2.2 cannot join 3.0 correctly

Dariush Forouher dariush at forouher.de
Wed Apr 16 07:48:07 GMT 2003


I am trying to make some samba 2.2.8a machines domain members of our
samba 3.0 (cvs 07-04-03) domain.

# smbpasswd -j BRGS -r ALDEBARAN -Uroot
Joined domain BRGS.

But after starting smbd samba cannot authenticate users against the DCs.
[2003/04/16 09:22:46, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/04/16 09:22:46, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2003/04/16 09:22:46, 0]
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine ALDEBARAN. Error was : NT_STATUS_OK.
[2003/04/16 09:22:46, 0] smbd/password.c:domain_client_validate(1601)
  domain_client_validate: Domain password server not available.

The interessting thing:
For testing I configured another samba 2.2.8a machine as a BDC in this
domain (we use LDAP as passwd backend, so this was fairly easy) and
joined the samba machine against this 2.2 DC. Surprisingly now the 2.2
domain member can connect to the DC and authenticate users. It works now
even if I set explicitly "password server = aldebaran", where aldebaran
is one of the samba 3.0 DCs that returned "access denied" before.

While comparing the join procedure between 2.2->3.0 and 2.2->2.2 I
noticed that samba 3.0 sets the password hashes in every case to the
same values, even if I deleted them before. They are the same even if a 
different 2.2 machine joins the domain.

The samba 3.0 DC are using ldapsam_nua backend, but I've also tried
ldapsam with local created unix account.

PGP Fingerprint: 0x886C99A1

More information about the samba-technical mailing list