[Samba] Unable to join samba server to a NT4 style domain
Ashutosh Kamdar
akamdar at gnsi.com
Fri Apr 15 16:19:54 GMT 2005
Jim,
I tried something as per your suggestion:
# ./net rpc join -S NTSERVER -d 3 -l -U administrator%'xxxxx'
This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean?
Thanks,
Ash
---------------------8<--------------------
[2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907)
lp_load: refreshing parameters
[2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321)
Initialising global parameters
[2005/04/15 12:09:30, 3] param/params.c:pm_process(573)
params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf"
[2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409)
Processing section "[global]"
[2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0
[2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855)
resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server1<0x20>
[2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752)
resolve_wins: Attempting wins lookup for name gnsi_server1<0x20>
[2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917)
resolve_hosts: Attempting host lookup for name gnsi_server1<0x20>
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406)
Connecting to host=gnsi_server1
[2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.2.11 at port 445
[2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207)
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406)
Connecting to host=gnsi_server1
[2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.2.11 at port 445
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
Doing spnego session setup (blob length=110)
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 48018 1 2 2
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 113554 1 2 2
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 113554 1 2 2 3
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
got principal=gnsi_server1$@GNSI.COM
[2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
Got challenge flags:
[2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62890215
[2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
NTLMSSP: Set final flags:
[2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
lsa_io_sec_qos: length c does not match size 8
[2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406)
Connecting to host=gnsi_server1
[2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.2.11 at port 445
[2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207)
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED
Unable to join domain GLOBALNET.
[2005/04/15 12:09:30, 2] utils/net.c:main(897)
return code = 1
-----------------------------8<-------------------
------Original Message-----
-From: Van Sickler, Jim [mailto:vansickj-eodc at kaman.com]
-Sent: Thursday, April 14, 2005 09:42 PM
-To: ''Ashutosh Kamdar'', samba at lists.samba.org
-Subject: RE: [Samba] Unable to join samba server to a NT4 style domain
-
-Ash,
-
-net help rpc shows the following for the --long option:
-
--l or --long Display full information
-
-In what I've found from googling and
-the Samba-Guide (thanks, John!),
-it looks like net rpc join will create the
-Domain machine account when you run it; if
-MYSERVER already exists, you'll be prevented
-from creating a duplicate entry.
-
-Try deleting MYSERVER from the Domain.
-
-then run your original command...
-
-./net rpc join -U administrator%'xxxxxxxx'
-
-or ./net rpc join -S NT4SERVER -U administrator%'xxxxxxxx'
-
-and see what happens.
-
-If this works, it reinforces this comment from my earlier link:
-
-This process joins the server to the domain
-without having to create the machine trust
-account on the PDC beforehand.
-
-and is a change from Samba 2.x, which required
-the creation of the machine trust account
-on the PDC before running "smbpasswd -j DOM -r DOMPDC".
-
-John: if this is true, can Chap 7 be amended to
-reflect the change?
-
-Jim
-
-> -----Original Message-----
-> From: Ashutosh Kamdar [mailto:akamdar at gnsi.com]
-> Sent: Thursday, April 14, 2005 2:25 PM
-> To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba at lists.samba.org
-> Subject: Re: [Samba] Unable to join samba server to a NT4 style domain
->
->
-> Jim,
->
-> I have Samba shut down while executing the net rpc join
-> commands, as the HOW-TO says.
->
-> On trying the following,
->
-> # ./net rpc join -S NTSERVER
-> Password:
->
-> This is the response I get,
->
-> Could not connect to server NTSERVER
-> The username or password was not correct.
->
-> The password used was that of the administrator authorized to
-> add machines to the domain. Is there any other
-> username/password I should be using?
->
-> On trying this,
->
-> net join -S NT4SERVER -U administrator%'xxxxxxxx' -W
-> MYWORKGROUP --long
->
-> This is the response I get,
->
-> Unable to join domain <domain-name>.
->
-> BTW, what does the switch --long do?
->
-> I have followed the exact steps in the document you have
-> pointed out and the HOW-TOs. Thanks for pointing that out
-> this particular chapter.
->
-> Regards,
->
-> Ash
->
-> ------Original Message-----
-> -From: Van Sickler, Jim [mailto:vansickj-eodc at kaman.com]
-> -Sent: Thursday, April 14, 2005 08:30 PM
-> -To: ''Ashutosh Kamdar'', samba at lists.samba.org
-> -Subject: RE: [Samba] Unable to join samba server to a NT4
-> style domain
-> -
-> -Ash,
-> -
-> -Do you have Samba shut down while you're
-> -running net rpc join? The daemons
-> -shouldn't be running, AFAIK.
-> -
-> -Make sure they're down, and try your earlier
-> -net rpc join commands...
-> -
-> -If that doesn't work, try just:
-> - net rpc join -S NT4SERVER
-> -
-> -Maybe try deleting MYSERVER from the domain,
-> -then
-> -net join -S NT4SERVER -U administrator%'xxxxxxxx' -W
-> MYWORKGROUP --long
-> -
-> -See
-> -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain
-> -member.html#id
-> -2522086
-> -
-> -
-> -Jim
-> -
-> -
-> -> -----Original Message-----
-> -> From: Ashutosh Kamdar [mailto:akamdar at gnsi.com]
-> -> Sent: Thursday, April 14, 2005 12:50 PM
-> -> To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba at lists.samba.org
-> -> Subject: Re: [Samba] Unable to join samba server to a NT4
-> style domain
-> ->
-> ->
-> -> Jim,
-> ->
-> -> Yes, the NTSERVER is a PDC. Do you know of a way to see any
-> -> kind of logs on the net join rpc command?
-> ->
-> -> -Ash
-> ->
-> -> ------Original Message-----
-> -> -From: Van Sickler, Jim [mailto:vansickj-eodc at kaman.com]
-> -> -Sent: Thursday, April 14, 2005 07:40 PM
-> -> -To: ''Ashutosh Kamdar'', samba at lists.samba.org
-> -> -Subject: RE: [Samba] Unable to join samba server to a NT4
-> -> style domain
-> -> -
-> -> -Ash,
-> -> -
-> -> -Is NT4SERVER the PDC?
-> -> -If not, use -S PDC instead of -S NT4SERVER
-> -> -
-> -> -Jim
-> -> -
-> -> -> -----Original Message-----
-> -> -> From: Ashutosh Kamdar [mailto:akamdar at gnsi.com]
-> -> -> Sent: Thursday, April 14, 2005 12:24 PM
-> -> -> To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba at lists.samba.org
-> -> -> Subject: Re: [Samba] Unable to join samba server to a NT4
-> -> style domain
-> -> ->
-> -> ->
-> -> -> Jim,
-> -> ->
-> -> -> For all of the four commands you have mentioned, I get the
-> -> -> same response:
-> -> ->
-> -> -> Unable to join domain <domain-name>.
-> -> ->
-> -> -> There are no error messages or explanation with it, just the
-> -> -> plain text.
-> -> ->
-> -> -> Regards,
-> -> ->
-> -> -> Ash
-> -> ->
-> -> -> ------Original Message-----
-> -> -> -From: Van Sickler, Jim [mailto:vansickj-eodc at kaman.com]
-> -> -> -Sent: Thursday, April 14, 2005 07:15 PM
-> -> -> -To: ''Ashutosh Kamdar'', samba at lists.samba.org
-> -> -> -Subject: RE: [Samba] Unable to join samba server to a NT4
-> -> -> style domain
-> -> -> -
-> -> -> -Ash,
-> -> -> -
-> -> -> -try one of the following:
-> -> -> -
-> -> -> -./net rpc join -S NT4SERVER -U administrator
-> -> -> -
-> -> -> -./net rpc join -S NT4SERVER -U administrator%'xxxxxxxx'
-> -> -> -
-> -> -> -./net rpc join -W MYWORKGROUP -U administrator
-> -> -> -
-> -> -> -./net rpc join -W MYWORKGROUP -U administrator%'xxxxxxxx'
-> -> -> -
-> -> -> -Jim
-> -> -> -
-> -> -> -> -----Original Message-----
-> -> -> -> From: Ashutosh Kamdar [mailto:akamdar at gnsi.com]
-> -> -> -> Sent: Thursday, April 14, 2005 11:48 AM
-> -> -> -> To: Van Sickler, Jim; samba at lists.samba.org
-> -> -> -> Subject: Re: [Samba] Unable to join samba server to a NT4
-> -> -> style domain
-> -> -> ->
-> -> -> ->
-> -> -> -> Jim,
-> -> -> ->
-> -> -> -> -Try adding the Samba server to the NT4 Domain first.
-> -> -> -> Response: The samba server has already been added to
-> -> the NT domain.
-> -> -> ->
-> -> -> -> -Is the NT4 server also a WINS server?
-> -> -> -> -If so, add that info to the smb.conf
-> -> -> -> -
-> -> -> -> -wins server = xxx.xxx.xxx.xxx
-> -> -> -> -name resolve order = wins lmhosts host bcast
-> -> -> -> -
-> -> -> -> -Put the NT4 server info into /etc/lmhosts
-> -> -> -> -and /etc/hosts
-> -> -> -> -xxx.xxx.xxx.xxx NT4SERVER
-> -> -> ->
-> -> -> -> Response: The NT server is not functioning as a WINS server.
-> -> -> -> The /etc/hosts and /etc/lmhosts already have the entry for
-> -> -> -> the NT server. The server can also resolve the NTSERVER_NAME
-> -> -> -> using DNS.
-> -> -> ->
-> -> -> -> I also used rpcclient to see if there any connection
-> -> -> -> problems, and it was able to connect just fine to the
-> -> -> -> NTSERVER. Thorougly confused.
-> -> -> ->
-> -> -> -> Any other ideas?
-> -> -> ->
-> -> -> -> Thanks for your response,
-> -> -> ->
-> -> -> -> Ash
-> -> -> ->
-> -> -> -> -
-> -> -> -> -> -----Original Message-----
-> -> -> -> -> From: Ashutosh Kamdar [mailto:akamdar at gnsi.com]
-> -> -> -> -> Sent: Thursday, April 14, 2005 12:58 AM
-> -> -> -> -> To: samba at lists.samba.org
-> -> -> -> -> Subject: [Samba] Unable to join samba server to a NT4
-> -> -> style domain
-> -> -> -> ->
-> -> -> -> ->
-> -> -> -> -> Hello,
-> -> -> -> ->
-> -> -> -> -> I have installed Samba version 3.0.13 on a
-> Solaris 9 machine
-> -> -> -> -> and am trying to add it to an existing NT domain
-> as a member
-> -> -> -> -> server. I have followed the instructions in
-> Chapter 2 of the
-> -> -> -> -> Samba HOW-TO collection for adding a samba server as
-> -> a Domain
-> -> -> -> -> member. The problem is that when i use the net rpc join
-> -> -> -> -> command to join the domain, I get the following error:
-> -> -> -> ->
-> -> -> -> -> # ./net rpc join -U administrator%'xxxxxxxx'
-> -> -> -> ->
-> -> -> -> -> Unable to find a suitable server
-> -> -> -> ->
-> -> -> -> -> Unable to find a suitable server
-> -> -> -> ->
-> -> -> -> -> Specifying the domain name with a -w switch or the
-> -> PDC doesnt
-> -> -> -> -> seem to help.
-> -> -> -> ->
-> -> -> -> -> Is there a way for me to see a detailed version
-> of the error
-> -> -> -> -> message or some log file where this is dumped to? I am
-> -> -> -> -> posting the smb.conf for reference. Please help
-> me resolve
-> -> -> -> -> this error.
-> -> -> -> ->
-> -> -> -> -> Thanks,
-> -> -> -> ->
-> -> -> -> -> Ash
-> -> -> -> ->
-> -> -> -> ->
-> -> -> ->
-> -> ->
-> ->
-> ----------------------------------8<----------------------------------
-> -> -> -> -> smb.conf
-> -> -> -> ->
-> -> -> -> -> [global]
-> -> -> -> -> dns proxy = no
-> -> -> -> -> debug timestamp = yes
-> -> -> -> -> encrypt passwords = yes
-> -> -> -> -> idmap gid = 15000-20000
-> -> -> -> -> socket options = TCP_NODELAY
-> -> -> -> -> max log size = 1024
-> -> -> -> -> password server = *
-> -> -> -> -> idmap uid = 15000-20000
-> -> -> -> -> debug level = 3
-> -> -> -> -> security = domain
-> -> -> -> -> server string = Samba Server
-> -> -> -> -> workgroup = MYWORKGROUP
-> -> -> -> -> log level = 3
-> -> -> -> -> log file = /usr/local/samba/var/log.%m
-> -> -> -> -> netbios name = MYSERVER
-> -> -> -> -> load printers = yes
-> -> -> -> -> os level = 33
-> -> -> -> -> default = share
-> -> -> -> -> [homes]
-> -> -> -> -> comment = Home Directories
-> -> -> -> -> valid users = %S
-> -> -> -> -> browseable = no
-> -> -> -> -> writable = yes
-> -> -> -> ->
-> -> -> -> -> [printers]
-> -> -> -> -> comment = All Printers
-> -> -> -> -> path = /usr/spool/samba
-> -> -> -> -> browseable = no
-> -> -> -> -> guest ok = no
-> -> -> -> -> writable = no
-> -> -> -> -> printable = yes
-> -> -> -> ->
-> -> -> -> -> [share]
-> -> -> -> -> path = /share
-> -> -> -> -> comment = Solaris share
-> -> -> -> -> valid users = @Accounts
-> -> -> -> -> guest ok = Yes
-> -> -> -> -> read only = No
-> -> -> -> ->
-> -> -> -> ->
-> -> -> ->
-> -> ->
-> ->
-> ----------------------------------8<----------------------------------
-> -> -> -> ->
-> -> -> -> ->
-> -> -> -> ->
-> -> -> -> -> --
-> -> -> -> -> To unsubscribe from this list go to the following URL
-> -> -> and read the
-> -> -> -> -> instructions:
-https://lists.samba.org/mailman/listinfo/samba
--> -> -> ->
--> -> -> -
--> -> ->
--> -> ->
--> -> -
--> ->
--> ->
--> -
-->
-->
--
-
-
More information about the samba
mailing list