[Samba] Problem joining samba to a samba-PDC domain

John Twyman j.twyman at es.usyd.edu.au
Tue Mar 4 10:57:32 GMT 2003 

Hi folks,

I'm having difficulty getting a samba server to join a domain, the PDC of 
which is another samba server. I believe I've set everything up correctly 
but when I run the following command on the "client" samba box

smbpasswd -j DOMAIN -r PDC -U adminuser%adminpasswd

I'm told

error creating domain user: NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN.

Looking through the log files on the PDC, I find these entries in the log 
file for the samba "client" box:

[2003/03/04 21:47:38, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369)
   unable to open passdb database.
[2003/03/04 21:47:38, 0] passdb/pdb_smbpasswd.c:add_smbfilepwd_entry(575)
   add_smbfilepwd_entry: unable to open file.
[2003/03/04 21:47:38, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929)
   Failed to add entry for user client$.


What I have done so far:

Successfully used smbclient to connect to available shares on the PDC from 
a "client" samba box using encrypted passwords (I have a smbpasswd file on 
the PDC).

Added relevant machine accounts to /etc/passwd on the PDC for the "client" 
samba boxes. I've made sure they include the $ at the end of the username.

Tried the smbpasswd -j ... command both with existing smbpasswd file 
entries and without (for use with the -U admin%pword option to smbpasswd)

Set up the PDC's smb.conf as follows (relevant directives only):

[global]

security = user
encrypt passwords = yes
smb passwd file = /path/to/smbpasswd
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false 
-M %u
local master = yes
domain master = yes
wins support = yes
domain admin group = user1

Set up the samba "client" box smb.conf as follows:

[global]

security = domain
password server = My_PDC_Name
encrypt passwords = yes
local master = no
wins server = IP_OF_PDC

---

Any suggestions as to how I might proceed from here would be greatly 
appreciated. I've searched for material covering this type of scenario but 
so far have only come across discussions that focus on either (a) joining 
w2k/xp clients to a samba-controlled domain or (b) joining a samba box to a 
winNT/2k-controlled domain.

Many thanks,
John



john twyman
school of geosciences
university of sydney
m: +61 401 992 836
e: j.twyman at es.usyd.edu.au

More information about the samba mailing list