's true, then I guess > you have to have samba password for your root. If you have made it > before, try to recreate your root's samba password (with > smbldap-passwd), then try to join the machine. Let me know if it > failed. > > Regards, > > sato > > On 3/24/07, Jason Baker <jbaker RemoveThis @glastender.com > <mailto:jbaker@glastender.com>> wrote: > > I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. > When I first set everything up, I could join workstations to the > domain > automatically with the Windows Network ID Wizard. Now when I try to > join a workstation I get: > > Your computer could not be joined to the domain because the > following error has occurred: > The user name could not be found. > > If I add the computer name to the domain manually from the command > line > or with LDAP Account Manager, then go back and join it, it works. > But it > sure would be nice not to have to set up each machine manually. Any > thoughts? > > [global] > unix charset = LOCALE > workgroup = glastendernet > netbios name = aster > server string = Glastender Domain Controller running %v > interfaces = eth1, lo > bind interfaces only = yes > os level = 255 > preferred master = yes > local master = yes > domain master = yes > security = user > time server = yes > username map = /etc/samba/smbusers > wins support = yes > encrypt passwords = yes > pam password change = yes > name resolve order = wins bcast hosts > winbind nested groups = no > passdb backend = ldapsam:ldap://127.0.0.1/ > ldap passwd sync = Yes > ldap suffix = dc=glastender,dc=com > ldap admin dn = cn=Manager,dc=glastender,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap://127.0.0.1/ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = yes > add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" > #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" > add machine script = /etc/smbldap-tools/smbldap-useradd -w > "%u" > add group script = /etc/smbldap-tools/smbldap-groupadd -p > "%g" > #delete group script = /etc/smbldap-tools/smbldap-groupdel > "%g" > add user to group script = /etc/smbldap-tools/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" > set primary group script = > /etc/smbldap-tools/smbldap-usermod -g > "%g" "%u" > domain logons = yes > log file = /var/log/samba/log.%m > log level = 1 > syslog = 0 > max log size = 50 > #smb ports = 139 445 > smb ports = 139 > hosts allow = 127.0.0.1 <http://127.0.0.1> > 172.16.0.0/255.255.0.0 <http://172.16.0.0/255.255.0.0> > # User profiles and home directories > logon drive = U: > logon path = \\%L\profiles\%U > logon script = %U.bat > large readwrite = no > read raw = no > write raw = no > printcap name = /etc/printcap > load printers = no > printing = > > #=========Shares======= > template shell = /bin/false > winbind use default domain = no > > [homes] > comment = Home Directories > browseable = no > > -- > > Jason Baker > /IT Coordinator/ > > > Glastender Inc. > 5400 North Michigan Road > Saginaw, Michigan 48604 USA > 800.748.0423 > Phone: 989.752.4275 ext. 228 > Fax: 989.752.4444 > www.glastender.com <http://www.glastender.com> > <http://www.glastender.com> > > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? > w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- > r+++ y+++ > ------END GEEK CODE BLOCK------ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

sato x
External

Since: Nov 14, 2006
Posts: 17

Posted: Wed Mar 28, 2007 8:50 am Post subject: Re: [Samba] Can No Longer Join to Domain [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi Jason, There is another trick: go to Local Area Connection Properties of windows > Tcp/ip properties > Advanced TCP/IP Settings > WINS tab, then add the ip address of your PDC server (assumed it's a wins server either) and in the netbios setting choose "Enable NetBIOS over TCP/IP". Good luck. Regards, sato -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba

Display posts from previous: