Samba 2.2.3 not properly joining NT 4.0 domain

Ian MacPhedran macphed at duke.usask.ca
Thu Feb 21 14:08:08 GMT 2002 

Host: UltraSparc 1 running Solaris 2.6, gcc 2.7.2.3
Samba v 2.2.3 (not a) configured with:
   --with-quotas --with-utmp --with-acl-support
using security=domain against an NT 4.0 domain controller (actually a
domain with a PDC and two BDCs).

The problem seems to be that samba and the domain controller can't get
together on the authentication of the samba server. When running as a
domain member, the samba server logs the following when an attempt is made
to access a samba share:

(after some discussion between the PDC and samba)

[2002/02/06 19:46:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(588)
      0024 status: NT_STATUS_ACCESS_DENIED
[2002/02/06 19:46:57, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/02/06 19:46:57, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/02/06 19:46:57, 0]
smbd/password.c:connect_to_domain_password_server(1336)
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine MYDC. Error was : NT_STATUS_OK.

(MYDC representing the [PB]DC hostname.)

I've tried adding the samba server to the domain several times, and
smbpasswd keeps saying that it is successful. (And the name is added to
the server list under "server manager", but is lowercase. Running
smbpasswd with debugging on shows that the computer name is being sent as
lowercase as well.) Attempts to use bad data (e.g. joining with an
non-administrator account, or with an invalid password) claim to fail, so
I think that this part is okay.

Using security=server works okay.

Previously, this machine was running Samba 2.2.1 and it was participating
nicely as a member server.

Any helpful suggestions will be gratefully accepted.

Thanks.
Ian.
----------------------------------------------------------------------------
Ian MacPhedran,   Engineering Computer Centre,   University of Saskatchewan.
Room 2B13, 57 Campus Drive, Saskatoon, Sask., CANADA S7N 5A9  (306) 966-4832

More information about the samba-technical mailing list