[Samba] tough problem joining test domain

Bradley W. Langhorst brad at langhorst.com
Wed Jul 31 23:15:02 GMT 2002 

I've been working on this all night without success...

I'm setting up a HEAD  (from today) test domain and want to join XP
machines to it.
I've applied the signorseal patch to the client
I've set use spnego = no in the smb.conf

I'm using ldapsam talking to a remote machine.
smbldap tools all work to change passwords add/del users etc.
i've set the ldap admin password via smbpasswd -w

I've set the SID to be the same as that in my non-test domain (since I
want to be able to move user profiles from test to the production
domain).  My test domain controller is acting sort of like a BDC for the
production PDC except it is the domain master for a different domain.
rpcclient $> lsaquery
domain LAUELAB_TEST has sid S-1-5-21-1995982474-3671514283-3045899775
rpcclient $> lsaquery
domain LAUELAB has sid S-1-5-21-1995982474-3671514283-3045899775

but I can't join the test XP machine to the test domain.  here is that
bit of the log
[2002/08/01 01:40:23, 2] auth/auth.c:check_ntlm_password(266)
  check_password:  authentication for user [root] -> [root] -> [root]
suceeded
[2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
  Allowed connection from  (132.177.45.13)
[2002/08/01 01:40:23, 2] smbd/service.c:make_connection_snum(377)
  user 'root' (from session setup) not permitted to access this share
(IPC$)Closing connections
[2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
  Allowed connection from  (132.177.45.13)

authentication is fine but no access to IPC$??

i also cannot use rpcclient as root
unheq1:/var/log/samba# rpcclient -U root unheq1
Password:
failed tcon_X with NT code 0xffffffff
Cannot connect to server.  Error was NT_STATUS_ACCESS_DENIED
unheq1:/var/log/samba# rpcclient -U root unheq1
Password:
failed session setup with NT_STATUS_LOGON_FAILURE
Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE

the second try was with a known bad password to see what happens.
all other users can use rpcclient with no trouble.
and rpcclient as root on the production domain works fine.

Tomorrow I'll try replicating the ldap server on the local machine. 
But I don't think that will have any effect.

Any insight appreciated!

thanks!

brad

More information about the samba mailing list