[Samba] Error Joining NT DOMAIN
Goetz Rieger
goetz.rieger at suse.de
Thu Jun 20 00:30:03 GMT 2002
On Wed, 12 Jun 2002 13:20:50 -0400
"Michael Sloan" <michael at theprintinghouse.com> wrote:
Hey,
I think as long as your Samba box is no PDC, you should set "domain logons
= no"
I have occasionally experienced the same problem, but mostly due to name
resolving issues.
Try "smbpasswd -D 3 [...]" for more output.
Try to create the machine account beforehand on the PDC and then to join
the domain just with "smbpasswd -j DOMAIN"
When you try to join the domain more often, make sure to remove
MACHINE.SID (I´m not exactly sure on this...) and secrets.tdb and to
remove the account on the PDC.
Regards,
Goetz
> I'm trying to use the documentation found with Samba-2.2.4 to set up a
> samba server under RH linux 7.2 (kernel 2.4.9-21) to join an existing NT
> domain for a couple of weeks with no success. I obtained the samba 2.2.4
> source code, compiled with the following options to configure:
>
> --with-winbind --prefix=/usr/local/samba --with-smbwrapper --with-pam
> --with-pam_smbpass
>
> After compiling, I created a machine account on the PDC (NT 4.0 SP6,
> clean install) for the samba server. Without smbd running, I attempted
> to join the domain with:
>
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r SMBTEST
>
> which didn't work. I also tried:
>
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r
> SMBTEST -UAdministrator%<password>
>
> which shows 'Joined domain TESTDOMAIN', at which point winbind will
> query the PDC and return a list of NT users and groups. However, wbinfo
> -t returns'Bad secret'. The samba server and the PDC are on the same
> network, and the samba server (when smbd and nmbd are running) has no
> difficulty resolving an IP address for SMBTEST, according to 'nmblookup
> SMBTEST'.
>
> The following is the log entry from smbtest.log when attempting to join
> the domain:
>
> [2002/06/11 11:40:21, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
> cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> [2002/06/11 11:40:21, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
> cli_nt_setup_creds: auth2 challenge failed
> [2002/06/11 11:40:21, 0]
> smbd/password.c:connect_to_domain_password_server(1359)
> connect_to_domain_password_server: unable to setup the PDC credentials
> to
> mach
> ine SMBTEST. Error was : NT_STATUS_OK.
> [2002/06/11 11:40:21, 0] smbd/password.c:domain_client_validate(1585)
> domain_client_validate: Domain password server not available.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
> unable to open passdb database.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
> unable to open passdb database.
>
> And the NT server shows in its event logs that there is no trust account
> for the samba server. I've read the instructions repeatedly, even
> recompiled samba and verified my smb.conf file several times, all with
> the same results.
>
> Pertinent portions of my smb.conf file:
> [global]
>
> netbios name = QUINCYTEST
> workgroup = TESTDOMAIN
> security = domain
> password server = *
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> obey pam restrictions = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = no
> os level = 33
> domain master = no
> preferred master = no
> domain logons = yes
> logon path = \\%L\Profiles\%U
> wins server = 198.175.30.4 198.175.18.21
> winbind separator = +
> winbind uid = 550-999
> winbind gid = 550-999
> winbind enum users = yes
> winbind enum groups = yes
> template shell = /bin/tcsh
> name resolve order = lmhosts bcast wins
>
> Any idea(s) what is wrong here? I've searched the archives for answers,
> and while I've seen this problem, or one very much like it, posted
> several times, I didn't see any answers.
>
> Michael Sloan
> Network Administrator
> The Printing House, Ltd.
> email: michael at theprintinghouse.com
> voice: (850) 875-1500x155
> fax: (850) 875-4080
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
Goetz Rieger Phone: +49 2241 92917-39
SuSE Linux Solutions AG Fax: 314599
Geschaeftsstelle Rhein-Ruhr
Address: Marie-Curie-Str. 11-17, D-53757 St. Augustin
More information about the samba
mailing list