Can't join NT domain (any more)

Martin Wilck Martin.Wilck at fujitsu-siemens.com
Thu Oct 25 06:03:06 GMT 2001


I am trying to use DOMAIN security with samba. Some weeks ago I had
started this and successfully joined the domain with smbpasswd -j. (that
was with samba 2.2.1a-4 from RedHat Rawhide). All was fine for a few days.

For some reason, though (this may have been my own mistake), after a while
my server couldn't connect to the PDC for password queries any more
(access denied). Subsequent attempts to do smbpasswd -j again failed with
"Access denied" errors, too. I upgraded to the official samba-2.2.2
package, with no effect.

We then deleted my host in the server manager in the NT 4.0 PDC and
re-inserted it shortly after (this is the procedure recommended in
all postings I found related to this or similar problems).
Since then, all my attempts to join the domain have resulted
in errors like this (log level 3):

Connecting to 172.25.186.156 at port 139 LSA_QUERYINFOPOLICY (level 5):
domain:SYNERGY.DOM  domain sid:S-1-5-21-2023499377-1970097340-1307212239
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds:
auth2 challenge failed modify_trust_password: unable to setup the PDC
credentials to machine SYNERGY. Error was :
NT_STATUS_NO_TRUST_SAM_ACCOUNT.

The corresponding error event on the NT box is #5723 (No SAM trust
account).

I have reinstalled samba, rebooted both my machine, PDC, and BDC, and
deleted the secrets.tdb file - with no success. I also deleted and
reinserted my machine several times on the PDC, I even tried to give it
another name. Always the same problem. I have tried deleting/reinserting
my box on the PDC with and without samba running on my box - no effect.

I am definitely out of ideas now.
This is samba-2.2.2-20011013 on RedHat 7.1.

It looks as if something went wrong on the PDC, actually - unfortunately I
can't prove that to my NT administrators...

I read through all the related documentation I could get my hands at, but
all the authors seem to assume that smbpasswd -j succeeds, which it
doesn't in my case.

Someone told me to use `smbpasswd -j DOMAIN -r host -U admininistrator',
but that didn't help, either.

Any help is greatly appreciated.
Martin

-- 
Martin Wilck                Phone: +49 5251 8 15113
Fujitsu Siemens Computers   Fax:   +49 5251 8 20409
Heinz-Nixdorf-Ring 1	    mailto:Martin.Wilck at Fujitsu-Siemens.com
D-33106 Paderborn           http://www.fujitsu-siemens.com/primergy









More information about the samba mailing list