[Samba] tough problem joining test domain

Bradley W. Langhorst brad at langhorst.com
Thu Aug 1 12:58:02 GMT 2002 

On Thu, 2002-08-01 at 02:12, Bradley W. Langhorst wrote:
> I've been working on this all night without success...
> 
> I'm setting up a HEAD  (from today) test domain and want to join XP
> machines to it.
> I've applied the signorseal patch to the client
> I've set use spnego = no in the smb.conf
> 
> I'm using ldapsam talking to a remote machine.
> smbldap tools all work to change passwords add/del users etc.
> i've set the ldap admin password via smbpasswd -w
> 
> I've set the SID to be the same as that in my non-test domain (since I
> want to be able to move user profiles from test to the production
> domain).  My test domain controller is acting sort of like a BDC for the
> production PDC except it is the domain master for a different domain.
> rpcclient $> lsaquery
> domain LAUELAB_TEST has sid S-1-5-21-1995982474-3671514283-3045899775
> rpcclient $> lsaquery
> domain LAUELAB has sid S-1-5-21-1995982474-3671514283-3045899775
> 
> but I can't join the test XP machine to the test domain.  here is that
> bit of the log
> [2002/08/01 01:40:23, 2] auth/auth.c:check_ntlm_password(266)
>   check_password:  authentication for user [root] -> [root] -> [root]
> suceeded
> [2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
>   Allowed connection from  (132.177.45.13)
> [2002/08/01 01:40:23, 2] smbd/service.c:make_connection_snum(377)
>   user 'root' (from session setup) not permitted to access this share
> (IPC$)Closing connections
> [2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
>   Allowed connection from  (132.177.45.13)
> 
> authentication is fine but no access to IPC$??
> 
> i also cannot use rpcclient as root
> unheq1:/var/log/samba# rpcclient -U root unheq1
> Password:
> failed tcon_X with NT code 0xffffffff
> Cannot connect to server.  Error was NT_STATUS_ACCESS_DENIED
> unheq1:/var/log/samba# rpcclient -U root unheq1
> Password:
> failed session setup with NT_STATUS_LOGON_FAILURE
> Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE
> 
> the second try was with a known bad password to see what happens.
> all other users can use rpcclient with no trouble.
> and rpcclient as root on the production domain works fine.
> 
okay - i've resolved the ipc problem 
a stray invalid users = root crept into my conf file.

so that IPC$ stuff was a red herring

brad

More information about the samba mailing list