Can't join Vista SP1 to domain

strucke1 strucke1 at arts.ohio-state.edu
Fri Apr 17 03:08:12 GMT 2009 

you know, i feel like there is a security setting in a local policy on
vista that you have to change to get it to talk to a samba server, but it's
late atm and i don't have access to any of my documentation.  i'll try to
look it up tomorrow.  does that help at all??!


ws


On Thu, 16 Apr 2009 23:29:31 +0200, Guenther Deschner <gd at samba.org> wrote:
> Richard Gellman wrote:
>> I originally posted this to samba at lists.samba.org, but having not had
>> even so much as an acknowledgement of my existence, I thought I'd try
>> here......
>> 
>> -- Richard
>> 
>> 
>> 
>> Hi,
>> 
>> I've been using Samba for years as a domain controller without issue,
>> but this has stumped me.
>> 
>> I've set up Windows Vista Enterprise SP1 on a Virtual PC. Samba is
>> running on a Gentoo Linux box as version 3.3.3. I can access shares
>> without issue, but I can't get the machine to join the domain. When it
>> tries it shows "The parameter is incorrect".
>> 
>> Delving into C:\Windows\Debug\NetSetup.LOG shows that it creates the
>> machine account successfully, sets a password for it, then gets to the
>> point of configuring itself to be a domain member, and then fails with
>> error code 0x57. At this point it disables the machine account for
>> itself.
>> 
>> The relevant section of NetSetup.LOG is shown below. Everything I read
>> on t'internet suggests that this should work without problems. I've
>> tried setting the security option to NTLM, changing the compatibility
>> mode value, almost everything I can find, but still no joy.
>> 
>> I'd post the smbd -d 10 log, but from what I can see nothing errors on
>> the Samba side, Windows just gives up. I'm hoping that there's something
>> I can configure, patch that can be applied etc that causes some kind of
>> different response that Windows will accept.
>> 
>> Does anyone have any ideas? Let me know if there's anything useful I can
>> give you from the -d 10 log. There's a lot of stuff there (mostly
>> routine stuff) so let me know what sort of thing you're looking for and
>> I'll gladly post it.
>> 
>> I should point out the password backend is OpenLDAP. As stated, no other
>> machine I've joined to this domain has ever had issues.
>> 
>> Regards
>> 
>> Richard Gellman
>> 
>> -- NetSetup.LOG --
>> 
>> 04/09/2009 18:32:34:458 NetpValidateName: checking to see if 'STARFLEET'
>> is valid as type 3 name
>> 04/09/2009 18:32:34:559 NetpCheckDomainNameIsValid [ Exists ] for
>> 'STARFLEET' returned 0x0
>> 04/09/2009 18:32:34:559 NetpValidateName: name 'STARFLEET' is valid for
>> type 3
>> 04/09/2009 18:32:34:559 NetpDsGetDcName: trying to find DC in domain
>> 'STARFLEET', flags: 0x40001010
>> 04/09/2009 18:32:34:559 NetpDsGetDcName: found DC '\\RELIANT' in the
>> specified domain
>> 04/09/2009 18:32:34:559 NetpJoinDomain: status of connecting to dc
>> '\\RELIANT': 0x0
>> 04/09/2009 18:32:34:709 NetpGetLsaPrimaryDomain: status: 0x0
>> 04/09/2009 18:32:34:709 NetpGetNt4RefusePasswordChangeStatus: trying to
>> read from '\\RELIANT'
>> 04/09/2009 18:32:35:039 NetpGetNt4RefusePasswordChangeStatus:
>> RefusePasswordChange == 0
>> 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
>> 04/09/2009 18:32:35:099 NetpGetLsaPrimaryDomain: status: 0x0
>> 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
>> 04/09/2009 18:32:35:530 NetpManageMachineAccountWithSid: NetUserAdd on
>> '\\RELIANT' for 'VOYAGER$' failed: 0x8b0
>> 04/09/2009 18:32:36:171 NetpManageMachineAccountWithSid: status of
>> attempting to set password on '\\RELIANT' for 'VOYAGER$': 0x0
>> 04/09/2009 18:32:36:171 NetpJoinDomain: status of creating account: 0x0
>> 04/09/2009 18:32:36:171 NetpGetLsaPrimaryDomain: status: 0x0
>> 04/09/2009 18:32:36:181 NetpSetLsaPrimaryDomain: for 'STARFLEET' status:
>> 0xc000000d
>> 04/09/2009 18:32:36:181 NetpJoinDomain: status of setting LSA pri.
>> domain: 0x57
>> 04/09/2009 18:32:36:181 NetpJoinDomain: initiaing a rollback due to
>> earlier errors
>> 04/09/2009 18:32:36:281 NetpGetLsaPrimaryDomain: status: 0x0
>> 04/09/2009 18:32:36:652 NetpManageMachineAccountWithSid: status of
>> disabling account 'VOYAGER$' on '\\RELIANT': 0x0
>> 04/09/2009 18:32:36:652 NetpJoinDomain: rollback: status of deleting
>> computer account: 0x0
>> 04/09/2009 18:32:36:652 NetpLsaOpenSecret: status: 0x0
>> 04/09/2009 18:32:36:672 NetpJoinDomain: rollback: status of deleting
>> secret: 0x0
>> 04/09/2009 18:32:36:692 NetpJoinDomain: status of disconnecting from
>> '\\RELIANT': 0x0
>> 04/09/2009 18:32:36:692 NetpDoDomainJoin: status: 0x57
> 
> Do you have or can you please provide a log level 10 log.smbd from this
> error ? Also: please open a bug on this at http://bugzilla.samba.org so
> that we can track this.
> 
> Thanks,
> 
> Guenther

More information about the samba-technical mailing list