[Samba] Can't join to domain, Google-fu has failed me
Richard Gellman
splodge at starfleet-net.co.uk
Thu Apr 9 17:43:18 GMT 2009
Hi,
I've been using Samba for years as a domain controller without issue,
but this has stumped me.
I've set up Windows Vista Enterprise SP1 on a Virtual PC. Samba is
running on a Gentoo Linux box as version 3.3.3. I can access shares
without issue, but I can't get the machine to join the domain. When it
tries it shows "The parameter is incorrect".
Delving into C:\Windows\Debug\NetSetup.LOG shows that it creates the
machine account successfully, sets a password for it, then gets to the
point of configuring itself to be a domain member, and then fails with
error code 0x57. At this point it disables the machine account for itself.
The relevant section of NetSetup.LOG is shown below. Everything I read
on t'internet suggests that this should work without problems. I've
tried setting the security option to NTLM, changing the compatibility
mode value, almost everything I can find, but still no joy.
I'd post the smbd -d 10 log, but from what I can see nothing errors on
the Samba side, Windows just gives up. I'm hoping that there's something
I can configure, patch that can be applied etc that causes some kind of
different response that Windows will accept.
Does anyone have any ideas? Let me know if there's anything useful I can
give you from the -d 10 log. There's a lot of stuff there (mostly
routine stuff) so let me know what sort of thing you're looking for and
I'll gladly post it.
I should point out the password backend is OpenLDAP. As stated, no other
machine I've joined to this domain has ever had issues.
Regards
Richard Gellman
-- NetSetup.LOG --
04/09/2009 18:32:34:458 NetpValidateName: checking to see if 'STARFLEET'
is valid as type 3 name
04/09/2009 18:32:34:559 NetpCheckDomainNameIsValid [ Exists ] for
'STARFLEET' returned 0x0
04/09/2009 18:32:34:559 NetpValidateName: name 'STARFLEET' is valid for
type 3
04/09/2009 18:32:34:559 NetpDsGetDcName: trying to find DC in domain
'STARFLEET', flags: 0x40001010
04/09/2009 18:32:34:559 NetpDsGetDcName: found DC '\\RELIANT' in the
specified domain
04/09/2009 18:32:34:559 NetpJoinDomain: status of connecting to dc
'\\RELIANT': 0x0
04/09/2009 18:32:34:709 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:34:709 NetpGetNt4RefusePasswordChangeStatus: trying to
read from '\\RELIANT'
04/09/2009 18:32:35:039 NetpGetNt4RefusePasswordChangeStatus:
RefusePasswordChange == 0
04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
04/09/2009 18:32:35:099 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
04/09/2009 18:32:35:530 NetpManageMachineAccountWithSid: NetUserAdd on
'\\RELIANT' for 'VOYAGER$' failed: 0x8b0
04/09/2009 18:32:36:171 NetpManageMachineAccountWithSid: status of
attempting to set password on '\\RELIANT' for 'VOYAGER$': 0x0
04/09/2009 18:32:36:171 NetpJoinDomain: status of creating account: 0x0
04/09/2009 18:32:36:171 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:36:181 NetpSetLsaPrimaryDomain: for 'STARFLEET' status:
0xc000000d
04/09/2009 18:32:36:181 NetpJoinDomain: status of setting LSA pri.
domain: 0x57
04/09/2009 18:32:36:181 NetpJoinDomain: initiaing a rollback due to
earlier errors
04/09/2009 18:32:36:281 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:36:652 NetpManageMachineAccountWithSid: status of
disabling account 'VOYAGER$' on '\\RELIANT': 0x0
04/09/2009 18:32:36:652 NetpJoinDomain: rollback: status of deleting
computer account: 0x0
04/09/2009 18:32:36:652 NetpLsaOpenSecret: status: 0x0
04/09/2009 18:32:36:672 NetpJoinDomain: rollback: status of deleting
secret: 0x0
04/09/2009 18:32:36:692 NetpJoinDomain: status of disconnecting from
'\\RELIANT': 0x0
04/09/2009 18:32:36:692 NetpDoDomainJoin: status: 0x57
More information about the samba
mailing list