[Samba] PDC: Linux Client can't join the domain.

Adam Williams awilliam at mdah.state.ms.us
Thu Apr 30 20:07:14 GMT 2009 

paris$ should not have a SID until it creates it upon joining the 
domain.  you should not have done smbpasswd -a -m paris, so if you did, 
do smbpasswd -x paris\$ and try rejoining.

Alessandro Baggi wrote:
> Hi there. I've a problem with using samba as Primary Domain Controller 
> with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on 
> Debian Lenny.
> When I try to join the domain with a Windows XP Pro Client, all works 
> fine...profiles updating, logon, ecc..but when I try to join the 
> domain with a Linux Client (Slackware 12.1) I get different errors:
>
>
> client:~# net rpc join -U root%password
> Joined Domain DOMINIO.
>
> and in samba log (log.__ffff_10.1.4.85):
>
> [2009/04/30 13:45:42,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
>  get_md4pw: Workstation PARIS$: no account in domain
> [2009/04/30 13:45:42,  0] 
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
>  _netr_ServerAuthenticate2: failed to get machine password for account 
> PARIS$: NT_STATUS_ACCESS_DENIED
>
> and samba add an entry-Computer account for paris$:
>
> # paris$, Computers, DOMINIO
> dn: uid=paris$,ou=Computers,dc=DOMINIO
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: paris$
> uid: paris$
> uidNumber: 2008
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> sambaSID: S-1-5-21-1849485170-1217343015-651458238-1008
> displayName: Computer
> sambaAcctFlags: [W          ]
>
> Then, I try to log out from the client and try login with a user in 
> ldap (I've tried with a PosixAccount and SambaAccount), but it doesn't 
> work.
> If I try again to rejoin the domain, the client side give me: Joined 
> Domain DOMINIO., but samba log (log.__ffff_10.1.4.85) give me:
>
> [2009/04/30 13:48:07,  0] 
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
>  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
> Rejecting auth request from client PARIS machine account PARIS$
>
> and I can't log-in in client side. These problems only when try to 
> join domain from simple Linux client.
> I've also removed the entire ldap db, repopulate, but the problem 
> persist.
>
> This is a client configuration problem or Server PDC configuration 
> problem? Samba? or OpenLDAP?
>
>
> thanks in advance for help.
>

More information about the samba mailing list