smbpasswd -j DOMAIN fails strangely!
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Jan 25 22:28:22 GMT 2000
please can you track down the cause of the \PIPE\NETLOGO cli_nt_create
failure?
are you running netlogond?
is there a connection attempt shown in log.NETLOGON (debug level 100)?
On Wed, 26 Jan 2000, Quicker than the human eye wrote:
>
> My setup is rather simple. Two NT workstations WISDOM and JUSTICE
> (10.10.0.3 and 10.10.0.3) and a Samba server TRUTH running Linux RH6.0
> (with appropriate updates!) at 10.10.0.1
>
> When attempting to get TRUTH to act like a PDC. I have the requisite
> smb.conf options:
>
> [global]
> workgroup = VIRTUE
> netbios name = TRUTH
> interfaces = 10.10.0.1/16
> local master = yes
> domain master = yes
> preferred master = yes
> domain logons = yes
> wins support = yes
> encrypt passwords = yes
> smb passwd file = /opt/samba-tng/private/smbpasswd
> security = user
>
> I can add an account for TRUTH fine.
>
> /opt/samba-tng/bin/smbpasswd -a -m TRUTH
>
> returns:
>
> Added user TRUTH$.
> Password changed for user TRUTH$
>
> However :
>
> /opt/samba-tng/bin/smbpasswd -j VIRTUE
>
> returns:
>
> Joining Domain as PDC
> trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac
> trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac
> do_reseed: got 40 bytes from /dev/urandom.
> cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON
> copy_nt_creds: null creds
> cli_net_use_add
> copy_nt_creds: user domain nopw Yes flgs: 0
> cli_find: \\TRUTH
> copy_nt_creds: null creds
> cli_init_creds: ntlmssp_flgs: 0
> copy_nt_creds: user domain nopw Yes flgs: 0
> cli_init_creds: ntlmssp_flgs: 0
> resolve_srv_name: \\TRUTH resolve_name:
> Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts
> file /opt/samba-tng/lib/lmhosts. Error was No s uch file or directory
> resolve_name: Attempting host lookup for name TRUTH
> cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) -
> [] wi th NTLMv1, nopw: Yes
> socket open succeeded. file name: /tmp/.smb.0/agent
> socket connect to /tmp/.smb.0/agent failed: Connection refused
> redirect FAILED, make direct connection
> Connecting to 10.10.0.1 at port 445
> error connecting to 10.10.0.1:445 (Connection refused)
> Connecting to 10.10.0.1 at port 139
> [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC
> [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC
> [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE
> [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC
> [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. ....
> write_socket(4,76) write_socket(4,76) wrote 76
> .
> .
> .
> cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine
> TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the
> necessary access rights within the specified context for the reque
> .
> .
> .
> cli_shutdown
> cli_nt_setup_creds: request challenge failed
> 2000/01/25 16:59:11 : change_trust_account_password: Failed to change
> password for domain VIRTUE.
> Unable to join domain VIRTUE.
>
>
> Any ideas as to the problem here? After I execute this I get a
> VIRTUE.TRUTH.mac file in /ops/samba-tng/private/ it contains:
> 6EEDFD6884E8A287030FA5E86F800303:TLC-388E2056
>
>
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list