From NO_SAM to NT_STATUS_ACCESS_DENIED

Melon, Jack MelonJ at SJHS.com
Tue Nov 14 12:55:26 GMT 2000 

Thank you all for your help. The NT Admin got back to me because even though
he had deleted my account, Server Manager wouldn't allow him to add me back
in because he was still seeing the Linux box. I had to stop smb and a couple
of hours later, my old account went away. He added me back in and I was able
to join the domain. But...

20 minutes later, I'm getting: 
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED 
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials
2000/11/13 15:11:26 : change_trust_account_password: Failed to change
password for domain
Unable to join domain CORPORATE


 (different than the No Trust Sam Account error, but I'm back on the
outside). He swears he didn't change anything and I know I didn't. 

Any ideas.?


>Your NT Administrator needs to delete the reference to your machine, re-add
it, 
>and then let you know.  Once he does that, then you can perform the
>Smbpasswd -j corporate -r vldpdc1.  You can explain to him that the current
>machine listed in the Server Manager has a different SID (Security ID) than
>your current Linux machine.  


>> -----Original Message-----
>> Subject: NT_STATUS_NO_TRUST_SAM_ACCOUNT

>> I'm using samba-2.0.4b-19990519 and am trying to become a member of an NT
>> domain. I've read the Samba, smbpasswd, & smb.conf man pages, NTDomain
FAQ
>> and the documents that accompany Samba-2 (i.e. DOMAIN_MEMBER.txt,
Win95.txt,
>> WinNT.txt).

>> When I try to Log-on the CORPORATE domain by:
>> # /etc/rc.d/init.d/smb stop
>> Shutting down SMB services: smbd nmbd
>> # smbpasswd -j CORPORATE   [or smbpasswd -j CORPORATE -r VLDPDC1]

>> I get:
>>cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
>>cli_nt_setup_creds: auth2 challenge failed
>>modify_trust_password: unable to setup the PDC credentials to machine
>>VLDPDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
>>2000/10/25 13:31:28 : change_trust_account_password: Failed to change
>>password for domain CORPORATE
>>Unable to join domain CORPORATE

>>When I asked the NT Admin to add "Linux" to the NT domain on the PDC using
>>Server Manager for Domains, his response was, "Linux is already in my
Server
>>Manager list as a Windows NT 4.2 Server with a description of Linux smb
>>Server in Engineering." He has also made a reference to the older MS Lan
>>Manager Client and that he's had problems in some cases where he had to
have
>>IPX installed (802.3 frame type) in addition to TCP/IP before domain logon
>>was successful.

>>My smb.conf includes:
>>workgroup = CORPORATE
>>server string = Linux smb Server in Engineering
>>printing = bsd
>>printcap name = /etc/printcap
>>load printers = yes
>>guest account = nobody
>>log file = /var/log/samba-log%m
>>max log size = 50
>>short preserve case = yes
>>preserve case = yes
>>lock directory = /var/lock/samba
>>locking = yes
>>strict locking = yes
>>share modes = yes
>>security = domain
>>password server = VLDPDC1
>>socket options = TCP_NODELAY
>>wins server = 10.102.7.71


		Any help is appreciated.

		Jack

More information about the samba-ntdom mailing list