[Samba] Unable to join PDC to domain

mallapadi niranjan niranjan.ashok at gmail.com
Thu Dec 28 04:26:04 GMT 2006 

Hi all

I have installed Samba 3.0.23d and Fedora Directory Server version (
fedora-ds-1.0.4-1)
and created a primary domain controller with LDAP backed.
on a 64bit AMD System . My kernel Version is 2.6.9-34.EL

The problem i am facing is i am able to join windows clients to the domain,
the computer names are automatically
getting added in to OU=Computers in Fedora Directory server.
but i am unable to join my PDC (ie my samba server) to the domain . when i
use the
command
[root at pdc ~]#/usr/local/samba-3d/bin/net rpc info -U root%<root password>
Domain Name: EXAMPLE.COM
Domain SID: S-1-5-21-275967576-2527112200-1211998457
Sequence number: 1167279952
Num users: 3
Num domain groups: 4
Num local groups: 0

[root at pdc ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root password>
Creation of workstation account failed
Unable to join domain EXAMPLE.COM.

The following is the output when i increase the debug level of the net
command

[root at pdc ~]# /usr/local/samba-3d/bin/net rpc join -d 3 -U root%admin1234
[2006/12/28 09:59:29, 3] param/loadparm.c:lp_load(4945)
 lp_load: refreshing parameters
[2006/12/28 09:59:29, 3] param/loadparm.c:init_globals(1410)
  Initialising global parameters
[2006/12/28 09:59:29, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/usr/local/samba-3d/lib/smb.conf"
[2006/12/28 09:59:29, 3] param/loadparm.c:do_section(3687)
  Processing section "[global]"
[2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
  added interface ip=10.129.149.250 bcast=10.129.149.255 nmask=255.255.255.0
[2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
  Connecting to host=PDC
[2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.129.149.250 at port 445
[2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
returned ok.
[2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine PDC pipe \NETLOGON fnum 0x764d bind request
returned ok.
[2006/12/28 09:59:29, 3] libsmb/trusts_util.c:just_change_the_password(57)
  just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2006/12/28 09:59:29, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
  Connecting to host=PDC
[2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.129.149.250 at port 445
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721)
  Doing spnego session setup (blob length=58)
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)
  got OID=1 3 6 1 4 1 311 2 2 10
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754)
  got principal=NONE
[2006/12/28 09:59:29, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)
  Got challenge flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60890215
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)
  NTLMSSP: Set final flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/12/28 09:59:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
returned ok.
[2006/12/28 09:59:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine PDC pipe \samr fnum 0x764d bind request
returned ok.
Creation of workstation account failed
Unable to join domain EXAMPLE.COM.
[2006/12/28 09:59:30, 2] utils/net.c:main(988)
  return code = 1

The following is my smb.conf
#######################################smb.conf####################################
[global]

  workgroup = example.com
  netbios name = pdc
  passdb backend = ldapsam:ldap://example.com
  server string = Domain Controller
  security = user
  encrypt passwords = yes
  hosts allow = 10.129.149. 127.0.0.
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0,lo
  printing = cups
  disable spoolss = Yes
  printcap name = cups
  max print jobs = 100
  log level = 5
  #password level = 8
  #username level = 8
  bind interfaces only = yes
  local master = Yes
  os level = 33
  domain master = yes
  preferred master = yes
  null passwords = no
  hide unreadable = yes
  hide dot files = yes
  domain logons = yes
  logon script = %u.bat
  logon path =
  logon drive = X:
  logon home = \\pdc\%U
  wins support = yes
name resolve order = wins lmhosts host bcast
  #dns proxy = no
  time server = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  nt acl support = yes
  ldap passwd sync = yes
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  #add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=example,dc=com
  ldap admin dn = cn=Directory Manager
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap machine suffix = ou=Computers
  ldap timeout = 50
  map acl inherit = yes
  winbind use default domain = yes
  template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
   comment = Home Directories
   valid users = %S, root
   browseable = no
   read only = no
   nt acl support = Yes
[profiles]
  comment = Roaming Profiles
  path = /profiles
  browseable = no
  writeable = yes

[wpkg]
 comment = Windows Packager
 path = /wpkg
 read only = yes
 browseable = no

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /netlogon/scripts
   guest ok = yes
   browseable = yes
   write list = root
[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0600
   printable = yes
   use client driver = Yes
   browseable = Yes
#########################################################################################

Regards
Niranjan

More information about the samba mailing list