Add Machine to Domain failed using NT4SP6-Wrk

Joshua Preston joshua at prestoncentral.com
Thu Mar 30 13:01:02 GMT 2006 

Andreas,

We've successfully used NT4SP6 with Samba 3.0.21c.  As far as your  
error goes, are you able to add non-NT4 machines to the domain?  We  
had an issue where non-root users were not able to join the machines  
to the domain, but then again, I think we may have precreated the  
machine account for the NT4 boxes.  Have you tried to create the LDAP  
account for the NT4 machine yet prior to adding it to the domain?

Thanks,

Joshua Preston.
--

The knack of flying is learning how to throw yourself at the ground  
and miss.

--Hitchhikers Guide to the Galaxy


Joshua Preston
joshua at prestoncentral.com



On Mar 30, 2006, at 2:41 AM, A. Pohl wrote:

> Hi all,
>
> I'm testing Samba3.0.21c with OpenLDAP/IDEALX-Scripts. When I add a  
> WinNT4 machine to the domain I get an error "The computer
> account doesn't exists...". The same with a WinXP machine has no  
> problems.
> Here is a piece of client-log:
>
> for NT4:
> [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2006/03/30 09:26:36, 3] smbd/uid.c:push_conn_ctx(393)
>   push_conn_ctx(100) : conn_ctx_stack_ndx = 1
> [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2006/03/30 09:26:36, 5] auth/auth_util.c:debug_nt_user_token(433)
>   NT user token: (NULL)
> [2006/03/30 09:26:36, 5] auth/auth_util.c:debug_unix_user_token(454)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/03/30 09:26:36, 5] lib/smbldap.c:smbldap_search_ext(1099)
>   smbldap_search_ext: base => [ou=Groups,dc=IMUede,dc=de], filter  
> => [(&(objectC
> lass=sambaGroupMapping) 
> (sambaSID=S-1-5-21-2134219367-4279175790-25907577-513))],
>  scope => [2]
> [2006/03/30 09:26:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(2202)
>   init_group_from_ldap: Entry found for group: 513
> [2006/03/30 09:26:36, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/03/30 09:26:37, 3] groupdb/mapping.c:smb_set_primary_group(1041)
>   smb_set_primary_group: Running the command `/opt/IDEALX/sbin/ 
> smbldap-usermod -
> g "Domain Users" "testus$"' gave 0
> [2006/03/30 09:26:37, 4] passdb/ 
> pdb_ldap.c:ldapsam_update_sam_account(1846)
>   ldapsam_update_sam_account: user testus$ to be modified has dn:  
> uid=testus$,ou
> =Computers,dc=IMUede,dc=de
> [2006/03/30 09:26:37, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
>   init_ldap_from_sam: Setting entry for user: testus$
> [2006/03/30 09:26:37, 5] lib/smbldap.c:smbldap_modify(1273)
>   smbldap_modify: dn => [uid=testus$,ou=Computers,dc=IMUede,dc=de]
> [2006/03/30 09:26:37, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1648)
>   ldapsam_modify_entry: Failed to modify user dn= uid=testus 
> $,ou=Computers,dc=IM
> Uede,dc=de with: No such attribute
>         modify/delete: sambaPrimaryGroupSID: no such value
> [2006/03/30 09:26:37, 0] passdb/ 
> pdb_ldap.c:ldapsam_update_sam_account(1873)
>   ldapsam_update_sam_account: failed to modify user with uid =  
> testus$, error: m
> odify/delete: sambaPrimaryGroupSID: no such value (Success)
> [2006/03/30 09:26:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 samr_io_r_set_userinfo
> [2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)
>       0000 status: NT_STATUS_ACCESS_DENIED
> [2006/03/30 09:26:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277)
>   api_rpcTNP: called samr successfully
>
>
> the same with WinXP:
>
> [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_search_ext(1099)
>   smbldap_search_ext: base => [dc=IMUede,dc=de], filter => [(& 
> (sambaSID=S-1-5-21
> -2134219367-4279175790-25907577-3066) 
> (objectclass=sambaSamAccount))], scope => [
> 2]
> [2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>   init_sam_from_ldap: Entry found for user: testus1$
> [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo 
> (3258)
>   _samr_set_userinfo:  does possess sufficient rights
> [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/03/29 16:16:06, 3] smbd/uid.c:push_conn_ctx(393)
>   push_conn_ctx(101) : conn_ctx_stack_ndx = 0
> [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_nt_user_token(433)
>   NT user token: (NULL)
> [2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23 
> (3079)
>   Attempting administrator password change (level 23) for user  
> testus1$
> [2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23 
> (3099)
>   Changing trust account or non-unix-user password, not updating / 
> etc/passwd
> [2006/03/29 16:16:06, 4] passdb/ 
> pdb_ldap.c:ldapsam_update_sam_account(1846)
>   ldapsam_update_sam_account: user testus1$ to be modified has dn:  
> uid=testus1$,
> ou=Computers,dc=IMUede,dc=de
> [2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
>   init_ldap_from_sam: Setting entry for user: testus1$
> [2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_modify(1273)
>   smbldap_modify: dn => [uid=testus1$,ou=Computers,dc=IMUede,dc=de]
> [2006/03/29 16:16:06, 2] passdb/ 
> pdb_ldap.c:ldapsam_update_sam_account(1879)
>   ldapsam_update_sam_account: successfully modified uid = testus1$  
> in the LDAP d
> atabase
> [2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
>   000000 samr_io_r_set_userinfo
> [2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)
>
> Can someone test it against NT4? What is wrong? Is it impossible to  
> use NT4 with Samba3?
>
> Thanks,
>
> Andreas Pohl
> pohl at vegu.de
> --------------------------------------------------
> INTERMET Ueckermünde
> D-17373 Ueckermünde, Eggesiner Str. 11
> Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210
>

More information about the samba-technical mailing list