[Samba] problem joining computer to domain

Tony Austin nsswitch at gigaday.com
Tue Nov 22 13:49:10 GMT 2005

> Tony Austin wrote:
>>I cannot join my WinXP workstation computers to the Samba domain.  Using
the Computer Name / Change on the XP computer gives me an error saying
that the username or password is incorrect - except very occasionally
>> when
>>it works although I do nothing different!
>>I have noticed that on when it works there is a machine record set up in
LDAP with Samba data as follows:-
>>dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk
>>uid: leem-q4hw$
>>sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090
>>sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107
displayName: leem-q4hw$
>>objectClass: sambaSamAccount
>>objectClass: account
>>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk
>>createTimestamp: 20051109143944Z
>>sambaPwdCanChange: 1131547184
>>sambaPwdMustChange: 2147483647
>>sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B
>>sambaPwdLastSet: 1131547184
>>sambaAcctFlags: [W          ]
>>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk
>>modifyTimestamp: 20051109143944Z
>>But the rest of the time, when it doesn't work, I get an LDAP entry
without any Samba data like this:-
>>dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk
>>objectClass: top
>>objectClass: inetOrgPerson
>>objectClass: posixAccount
>>cn: commaint-df398$
>>sn: commaint-df398$
>>uid: commaint-df398$
>>uidNumber: 1046
>>gidNumber: 553
>>homeDirectory: /dev/null
>>loginShell: /bin/false
>>description: Computer
>>creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk
>>createTimestamp: 20051116130633Z
>>modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk
>>modifyTimestamp: 20051116130633Z
>>I have experimented with various combinations of
>>root# ./smbldap-useradd -a -w compname$
>>to see if I can get the record set up with the Samba data, but no luck.
I now have 2 servers both of which show the same symptom.
> Hi Tony,
>           Recently I have come across your problem though i have a
> similar setup running on different server for a different domain. There
are two things that I have observed causing this problem:
>           1) When the smb & nmb server is restarted too many times teh
> database is getting corrupted. So, I have deleted the samba files frm
the /var/spool/samba before restarting the service and added the
administrator (root in my case) again.
>             2) For a weird reason the administrator is not added to the
> smb backend database.
> I am using the OpenLDAP backend, and so the password must be added to
the secrets.tdb using smbpasswd -w yourpassword (must be ldap binddn
password). Also, check the log.smbd and log.<your client computer name>,
that helps a lot in narrowing the problem.
> cheers,
> pavan.
> --
> Pavan Krishna L

I checked these points, but I don't think it is the cause of the problem
in my case.

I start by making sure the machine record does not exist in LDAP:-

[root at phoenix-srv1 sbin]# ./smbldap-usershow.pl winxp$
./smbldap-usershow.pl: user winxp$ doesn't exist

I then use the Wizard on machine winxp, entering Administrator as the
username and giving the correct password Windows responds "unknown
username or bad password" and /var/log/samba/winxp shows:-

[2005/11/22 13:36:02, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516)
  ldapsam_modify_entry: Failed to add user dn=
uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com with: Already exists

[2005/11/22 13:36:02, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1948)
  ldapsam_add_sam_account: failed to modify/add user with uid = winxp$ (dn
= uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com)
[2005/11/22 13:36:02, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
  could not add user/computer winxp$ to passdb.  Check permissions?

and an entry is added to LDAP:-

[root at phoenix-srv1 sbin]# ./smbldap-usershow.pl winxp$
dn: uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com
objectClass: top,inetOrgPerson,posixAccount
cn: winxp$
sn: winxp$
uid: winxp$
uidNumber: 1001
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer

Using the Change Name button in Windows gives exactly the same results.

Both Windows and Samba seem to be complaining about permissions.

Where should I be looking?


More information about the samba mailing list