TNG 0.7 - can't join domain

Michael Breuer mbreuer at siac.com
Tue Feb 29 19:19:23 GMT 2000 

Update... I have managed to join the domain... here's how:

1) I deleted the workstation entry from smbpasswd.
2) I recreated the workstation account (rpcclient).
3) I deleted and recreated the workstation account for the NT PDC where the workstation
was currently joined.
4) On the NT PDC, I "reset" the computer account in active directory for the samba
computer
[Note: There is no current working trust relationship between the systems... I've just
mounted shares and played with settings]
5) I deleted and re-created the "root" account for the samba server.
6) I reset the system root password (/etc/passwd) to match the samba password
7) I joined the domain using the "root" account.  Note that I could not join using any
other account.

Note: I'm not sure if *all* of these steps were necessary.  I had failed attempts to
join after steps 2, 3, 4 and 6.

Luke Kenneth Casson Leighton wrote:

> damn, damn - ok, i bet the two are related.
>
> ok.
>
> become_root()
> ...
> become_root()
> ...
> unbecome_root() - really does unbecome root
> ...
> samr_drect_query_userinfo() - fails because it's not root
> ...
> unbecome_root() - fails because we're already non-root.
>
> dammit.
>
> i'm not certain as to how to eliminate this, because according to some
> people we should _only_ be running as root, which is a security risk if we
> do it at the moment because there is no checking otheerwise on file access
> inside the msrpc code.
>
> i could "fix" this by doing an increment on become_root() instead of
> root_depth = 1 do root_depth++...
>
> > Looks like 0018 status : c0000017 (both smb and netlogon)
> >
> > The smb log also contains ERROR: unbecome root depth is 0 (from lib/set_uid.c:354).
> >
> > Luke Kenneth Casson Leighton wrote:
> >
> > > On Tue, 29 Feb 2000, Michael Breuer wrote:
> > >
> > > > Ok... sorry.
> > >
> > > no problem.
> > >
> > > > First, let me note that with the same machines & configuration I was
> > > > able to join the domain in 0.5. That said... I installed 0.7 and
> > > > selected "network identity" on a W2K workstation.  I entered the name
> > > > of the samba domain and hit "OK."  When prompted for the
> > > > userid/password of a user authorized to join the machine to the
> > > > domain, I entered the samba administrator id and password
> > > > (Administrator).  According to the logs, the "credentials" were 'null'
> > > > and the ID mapped to root (uid=0).  I tried a different account (also
> > > > with administrator access to both the ws and samba --- and with same
> > > > passwords).  Same message.  For fun, I added "root" to smbpasswd (with
> > > > samedit) and set the password to match the root password of the unix
> > > > system.  Also no luck.
> > >
> > > hmm.... ok, 'cos i'm doing exactly that, and it works.  hmm: can you take
> > > a look in the logs, at level 100, for "status: C000" or maybe
> > > "status:c0000"?
> > >
> > > this last error code will say what's failing.  then let me know what you
> > > think it might be, from the info proceeding the error-status-code.
> > >
> > > thx.
> >
>
> <a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
> <a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
> <a href=" http://samba.org"      > Samba Web site                  </a>
> <a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
> <a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
>
> ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list