[BUG?] samba 2.2.8a cannot join 3.0 correctly

Dariush Forouher dariush at forouher.de
Mon Jul 28 17:22:54 GMT 2003


with current 3.0 CVS a 2.2.8a samba domain member is unable to
authenticate against the 3.0 domain controller.

Joining was successful, even the machine trust account has been created

But if I try `smbclient -L localhost -Uqwe%erton` on the 2.2 server,
samba cannot authenticate against the DC:

[2003/07/28 16:45:36, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/07/28 16:45:36, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2003/07/28 16:45:36, 0]
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine ALDEBARAN. Error was : NT_STATUS_OK.
[2003/07/28 16:45:36, 0] smbd/password.c:domain_client_validate(1601)
  domain_client_validate: Domain password server not available.

The only interesting thing I've noticed is that the password hashs,
which has been written into LDAP, everytime have the same values,
regardless of the client workstation or date&time of joining
(don't know if this is unusual, but our Win2K Clients everytime get a
new one, so this is a bit confusing in my eyes)

This is the created LDAP Entry (posixAccount has been created by
add machine script, sambaSamAccount by Samba.):

dn: uid=regulus$,ou=MTAs,ou=Interna,ou=People,dc=brgs,dc=org
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
uid: regulus$
gidNumber: 65534
uidNumber: 1058
loginShell: /bin/false
homeDirectory: /tmp
cn: Machine Trust Account
sambaSID: S-1-5-21-3238706690-790015024-1362600430-3116
sambaPrimaryGroupSID: S-1-5-21-3238706690-790015024-1362600430-132069
displayName: Machine Trust Account
sambaAcctFlags: [W          ]
sambaPwdCanChange: 1059403793
sambaPwdMustChange: 1074955793
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
sambaPwdLastSet: 1059403793

Has anybody out there a clue of what's causing this or had been able to
reproduce this thing?


More information about the samba-technical mailing list