[Samba] Samba 2.2.5-1 problems joining domain - W2K PDC
muhindra at yahoo.com
muhindra at yahoo.com
Mon Sep 9 19:20:01 GMT 2002
try:
smbpasswd -j DOM -r SERVER -U <W2K administrator>
and press enter and type administrator password.
--- "Aaron D." <lists at aaronsplace.org> wrote:
> OK Ladies and Gentlemen I could use a hand on this
> one. I'm new to the
> list, so please excuse me if I violate a protocol
> which is as yet unknown
> to me. However I am having some problems that seem
> to be beyond my
> abilities to find a solution to. Any help would be
> greatly appreciated.
>
> Technical Info:
> LINUX Box is a Red Hat 7.1 Kernel version is
> 2.4.9-34. Samba version(S)
> that I am working with are 2.2.5-1 (Red Hat Binary
> RPM downloaded from
> samba.org) and 2.0.10-2 (from Red Hat's site).
>
> Windows 2000 Advanced Server SP2 (SP3 was applied,
> and then
> removed). Since the application of SP3, and the
> subsequent removal I've
> restored from tape returning to PRE SP3 operations
> completely with no
> change in results. PDC - Native mode.
>
> Course of events:
> I had Samba 2.0.10-2 up and running perfectly fine
> as a domain member
> (security=domain) and all was well. I read up on
> the latest Samba release,
> and decided I wanted to give it a try, utilizing the
> new winbind appliance.
>
> I researched briefly on the Red Hat site, and
> determined that they did not
> have anything above 2.0.10-2 available "packaged"
> for my version of Red
> Hat. A quick trip to Samba.org produced a ready to
> roll rpm, and all was
> well. I've made complete backups of my /etc/samba
> directory, and the
> Windows 2000 server before any changes were made.
>
> After performing a complete un install of the
> existing Samba version, and
> installing the new package, I found that I was
> unable to get the Samba
> re-joined to the domain. Items checked and
> verified:
> I've verified more then once that the "Pre-windows
> 2000" box is checked
> when adding the machine account on the PDC.
> I've double and tipple checked the account
> credentials used with the
> smbpasswd join command.
> I've verified my syntax is correct
> lmhosts and hosts files have proper entries
> W2K wins server is up and has correct records
> smb.conf has Samba pointed in the correct direction
> for the WINS server on
> the W2K box.
> nmblookup is able to resolve the server, and domain
> correctly and as expected.
>
> When I run the smbpasswd -j DOM -R SERVER -A user I
> am prompted for the
> password. With Version 2.2.5-1 I receive the
> expected message that the
> domain was joined, and a quick check reveals that
> the secrets.tdb is
> created and in the proper location. Ownership and
> group are both root, with
> only root having rw access. I am able to enumerate
> groups and users from
> the domain using wbinfo -u or -g, and getent does
> reveal domain users and
> groups as well. However, no users or groups are
> able to authenticate into
> the Samba server, despite what I believe to be
> correct pam.d settings.
> Message examples will appear below from logs.
>
> With Version 2.0.10-2 I run the same command,
> however I receive an error
> message, and am told that it was unable to join the
> domain. The
> MACHINE.SID is created, and matches the record in
> the W2K registry, however
> the DOM.MACH.mac is not created.
>
>
> The most common message that I see in the log.smdb
> is:
>
>
smbd/password.c:connect_to_domain_password_server(1328)
> connect_to_domain_password_server: machine SERVER
> rejected the tconX on
> the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
>
> This is the message I receive with 2.0.10 when I try
> to join the domain:
>
> modify_trust_password: machine SERVER rejected the
> tconX on the IPC$ share.
> Error was : ERRDOS - ERRnoaccess.
> 2002/09/09 10:45:34 : change_trust_account_password:
> Failed to change
> password for domain DOMAIN.
> Unable to join domain DOMAIN.
>
> Of course, the machine account is fresh and new on
> each attempt. It's
> deleted, and the server rebooted before it is
> re-added. I've also tried
> never before used machine account names with the
> same result. I've read on
> a couple of different sites that M$ added some new
> RPC calls via W2K SP2
> which were not supported by pre 2.2 Samba. However
> what is it that I am
> running into with the 2.2.x versions?
>
> Any thoughts, suggestions or questions are welcome
> and
> appreciated. Obviously I could roll back to a
> working configuration from
> my tape backups, however I am not one who's mind
> lends it's self well to
> going backwards and "just getting it working."
>
> Thank you all for your time and suggestions.
>
> Aaron
>
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
http://lists.samba.org/mailman/listinfo/samba
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
More information about the samba
mailing list