TNG 0.7 - can't join domain

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Feb 29 20:09:24 GMT 2000 

ok, fantastic: thx 4 help on this, michael.

On Tue, 29 Feb 2000, Michael Breuer wrote:

> Update... I have managed to join the domain... here's how:
> 
> 1) I deleted the workstation entry from smbpasswd.
> 2) I recreated the workstation account (rpcclient).
> 3) I deleted and recreated the workstation account for the NT PDC where the workstation
> was currently joined.
> 4) On the NT PDC, I "reset" the computer account in active directory for the samba
> computer
> [Note: There is no current working trust relationship between the systems... I've just
> mounted shares and played with settings]
> 5) I deleted and re-created the "root" account for the samba server.
> 6) I reset the system root password (/etc/passwd) to match the samba password
> 7) I joined the domain using the "root" account.  Note that I could not join using any
> other account.
> 
> Note: I'm not sure if *all* of these steps were necessary.  I had failed attempts to
> join after steps 2, 3, 4 and 6.
> 
> Luke Kenneth Casson Leighton wrote:
> 
> > damn, damn - ok, i bet the two are related.
> >
> > ok.
> >
> > become_root()
> > ...
> > become_root()
> > ...
> > unbecome_root() - really does unbecome root
> > ...
> > samr_drect_query_userinfo() - fails because it's not root
> > ...
> > unbecome_root() - fails because we're already non-root.
> >
> > dammit.
> >
> > i'm not certain as to how to eliminate this, because according to some
> > people we should _only_ be running as root, which is a security risk if we
> > do it at the moment because there is no checking otheerwise on file access
> > inside the msrpc code.
> >
> > i could "fix" this by doing an increment on become_root() instead of
> > root_depth = 1 do root_depth++...
> >
> > > Looks like 0018 status : c0000017 (both smb and netlogon)
> > >
> > > The smb log also contains ERROR: unbecome root depth is 0 (from lib/set_uid.c:354).
> > >
> > > Luke Kenneth Casson Leighton wrote:
> > >
> > > > On Tue, 29 Feb 2000, Michael Breuer wrote:
> > > >
> > > > > Ok... sorry.
> > > >
> > > > no problem.
> > > >
> > > > > First, let me note that with the same machines & configuration I was
> > > > > able to join the domain in 0.5. That said... I installed 0.7 and
> > > > > selected "network identity" on a W2K workstation.  I entered the name
> > > > > of the samba domain and hit "OK."  When prompted for the
> > > > > userid/password of a user authorized to join the machine to the
> > > > > domain, I entered the samba administrator id and password
> > > > > (Administrator).  According to the logs, the "credentials" were 'null'
> > > > > and the ID mapped to root (uid=0).  I tried a different account (also
> > > > > with administrator access to both the ws and samba --- and with same
> > > > > passwords).  Same message.  For fun, I added "root" to smbpasswd (with
> > > > > samedit) and set the password to match the root password of the unix
> > > > > system.  Also no luck.
> > > >
> > > > hmm.... ok, 'cos i'm doing exactly that, and it works.  hmm: can you take
> > > > a look in the logs, at level 100, for "status: C000" or maybe
> > > > "status:c0000"?
> > > >
> > > > this last error code will say what's failing.  then let me know what you
> > > > think it might be, from the info proceeding the error-status-code.
> > > >
> > > > thx.
> > >
> >
> > <a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
> > <a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
> > <a href=" http://samba.org"      > Samba Web site                  </a>
> > <a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
> > <a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
> >
> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
> 

<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
<a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
<a href=" http://samba.org"      > Samba Web site                  </a>
<a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
 
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list