Unable to join domain w/ current CVS

Esh, Andrew Andrew_Esh at adaptec.com
Mon Apr 21 15:40:17 GMT 2003 

It appears as though there is no trust account on the Domain Controller for
the Samba host to use. You have to add the Samba host to the domain as you
would any other server. The easiest way to do this is to go to the domain
controller, and add an account via the Server Manager (if the DC is running
NT). Then, "smbpasswd -j DOMAIN_NAME" can be used on the Samba host to
attach to the new account.

-----Original Message-----
From: Roylance, Stephen D. [mailto:SROYLANCE at PARTNERS.ORG]
Sent: Monday, April 21, 2003 10:30 AM
To: samba-technical
Subject: Unable to join domain w/ current CVS


I did a cvs update this morning to try out Simo's idmap fix.  I deleted my
previous samba install and deleted my machine account from the domain.  I
recompiled and did make install, configured through swat and then ran net
join -U.  The net join failed like this:
bash-2.05a# /usr/local/samba/bin/net rpc join --user=my user account
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from UCS-2LE to CP850 not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from UTF8 to CP850 not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from ASCII to CP850 not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from CP850 to UCS-2LE not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from CP850 to UTF8 not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from CP850 to ASCII not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from CP850 to UTF8 not supported
[2003/04/21 10:13:13, 0] lib/module.c:smb_load_module(39)
  Error loading module '/usr/local/samba/lib/charset/CP850.so': No such file
or directory
[2003/04/21 10:13:13, 0] lib/charcnv.c:init_iconv(110)
  Conversion from UTF8 to CP850 not supported
[2003/04/21 10:13:13, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/04/21 10:13:13, 1] libsmb/trusts_util.c:just_change_the_password(44)
  just_change_the_password: unable to setup creds
(NT_STATUS_NO_TRUST_SAM_ACCOUNT)!
[2003/04/21 10:13:13, 1] utils/net_rpc.c:run_rpc_command(154)
  rpc command function failed! (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
Password:   <----- I input my domain password here
[2003/04/21 10:13:16, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/04/21 10:13:16, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(318)
  error in domain join verification: NT_STATUS_NO_TRUST_SAM_ACCOUNT
Unable to join domain MYDOMAIN.
bash-2.05a#  
 
This is on AIX 5.1 with a windows 2000 AD mixed-mode domain.  My smb.conf
is:
[global]
        workgroup = MYDOMAIN
        security = DOMAIN
        wins server = my wins server address
        ldap ssl = no
        idmap uid = 100000-300000
        idmap gid = 100000-300000
 
An account gets created in AD, but it is a domain controller account.  It
gets put in the domain controllers OU and only an enterprise admin can
delete it.
 
Thanks,
Steve Roylance

More information about the samba-technical mailing list