[Samba] Error Joining NT DOMAIN

Michael Sloan michael at theprintinghouse.com
Wed Jun 12 10:28:03 GMT 2002 

I'm trying to use the documentation found with Samba-2.2.4 to set up a samba
server under RH linux 7.2 (kernel 2.4.9-21) to join an existing NT domain
for a couple of weeks with no success. I obtained the samba 2.2.4 source
code, compiled with the following options to configure:

--with-winbind --prefix=/usr/local/samba --with-smbwrapper --with-pam --with
-pam_smbpass

After compiling, I created a machine account on the PDC (NT 4.0 SP6, clean
install) for the samba server. Without smbd running, I attempted to join the
domain with:

/usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r SMBTEST

which didn't work. I also tried:

/usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r
SMBTEST -UAdministrator%<password>

which shows 'Joined domain TESTDOMAIN', at which point winbind will query
the PDC and return a list of NT users and groups. However, wbinfo -t returns
'Bad secret'. The samba server and the PDC are on the same network, and the
samba server (when smbd and nmbd are running) has no difficulty resolving an
IP address for SMBTEST, according to 'nmblookup SMBTEST'.

The following is the log entry from smbtest.log when attempting to join the
domain:

[2002/06/11 11:40:21, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2002/06/11 11:40:21, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/06/11 11:40:21, 0]
smbd/password.c:connect_to_domain_password_server(1359)
  connect_to_domain_password_server: unable to setup the PDC credentials to
mach
ine SMBTEST. Error was : NT_STATUS_OK.
[2002/06/11 11:40:21, 0] smbd/password.c:domain_client_validate(1585)
  domain_client_validate: Domain password server not available.
[2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
  unable to open passdb database.
[2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
  unable to open passdb database.

And the NT server shows in its event logs that there is no trust account for
the samba server. I've read the instructions repeatedly, even recompiled
samba and verified my smb.conf file several times, all with the same
results.

Pertinent portions of my smb.conf file:
[global]

   netbios name = QUINCYTEST
   workgroup = TESTDOMAIN
   security = domain
   password server = *
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   obey pam restrictions = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   os level = 33
   domain master = no
   preferred master = no
   domain logons = yes
   logon path = \\%L\Profiles\%U
   wins server = 198.175.30.4 198.175.18.21
   winbind separator = +
   winbind uid = 550-999
   winbind gid = 550-999
   winbind enum users = yes
   winbind enum groups = yes
   template shell = /bin/tcsh
   name resolve order = lmhosts bcast wins

Any idea(s) what is wrong here? I've searched the archives for answers, and
while I've seen this problem, or one very much like it, posted several
times, I didn't see any answers.

Michael Sloan
Network Administrator
The Printing House, Ltd.
email: michael at theprintinghouse.com
voice: (850) 875-1500x155
fax: (850) 875-4080

More information about the samba mailing list