[Samba] 'net rpc join -U Administrator' on Samba + LDAP PDC

Craig White craigwhite at azapple.com
Sun Jul 11 06:11:10 GMT 2004 

On Sat, 2004-07-10 at 22:54, abebe lsslp wrote:
> I am having trouble joining a Samba + LDAP PDC. Here
> are the steps I took and the results I have received. 
> 
> General Information:
> . Fedora Core 1 machine
> . Samba 3.0.0
> . Openldap 2.1.22-8
> . Netbios Name: EAGLEX
> . Domain name: AGUILAS 
> 
> Symptoms:
> Step 1:
> [root at eaglex root]# net rpc join
> -UAdministrator%xxxxxx 
> The username or password was not correct.
> 
> '/var/log/messages':
> Jul 10 12:30:47 eaglex smbd[9253]: [2004/07/10
> 12:30:47, 0] rpc_server/srv_netlog_nt.c:get_md4pw(201)
> Jul 10 12:30:47 eaglex smbd[9253]:   get_md4pw:
> Workstation EAGLEX$: no account in domain
> 
> Step 2:
> [root at eaglex root]#smbldap-useradd -w EAGLEX$
> [root at eaglex root]#
> 
> Step 3: repeated step 1. Same problem
> 
> Step 4:
> [root at eaglex root]# net rpc join -U root%xxxxxx
> Create of workstation account failed
> Unable to join domain AGUILAS
> 
> Step 5:
> [root at eaglex root]# pdbedit -L -v Administrator
> Unix username:        Administrator
> NT username:          Administrator
> Account Flags:        [U          ]
> User SID:            
> S-1-5-21-952094410-1508517273-1204454084-2996
> Primary Group SID:   
> S-1-5-21-952094410-1508517273-1204454084-512
> Full Name:            Administrator
> Home Directory:       \\EAGLEX\home\%U
> HomeDir Drive:        H:
> Logon Script:         logon.bat
> Profile Path:
> Domain:               AGUILAS
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
> Password last set:    Sat, 10 Jul 2004 11:39:00 GMT
> Password can change:  Sat, 10 Jul 2004 11:39:00 GMT
> Password must change: Mon, 18 Jan 2038 21:14:07 GMT
> 
> I have also tried everything on Google group ([samba]
> "The username or password was not correct"). Nobody
> really offered any real solution. I am sure for those
> of you who have encountered this problem before
> already know the symptoms and hopefully the solutions
> as well. I am begging for help. I have been working on
> this thing for the last 3 weeks now.:(
----
It's so much easier to have LDAP working and understood prior to
integration with samba.

#1 what does...
ldapsearch -x -h localhost -D 'binddn' -W '(uid=Administrator)'
give you (replace binddn with your binddn)

#2 if uidNumber of Administrator is not 0, you will probably have to use
root to add new users/machines (make sure that root has SambaSamAccount
in this case)

#3 Much easier to join domain directly from an NT/Win2K/XP Professional
machine. (see note 2)

#4 upgrade samba - samba/fedora core 1 is up to 3.0.4

#5 if EAGLEX is the PDC, it doesn't need to join domain

Craig

More information about the samba mailing list