[Samba] Samba 2.2.5-1 problems joining domain - W2K PDC

muhindra at yahoo.com muhindra at yahoo.com
Mon Sep 9 19:20:01 GMT 2002 

try:
smbpasswd -j DOM -r SERVER -U <W2K administrator>
and press enter and type administrator password.


--- "Aaron D." <lists at aaronsplace.org> wrote:
> OK Ladies and Gentlemen I could use a hand on this
> one.  I'm new to the 
> list, so please excuse me if I violate a protocol
> which is as yet unknown 
> to me.  However I am having some problems that seem
> to be beyond my 
> abilities to find a solution to.  Any help would be
> greatly appreciated.
> 
> Technical Info:
> LINUX Box is a Red Hat 7.1 Kernel version is
> 2.4.9-34.  Samba version(S) 
> that I am working with are 2.2.5-1 (Red Hat Binary
> RPM downloaded from 
> samba.org) and 2.0.10-2 (from Red Hat's site).
> 
> Windows 2000 Advanced Server SP2 (SP3 was applied,
> and then 
> removed).  Since the application of SP3, and the
> subsequent removal I've 
> restored from tape returning to PRE SP3 operations
> completely with no 
> change in results.  PDC - Native mode.
> 
> Course of events:
> I had Samba 2.0.10-2 up and running perfectly fine
> as a domain member 
> (security=domain) and all was well.  I read up on
> the latest Samba release, 
> and decided I wanted to give it a try, utilizing the
> new winbind appliance.
> 
> I researched briefly on the Red Hat site, and
> determined that they did not 
> have anything above 2.0.10-2 available "packaged"
> for my version of Red 
> Hat.  A quick trip to Samba.org produced a ready to
> roll rpm, and all was 
> well.  I've made complete backups of my /etc/samba
> directory, and the 
> Windows 2000 server before any changes were made.
> 
> After performing a complete un install of the
> existing Samba version, and 
> installing the new package, I found that I was
> unable to get the Samba 
> re-joined to the domain.  Items checked and
> verified:
> I've verified more then once that the "Pre-windows
> 2000" box is checked 
> when adding the machine account on the PDC.
> I've double and tipple checked the account
> credentials used with the 
> smbpasswd join command.
> I've verified my syntax is correct
> lmhosts and hosts files have proper entries
> W2K wins server is up and has correct records
> smb.conf has Samba pointed in the correct direction
> for the WINS server on 
> the W2K box.
> nmblookup is able to resolve the server, and domain
> correctly and as expected.
> 
> When I run the smbpasswd -j DOM -R SERVER -A user I
> am prompted for the 
> password.  With Version 2.2.5-1 I receive the
> expected message that the 
> domain was joined, and a quick check reveals that
> the secrets.tdb is 
> created and in the proper location. Ownership and
> group are both root, with 
> only root having rw access. I am able to enumerate
> groups and users from 
> the domain using wbinfo -u or -g, and getent does
> reveal domain users and 
> groups as well.  However, no users or groups are
> able to authenticate into 
> the Samba server, despite what I believe to be
> correct pam.d settings. 
> Message examples will appear below from logs.
> 
> With Version 2.0.10-2 I run the same command,
> however I receive an error 
> message, and am told that it was unable to join the
> domain.   The 
> MACHINE.SID is created, and matches the record in
> the W2K registry, however 
> the DOM.MACH.mac is not created.
> 
> 
> The most common message that I see in the log.smdb
> is:
> 
>
smbd/password.c:connect_to_domain_password_server(1328)
>    connect_to_domain_password_server: machine SERVER
> rejected the tconX on 
> the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
> 
> This is the message I receive with 2.0.10 when I try
> to join the domain:
> 
> modify_trust_password: machine SERVER rejected the
> tconX on the IPC$ share. 
> Error was : ERRDOS - ERRnoaccess.
> 2002/09/09 10:45:34 : change_trust_account_password:
> Failed to change 
> password for domain DOMAIN.
> Unable to join domain DOMAIN.
> 
> Of course, the machine account is fresh and new on
> each attempt.  It's 
> deleted, and the server rebooted before it is
> re-added.  I've also tried 
> never before used machine account names with the
> same result.  I've read on 
> a couple of different sites that M$ added some new
> RPC calls via W2K SP2 
> which were not supported by pre 2.2 Samba.  However
> what is it that I am 
> running into with the 2.2.x versions?
> 
> Any thoughts, suggestions or questions are welcome
> and 
> appreciated.  Obviously I could roll back to a
> working configuration from 
> my tape backups, however I am not one who's mind
> lends it's self well to 
> going backwards and "just getting it working."
> 
> Thank you all for your time and suggestions.
> 
> Aaron
> 
> 
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
http://lists.samba.org/mailman/listinfo/samba


__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

More information about the samba mailing list