Add Machine to Domain failed using NT4SP6-Wrk

A. Pohl pohl at vegu.de
Thu Mar 30 07:41:32 GMT 2006 

Hi all,

I'm testing Samba3.0.21c with OpenLDAP/IDEALX-Scripts. When I add a WinNT4 machine to the domain I get an error "The computer
account doesn't exists...". The same with a WinXP machine has no problems.
Here is a piece of client-log:

for NT4:
[2006/03/30 09:26:36, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/03/30 09:26:36, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2006/03/30 09:26:36, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/03/30 09:26:36, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/30 09:26:36, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/30 09:26:36, 5] lib/smbldap.c:smbldap_search_ext(1099)
  smbldap_search_ext: base => [ou=Groups,dc=IMUede,dc=de], filter => [(&(objectC
lass=sambaGroupMapping)(sambaSID=S-1-5-21-2134219367-4279175790-25907577-513))],
 scope => [2]
[2006/03/30 09:26:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(2202)
  init_group_from_ldap: Entry found for group: 513
[2006/03/30 09:26:36, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/30 09:26:37, 3] groupdb/mapping.c:smb_set_primary_group(1041)
  smb_set_primary_group: Running the command `/opt/IDEALX/sbin/smbldap-usermod -
g "Domain Users" "testus$"' gave 0
[2006/03/30 09:26:37, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1846)
  ldapsam_update_sam_account: user testus$ to be modified has dn: uid=testus$,ou
=Computers,dc=IMUede,dc=de
[2006/03/30 09:26:37, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
  init_ldap_from_sam: Setting entry for user: testus$
[2006/03/30 09:26:37, 5] lib/smbldap.c:smbldap_modify(1273)
  smbldap_modify: dn => [uid=testus$,ou=Computers,dc=IMUede,dc=de]
[2006/03/30 09:26:37, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1648)
  ldapsam_modify_entry: Failed to modify user dn= uid=testus$,ou=Computers,dc=IM
Uede,dc=de with: No such attribute
        modify/delete: sambaPrimaryGroupSID: no such value
[2006/03/30 09:26:37, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
  ldapsam_update_sam_account: failed to modify user with uid = testus$, error: m
odify/delete: sambaPrimaryGroupSID: no such value (Success)
[2006/03/30 09:26:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 samr_io_r_set_userinfo
[2006/03/30 09:26:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)
      0000 status: NT_STATUS_ACCESS_DENIED
[2006/03/30 09:26:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277)
  api_rpcTNP: called samr successfully


the same with WinXP:

[2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_search_ext(1099)
  smbldap_search_ext: base => [dc=IMUede,dc=de], filter => [(&(sambaSID=S-1-5-21
-2134219367-4279175790-25907577-3066)(objectclass=sambaSamAccount))], scope => [
2]
[2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: testus1$
[2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3258)
  _samr_set_userinfo:  does possess sufficient rights
[2006/03/29 16:16:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/03/29 16:16:06, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(101) : conn_ctx_stack_ndx = 0
[2006/03/29 16:16:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/29 16:16:06, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/29 16:16:06, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23(3079)
  Attempting administrator password change (level 23) for user testus1$
[2006/03/29 16:16:06, 5] rpc_server/srv_samr_nt.c:set_user_info_23(3099)
  Changing trust account or non-unix-user password, not updating /etc/passwd
[2006/03/29 16:16:06, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1846)
  ldapsam_update_sam_account: user testus1$ to be modified has dn: uid=testus1$,
ou=Computers,dc=IMUede,dc=de
[2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
  init_ldap_from_sam: Setting entry for user: testus1$
[2006/03/29 16:16:06, 5] lib/smbldap.c:smbldap_modify(1273)
  smbldap_modify: dn => [uid=testus1$,ou=Computers,dc=IMUede,dc=de]
[2006/03/29 16:16:06, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1879)
  ldapsam_update_sam_account: successfully modified uid = testus1$ in the LDAP d
atabase
[2006/03/29 16:16:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 samr_io_r_set_userinfo
[2006/03/29 16:16:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(762)

Can someone test it against NT4? What is wrong? Is it impossible to use NT4 with Samba3?

Thanks,

Andreas Pohl
pohl at vegu.de
--------------------------------------------------
INTERMET Ueckermünde
D-17373 Ueckermünde, Eggesiner Str. 11
Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210

More information about the samba-technical mailing list