[Samba] Unable to join PDC to domain
mallapadi niranjan
niranjan.ashok at gmail.com
Thu Dec 28 04:26:04 GMT 2006
Hi all
I have installed Samba 3.0.23d and Fedora Directory Server version (
fedora-ds-1.0.4-1)
and created a primary domain controller with LDAP backed.
on a 64bit AMD System . My kernel Version is 2.6.9-34.EL
The problem i am facing is i am able to join windows clients to the domain,
the computer names are automatically
getting added in to OU=Computers in Fedora Directory server.
but i am unable to join my PDC (ie my samba server) to the domain . when i
use the
command
[root at pdc ~]#/usr/local/samba-3d/bin/net rpc info -U root%<root password>
Domain Name: EXAMPLE.COM
Domain SID: S-1-5-21-275967576-2527112200-1211998457
Sequence number: 1167279952
Num users: 3
Num domain groups: 4
Num local groups: 0
[root at pdc ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root password>
Creation of workstation account failed
Unable to join domain EXAMPLE.COM.
The following is the output when i increase the debug level of the net
command
[root at pdc ~]# /usr/local/samba-3d/bin/net rpc join -d 3 -U root%admin1234
[2006/12/28 09:59:29, 3] param/loadparm.c:lp_load(4945)
lp_load: refreshing parameters
[2006/12/28 09:59:29, 3] param/loadparm.c:init_globals(1410)
Initialising global parameters
[2006/12/28 09:59:29, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/usr/local/samba-3d/lib/smb.conf"
[2006/12/28 09:59:29, 3] param/loadparm.c:do_section(3687)
Processing section "[global]"
[2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
added interface ip=10.129.149.250 bcast=10.129.149.255 nmask=255.255.255.0
[2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host=PDC
[2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.129.149.250 at port 445
[2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
returned ok.
[2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine PDC pipe \NETLOGON fnum 0x764d bind request
returned ok.
[2006/12/28 09:59:29, 3] libsmb/trusts_util.c:just_change_the_password(57)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2006/12/28 09:59:29, 1] utils/net_rpc.c:run_rpc_command(170)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host=PDC
[2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.129.149.250 at port 445
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721)
Doing spnego session setup (blob length=58)
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)
got OID=1 3 6 1 4 1 311 2 2 10
[2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754)
got principal=NONE
[2006/12/28 09:59:29, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)
Got challenge flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60890215
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)
NTLMSSP: Set final flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
[2006/12/28 09:59:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
[2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
returned ok.
[2006/12/28 09:59:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
lsa_io_sec_qos: length c does not match size 8
[2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine PDC pipe \samr fnum 0x764d bind request
returned ok.
Creation of workstation account failed
Unable to join domain EXAMPLE.COM.
[2006/12/28 09:59:30, 2] utils/net.c:main(988)
return code = 1
The following is my smb.conf
#######################################smb.conf####################################
[global]
workgroup = example.com
netbios name = pdc
passdb backend = ldapsam:ldap://example.com
server string = Domain Controller
security = user
encrypt passwords = yes
hosts allow = 10.129.149. 127.0.0.
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0,lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
log level = 5
#password level = 8
#username level = 8
bind interfaces only = yes
local master = Yes
os level = 33
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon path =
logon drive = X:
logon home = \\pdc\%U
wins support = yes
name resolve order = wins lmhosts host bcast
#dns proxy = no
time server = yes
log file = /var/log/samba/%m.log
max log size = 50
nt acl support = yes
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=example,dc=com
ldap admin dn = cn=Directory Manager
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap timeout = 50
map acl inherit = yes
winbind use default domain = yes
template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
comment = Home Directories
valid users = %S, root
browseable = no
read only = no
nt acl support = Yes
[profiles]
comment = Roaming Profiles
path = /profiles
browseable = no
writeable = yes
[wpkg]
comment = Windows Packager
path = /wpkg
read only = yes
browseable = no
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /netlogon/scripts
guest ok = yes
browseable = yes
write list = root
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0600
printable = yes
use client driver = Yes
browseable = Yes
#########################################################################################
Regards
Niranjan
More information about the samba
mailing list