[Samba] cannot add new machines to domain - Samba

This is a discussion on [Samba] cannot add new machines to domain - Samba ; Hi, i have running samba with ldap as a PDC. The PDC works fine, except adding new computer to the domain. The Computer how was added 2-3 Years ago works fine, but i cannot add new PCs to the domain. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] cannot add new machines to domain

  1. [Samba] cannot add new machines to domain

    Hi,

    i have running samba with ldap as a PDC. The PDC works fine, except
    adding new computer to the domain. The Computer how was added 2-3 Years
    ago works fine, but i cannot add new PCs to the domain.

    The samba log says to remove the paramtere 'algorithmic rid base' and
    use 'net groupmap add' and 'net setmaxrid'. The command "net setmaxrid"
    is not existent.

    For me it is important to add the new PCs to the Domain. So is there any
    way to add the PCs on Server side? Or any other workaround - it does not
    matter how.

    I hope you can help me!


    log.smb:
    [2008/05/28 09:57:15, 0] passdb/pdb_interface.cdb_new_rid(1072)
    'algorithmic rid base' is set but a passdb backend without
    algorithmic RIDs is chosen.
    Please map all used groups using 'net groupmap add', set the maximum
    used RID using
    'net setmaxrid' and remove the parameter


    smb.conf:
    [global]
    workgroup = FAB
    server string = zeus
    interfaces = 195.72.98.12/255.255.255.240,
    10.14.45.12/255.255.255.0
    map to guest = Bad User
    passdb backend = ldapsam
    algorithmic rid base = 5000
    log level = 1
    log file = /var/log/log.smb
    smb ports = 139
    name resolve order = wins hosts bcast lmhosts
    time server = Yes
    deadtime = 15
    socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
    printcap name = cups
    add user script = ldapsmb -a -u "%u"
    delete user script = ldapsmb -d -u "%u"
    add group script = ldapsmb -a -g "%g"
    delete group script = ldapsmb -d -g "%g"
    add user to group script = ldapsmb -j -u "%u" -g "%g"
    delete user from group script = ldapsmb -r -u "%u" -g "%g"
    set primary group script = ldapsmb -m -u "%u" -gid "%g"
    add machine script = ldapsmb -a -w "%u" -gid 515
    logon script = kix32 fab_login.scr
    logon path = \\%L\profiles\%U
    logon drive = h:
    domain logons = Yes
    os level = 65
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=People
    ldap passwd sync = Yes
    ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
    ldap ssl = no
    ldap user suffix = ou=People
    admin users = @ntadmin, root
    hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45.,
    10.14.43., 10.14.44., 10.10.57.
    printing = cups
    print command =
    lpq command = %p
    lprm command = /usr/bin/lprm -P%p %j
    veto files = /*.eml/*.nws/riched20.dll/*.{*}/


    SW:
    Opensuse 10.3 64bit
    Samba 3.0.26a
    Openldap: 2.3.37




    Best regards,

    - David Böhm

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  2. Re: [Samba] cannot add new machines to domain

    > No prob It didn't show up because it's a default value in later
    > versions of Samba and as I recall, testparm only outputs non-defaults.
    > I'm sure we'll get this, although I have to be honest and tell you I
    > haven't used LDAP (yet) as a backend.
    >
    > If you run the add machine script as root on the server, does it work
    > correctly?
    >
    > Rubin
    >


    Yes the script works fine. The machine will be created in ldap but
    without any samba attributes (no sid,..).

    I also allready tried just to comment the parameter "algorithmic rid
    base = 5000". But if i do that samba doesn't start anymore. The log
    reportes, that i changed that parameter and after that core dump:

    [2008/05/28 09:55:03, 0] passdb/pdb_ldap.cdb_init_ldapsam(5733)
    The value of 'algorithmic RID base' has changed since the LDAP
    database was initialised. Aborting.
    [2008/05/28 09:55:03, 0] passdb/pdb_interface.c:make_pdb_method_name(146)
    pdb backend ldapsam:ldap://localhost:389 did not correctly init
    (error was NT_STATUS_UNSUCCESSFUL)
    [2008/05/28 09:55:03, 0] lib/util.c:smb_panic(1632)
    PANIC (pid 7067): pdb_get_methods_reload: failed to get pdb methods
    for backend ldapsam:ldap://localhost:389

    [2008/05/28 09:55:03, 0] lib/util.c:log_stack_trace(1736)
    BACKTRACE: 7 stack frames:
    #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x55555578186c]
    #1 /usr/sbin/smbd(smb_panic+0x43) [0x555555781953]
    #2 /usr/sbin/smbd [0x55555573c815]
    #3 /usr/sbin/smbd(initialize_password_db+0x9) [0x55555573c849]
    #4 /usr/sbin/smbd(main+0x59b) [0x5555558369ab]
    #5 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b0c8832db54]
    #6 /usr/sbin/smbd [0x5555555c6259]
    [2008/05/28 09:55:03, 0] lib/fault.c:dump_core(181)
    dumping core in /var/log/samba/cores/smbd
    [2008/05/28 09:55:54, 1] smbd/service.c:make_connection_snum(1033)


    Btw, it don't realy know why need this parameter. I thought the
    association between UID and SID happends in ldap.

    Thx

    - David


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  3. Re: [Samba] cannot add new machines to domain - Stumped

    On Fri, 2008-05-30 at 08:19 +0200, David Böhm wrote:
    > > No prob It didn't show up because it's a default value in later
    > > versions of Samba and as I recall, testparm only outputs non-defaults.
    > > I'm sure we'll get this, although I have to be honest and tell you I
    > > haven't used LDAP (yet) as a backend.
    > >
    > > If you run the add machine script as root on the server, does it work
    > > correctly?
    > >
    > > Rubin
    > >

    >
    > Yes the script works fine. The machine will be created in ldap but
    > without any samba attributes (no sid,..).
    >
    > I also allready tried just to comment the parameter "algorithmic rid
    > base = 5000". But if i do that samba doesn't start anymore. The log
    > reportes, that i changed that parameter and after that core dump:
    >
    > [2008/05/28 09:55:03, 0] passdb/pdb_ldap.cdb_init_ldapsam(5733)
    > The value of 'algorithmic RID base' has changed since the LDAP
    > database was initialised. Aborting.
    > [2008/05/28 09:55:03, 0] passdb/pdb_interface.c:make_pdb_method_name(146)
    > pdb backend ldapsam:ldap://localhost:389 did not correctly init
    > (error was NT_STATUS_UNSUCCESSFUL)
    > [2008/05/28 09:55:03, 0] lib/util.c:smb_panic(1632)
    > PANIC (pid 7067): pdb_get_methods_reload: failed to get pdb methods
    > for backend ldapsam:ldap://localhost:389
    >
    > [2008/05/28 09:55:03, 0] lib/util.c:log_stack_trace(1736)
    > BACKTRACE: 7 stack frames:
    > #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x55555578186c]
    > #1 /usr/sbin/smbd(smb_panic+0x43) [0x555555781953]
    > #2 /usr/sbin/smbd [0x55555573c815]
    > #3 /usr/sbin/smbd(initialize_password_db+0x9) [0x55555573c849]
    > #4 /usr/sbin/smbd(main+0x59b) [0x5555558369ab]
    > #5 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b0c8832db54]
    > #6 /usr/sbin/smbd [0x5555555c6259]
    > [2008/05/28 09:55:03, 0] lib/fault.c:dump_core(181)
    > dumping core in /var/log/samba/cores/smbd
    > [2008/05/28 09:55:54, 1] smbd/service.c:make_connection_snum(1033)
    >
    >
    > Btw, it don't realy know why need this parameter. I thought the
    > association between UID and SID happends in ldap.
    >
    > Thx
    >
    > - David
    >
    >

    Unfortunately at this point you've gone beyone my experience with Samba
    running against an LDAP backend. Does anyone else out there have advice
    for David?

    Thanks
    Rubin
    --
    Rubin Bennett
    RB Technologies
    http://thatitguy.com
    rbennett@thatitguy.com
    (802)223-4448

    "They that can give up essential liberty to obtain a little
    temporary security deserve neither liberty nor safety"
    --Benjamin Franklin, Historical Review of Pennsylvania, 1759


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


+ Reply to Thread