[Samba] Issues with Joining an NT4 Domain

Clint Martin clintm at laplink.com
Tue Feb 4 16:23:52 GMT 2003 

Hello

    I'm having some dificulties joining my Samba 3.0alpha (and 2.2.7a)
machine to my NT4 domain.  Let me tell you what I'm attempting to
accomplish.  I want to setup the Samba system to authenticate to my NT
domain so that I can use NTLM Proxy authentication with SQUID.  Through
reading the docs, I'm under the impression that in order to allow thre
SQUID/Samba setup to auth on the domain, the NT PDC must show that the Samba
machine is part of the domain.

I've tried this with Samba 2.2.7a and the latest 3.0alpha with the same
results. I'll include the commands I've used for the 3.0 tree, as this is
what I've used most recently.

My smb.conf:

[global]
        security = DOMAIN
        domain logons = yes
        password server = QADOM
        workgroup = QADOM
        netbios name = clintbsd30a
        server string = FreeBSD with Samba 3.0
        encrypt passwords = yes
        preferred master = no
        domain master = no
        utmp = yes
        add user script = /usr/sbin/pw adduser %u
        delete user script = /usr/sbin/pw deleteuser %u
        pam password change = yes


I join the domain like this:

# ./net join -U Administrator
[2003/02/04 08:07:32, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 08:07:32, 1] libsmb/trust_passwd.c:just_change_the_password(42)
  just_change_the_password: unable to setup creds
(NT_STATUS_NO_TRUST_SAM_ACCOUNT)!
[2003/02/04 08:07:32, 1] utils/net_rpc.c:run_rpc_command(154)
  rpc command function failed! (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
Joined domain QADOM.

This, I think, is the root of the issue.. how can I have
NT_STATUS_NO_TRUST_SAM_ACCOUNT and still be joined to the domain?

The machine shows up in the NT Domain Machine Management program as a NT
Backup.  I've also tried adding the Machine manually to the NT domain first,
then useing the net command to join it.

after fireing up nmbd and smbd, and attempting to access the machine from
the PDC's network neighborhood, I get this error on the PDC:  The SAM
Database on the Windows NT server does not have a computer account for this
workstation trust relationship.

and in the samba log files I get:

[2003/02/04 07:48:30, 0] smbd/server.c:main(704)
  smbd version 3.0alpha21 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2003/02/04 07:48:30, 0] smbd/server.c:main(738)
  standard input is not a socket, assuming -D option
[2003/02/04 07:49:04, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:04, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:04, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:04, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:05, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:05, 0] auth/auth_domain.c:domain_client_validate(407)
  domain_client_validate: Domain password server not available.
[2003/02/04 07:49:05, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:06, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:06, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:06, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(300)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/02/04 07:49:06, 0]
auth/auth_domain.c:connect_to_domain_password_server(216)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine QA71B. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/02/04 07:49:06, 0] auth/auth_domain.c:domain_client_validate(407)
  domain_client_validate: Domain password server not available.

so I guess my question is, what am I doing wrong?  any help would be
appreciated.

Thanks,
Clint Martin
clintm at laplink.com

More information about the samba mailing list