[Samba] Error Joining NT DOMAIN

Goetz Rieger goetz.rieger at suse.de
Thu Jun 20 00:30:03 GMT 2002 

On Wed, 12 Jun 2002 13:20:50 -0400
"Michael Sloan" <michael at theprintinghouse.com> wrote:

Hey,

I think as long as your Samba box is no PDC, you should set "domain logons
= no"

I have occasionally experienced the same problem, but mostly due to name
resolving issues.

Try "smbpasswd -D 3 [...]" for more output.

Try to create the machine account beforehand on the PDC and then to join
the domain just with "smbpasswd -j DOMAIN"

When you try to join the domain more often, make sure to remove
MACHINE.SID (I´m not exactly sure on this...) and secrets.tdb and to
remove the account on the PDC.

Regards,
Goetz

> I'm trying to use the documentation found with Samba-2.2.4 to set up a
> samba server under RH linux 7.2 (kernel 2.4.9-21) to join an existing NT
> domain for a couple of weeks with no success. I obtained the samba 2.2.4
> source code, compiled with the following options to configure:
> 
> --with-winbind --prefix=/usr/local/samba --with-smbwrapper --with-pam
> --with-pam_smbpass
> 
> After compiling, I created a machine account on the PDC (NT 4.0 SP6,
> clean install) for the samba server. Without smbd running, I attempted
> to join the domain with:
> 
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r SMBTEST
> 
> which didn't work. I also tried:
> 
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r
> SMBTEST -UAdministrator%<password>
> 
> which shows 'Joined domain TESTDOMAIN', at which point winbind will
> query the PDC and return a list of NT users and groups. However, wbinfo
> -t returns'Bad secret'. The samba server and the PDC are on the same
> network, and the samba server (when smbd and nmbd are running) has no
> difficulty resolving an IP address for SMBTEST, according to 'nmblookup
> SMBTEST'.
> 
> The following is the log entry from smbtest.log when attempting to join
> the domain:
> 
> [2002/06/11 11:40:21, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
>   cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> [2002/06/11 11:40:21, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
>   cli_nt_setup_creds: auth2 challenge failed
> [2002/06/11 11:40:21, 0]
> smbd/password.c:connect_to_domain_password_server(1359)
>   connect_to_domain_password_server: unable to setup the PDC credentials
>   to
> mach
> ine SMBTEST. Error was : NT_STATUS_OK.
> [2002/06/11 11:40:21, 0] smbd/password.c:domain_client_validate(1585)
>   domain_client_validate: Domain password server not available.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
>   unable to open passdb database.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
>   unable to open passdb database.
> 
> And the NT server shows in its event logs that there is no trust account
> for the samba server. I've read the instructions repeatedly, even
> recompiled samba and verified my smb.conf file several times, all with
> the same results.
> 
> Pertinent portions of my smb.conf file:
> [global]
> 
>    netbios name = QUINCYTEST
>    workgroup = TESTDOMAIN
>    security = domain
>    password server = *
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/smbpasswd
>    obey pam restrictions = yes
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    local master = no
>    os level = 33
>    domain master = no
>    preferred master = no
>    domain logons = yes
>    logon path = \\%L\Profiles\%U
>    wins server = 198.175.30.4 198.175.18.21
>    winbind separator = +
>    winbind uid = 550-999
>    winbind gid = 550-999
>    winbind enum users = yes
>    winbind enum groups = yes
>    template shell = /bin/tcsh
>    name resolve order = lmhosts bcast wins
> 
> Any idea(s) what is wrong here? I've searched the archives for answers,
> and while I've seen this problem, or one very much like it, posted
> several times, I didn't see any answers.
> 
> Michael Sloan
> Network Administrator
> The Printing House, Ltd.
> email: michael at theprintinghouse.com
> voice: (850) 875-1500x155
> fax: (850) 875-4080
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


-- 
Goetz Rieger                     Phone: +49 2241 92917-39
SuSE Linux Solutions AG          Fax:            314599
Geschaeftsstelle Rhein-Ruhr
Address: Marie-Curie-Str. 11-17, D-53757 St. Augustin

More information about the samba mailing list