TNG 0.7 - can't join domain
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 29 20:09:24 GMT 2000
ok, fantastic: thx 4 help on this, michael.
On Tue, 29 Feb 2000, Michael Breuer wrote:
> Update... I have managed to join the domain... here's how:
>
> 1) I deleted the workstation entry from smbpasswd.
> 2) I recreated the workstation account (rpcclient).
> 3) I deleted and recreated the workstation account for the NT PDC where the workstation
> was currently joined.
> 4) On the NT PDC, I "reset" the computer account in active directory for the samba
> computer
> [Note: There is no current working trust relationship between the systems... I've just
> mounted shares and played with settings]
> 5) I deleted and re-created the "root" account for the samba server.
> 6) I reset the system root password (/etc/passwd) to match the samba password
> 7) I joined the domain using the "root" account. Note that I could not join using any
> other account.
>
> Note: I'm not sure if *all* of these steps were necessary. I had failed attempts to
> join after steps 2, 3, 4 and 6.
>
> Luke Kenneth Casson Leighton wrote:
>
> > damn, damn - ok, i bet the two are related.
> >
> > ok.
> >
> > become_root()
> > ...
> > become_root()
> > ...
> > unbecome_root() - really does unbecome root
> > ...
> > samr_drect_query_userinfo() - fails because it's not root
> > ...
> > unbecome_root() - fails because we're already non-root.
> >
> > dammit.
> >
> > i'm not certain as to how to eliminate this, because according to some
> > people we should _only_ be running as root, which is a security risk if we
> > do it at the moment because there is no checking otheerwise on file access
> > inside the msrpc code.
> >
> > i could "fix" this by doing an increment on become_root() instead of
> > root_depth = 1 do root_depth++...
> >
> > > Looks like 0018 status : c0000017 (both smb and netlogon)
> > >
> > > The smb log also contains ERROR: unbecome root depth is 0 (from lib/set_uid.c:354).
> > >
> > > Luke Kenneth Casson Leighton wrote:
> > >
> > > > On Tue, 29 Feb 2000, Michael Breuer wrote:
> > > >
> > > > > Ok... sorry.
> > > >
> > > > no problem.
> > > >
> > > > > First, let me note that with the same machines & configuration I was
> > > > > able to join the domain in 0.5. That said... I installed 0.7 and
> > > > > selected "network identity" on a W2K workstation. I entered the name
> > > > > of the samba domain and hit "OK." When prompted for the
> > > > > userid/password of a user authorized to join the machine to the
> > > > > domain, I entered the samba administrator id and password
> > > > > (Administrator). According to the logs, the "credentials" were 'null'
> > > > > and the ID mapped to root (uid=0). I tried a different account (also
> > > > > with administrator access to both the ws and samba --- and with same
> > > > > passwords). Same message. For fun, I added "root" to smbpasswd (with
> > > > > samedit) and set the password to match the root password of the unix
> > > > > system. Also no luck.
> > > >
> > > > hmm.... ok, 'cos i'm doing exactly that, and it works. hmm: can you take
> > > > a look in the logs, at level 100, for "status: C000" or maybe
> > > > "status:c0000"?
> > > >
> > > > this last error code will say what's failing. then let me know what you
> > > > think it might be, from the info proceeding the error-status-code.
> > > >
> > > > thx.
> > >
> >
> > <a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
> > <a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
> > <a href=" http://samba.org" > Samba Web site </a>
> > <a href=" http://www.iss.net" > Internet Security Systems, Inc. </a>
> > <a href=" http://mcp.com" > Macmillan Technical Publishing </a>
> >
> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>
<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
<a href=" http://samba.org" > Samba Web site </a>
<a href=" http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list