[Samba] Samba 2.2.5-1 problems joining domain - W2K PDC

Aaron D. lists at aaronsplace.org
Mon Sep 9 20:49:01 GMT 2002 

I've used both the w2k\administrator and an account with membership in the 
administrators group, both with the same result.

Additionally, encrypt passwords  is set to Yes in the smb.conf.



At 02:19 PM 9/9/2002, you wrote:
>try:
>smbpasswd -j DOM -r SERVER -U <W2K administrator>
>and press enter and type administrator password.
>
>
>--- "Aaron D." <lists at aaronsplace.org> wrote:
> > OK Ladies and Gentlemen I could use a hand on this
> > one.  I'm new to the
> > list, so please excuse me if I violate a protocol
> > which is as yet unknown
> > to me.  However I am having some problems that seem
> > to be beyond my
> > abilities to find a solution to.  Any help would be
> > greatly appreciated.
> >
> > Technical Info:
> > LINUX Box is a Red Hat 7.1 Kernel version is
> > 2.4.9-34.  Samba version(S)
> > that I am working with are 2.2.5-1 (Red Hat Binary
> > RPM downloaded from
> > samba.org) and 2.0.10-2 (from Red Hat's site).
> >
> > Windows 2000 Advanced Server SP2 (SP3 was applied,
> > and then
> > removed).  Since the application of SP3, and the
> > subsequent removal I've
> > restored from tape returning to PRE SP3 operations
> > completely with no
> > change in results.  PDC - Native mode.
> >
> > Course of events:
> > I had Samba 2.0.10-2 up and running perfectly fine
> > as a domain member
> > (security=domain) and all was well.  I read up on
> > the latest Samba release,
> > and decided I wanted to give it a try, utilizing the
> > new winbind appliance.
> >
> > I researched briefly on the Red Hat site, and
> > determined that they did not
> > have anything above 2.0.10-2 available "packaged"
> > for my version of Red
> > Hat.  A quick trip to Samba.org produced a ready to
> > roll rpm, and all was
> > well.  I've made complete backups of my /etc/samba
> > directory, and the
> > Windows 2000 server before any changes were made.
> >
> > After performing a complete un install of the
> > existing Samba version, and
> > installing the new package, I found that I was
> > unable to get the Samba
> > re-joined to the domain.  Items checked and
> > verified:
> > I've verified more then once that the "Pre-windows
> > 2000" box is checked
> > when adding the machine account on the PDC.
> > I've double and tipple checked the account
> > credentials used with the
> > smbpasswd join command.
> > I've verified my syntax is correct
> > lmhosts and hosts files have proper entries
> > W2K wins server is up and has correct records
> > smb.conf has Samba pointed in the correct direction
> > for the WINS server on
> > the W2K box.
> > nmblookup is able to resolve the server, and domain
> > correctly and as expected.
> >
> > When I run the smbpasswd -j DOM -R SERVER -A user I
> > am prompted for the
> > password.  With Version 2.2.5-1 I receive the
> > expected message that the
> > domain was joined, and a quick check reveals that
> > the secrets.tdb is
> > created and in the proper location. Ownership and
> > group are both root, with
> > only root having rw access. I am able to enumerate
> > groups and users from
> > the domain using wbinfo -u or -g, and getent does
> > reveal domain users and
> > groups as well.  However, no users or groups are
> > able to authenticate into
> > the Samba server, despite what I believe to be
> > correct pam.d settings.
> > Message examples will appear below from logs.
> >
> > With Version 2.0.10-2 I run the same command,
> > however I receive an error
> > message, and am told that it was unable to join the
> > domain.   The
> > MACHINE.SID is created, and matches the record in
> > the W2K registry, however
> > the DOM.MACH.mac is not created.
> >
> >
> > The most common message that I see in the log.smdb
> > is:
> >
> >
>smbd/password.c:connect_to_domain_password_server(1328)
> >    connect_to_domain_password_server: machine SERVER
> > rejected the tconX on
> > the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
> >
> > This is the message I receive with 2.0.10 when I try
> > to join the domain:
> >
> > modify_trust_password: machine SERVER rejected the
> > tconX on the IPC$ share.
> > Error was : ERRDOS - ERRnoaccess.
> > 2002/09/09 10:45:34 : change_trust_account_password:
> > Failed to change
> > password for domain DOMAIN.
> > Unable to join domain DOMAIN.
> >
> > Of course, the machine account is fresh and new on
> > each attempt.  It's
> > deleted, and the server rebooted before it is
> > re-added.  I've also tried
> > never before used machine account names with the
> > same result.  I've read on
> > a couple of different sites that M$ added some new
> > RPC calls via W2K SP2
> > which were not supported by pre 2.2 Samba.  However
> > what is it that I am
> > running into with the 2.2.x versions?
> >
> > Any thoughts, suggestions or questions are welcome
> > and
> > appreciated.  Obviously I could roll back to a
> > working configuration from
> > my tape backups, however I am not one who's mind
> > lends it's self well to
> > going backwards and "just getting it working."
> >
> > Thank you all for your time and suggestions.
> >
> > Aaron
> >
> >
> > --
> > To unsubscribe from this list go to the following
> > URL and read the
> > instructions:
>http://lists.samba.org/mailman/listinfo/samba
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Finance - Get real-time stock quotes
>http://finance.yahoo.com
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list