[Samba] Unable to join PDC to domain

Scott Ackerman lists at scott-ackerman.com
Thu Dec 28 13:40:16 GMT 2006 

Okay,

I have been a lurker for some time, so it is time to show my ignorance.
I thought that you could only have one (1) PDC in a Windows Domain. If
you are trying to join a Samba PDC to a domain that implies that the
other domain has a PDC already. Of course I could be full of it also.

mallapadi niranjan wrote:
> Hi all
>
> I have installed Samba 3.0.23d and Fedora Directory Server version (
> fedora-ds-1.0.4-1)
> and created a primary domain controller with LDAP backed.
> on a 64bit AMD System . My kernel Version is 2.6.9-34.EL
>
> The problem i am facing is i am able to join windows clients to the
> domain,
> the computer names are automatically
> getting added in to OU=Computers in Fedora Directory server.
> but i am unable to join my PDC (ie my samba server) to the domain .
> when i
> use the
> command
> [root at pdc ~]#/usr/local/samba-3d/bin/net rpc info -U root%<root password>
> Domain Name: EXAMPLE.COM
> Domain SID: S-1-5-21-275967576-2527112200-1211998457
> Sequence number: 1167279952
> Num users: 3
> Num domain groups: 4
> Num local groups: 0
>
> [root at pdc ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root password>
> Creation of workstation account failed
> Unable to join domain EXAMPLE.COM.
>
> The following is the output when i increase the debug level of the net
> command
>
> [root at pdc ~]# /usr/local/samba-3d/bin/net rpc join -d 3 -U root%admin1234
> [2006/12/28 09:59:29, 3] param/loadparm.c:lp_load(4945)
> lp_load: refreshing parameters
> [2006/12/28 09:59:29, 3] param/loadparm.c:init_globals(1410)
>  Initialising global parameters
> [2006/12/28 09:59:29, 3] param/params.c:pm_process(572)
>  params.c:pm_process() - Processing configuration file
> "/usr/local/samba-3d/lib/smb.conf"
> [2006/12/28 09:59:29, 3] param/loadparm.c:do_section(3687)
>  Processing section "[global]"
> [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
>  added interface ip=10.129.149.250 bcast=10.129.149.255
> nmask=255.255.255.0
> [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
>  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
>  Connecting to host=PDC
> [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
>  Connecting to 10.129.149.250 at port 445
> [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
> returned ok.
> [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>  rpc_pipe_bind: Remote machine PDC pipe \NETLOGON fnum 0x764d bind
> request
> returned ok.
> [2006/12/28 09:59:29, 3]
> libsmb/trusts_util.c:just_change_the_password(57)
>  just_change_the_password: unable to setup creds
> (NT_STATUS_ACCESS_DENIED)!
> [2006/12/28 09:59:29, 1] utils/net_rpc.c:run_rpc_command(170)
>  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
>  Connecting to host=PDC
> [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
>  Connecting to 10.129.149.250 at port 445
> [2006/12/28 09:59:29, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(721)
>  Doing spnego session setup (blob length=58)
> [2006/12/28 09:59:29, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(746)
>  got OID=1 3 6 1 4 1 311 2 2 10
> [2006/12/28 09:59:29, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(754)
>  got principal=NONE
> [2006/12/28 09:59:29, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)
>  Got challenge flags:
> [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>  Got NTLMSSP neg_flags=0x60890215
> [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)
>  NTLMSSP: Set final flags:
> [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>  Got NTLMSSP neg_flags=0x60080215
> [2006/12/28 09:59:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
>  NTLMSSP Sign/Seal - Initialising with flags:
> [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>  Got NTLMSSP neg_flags=0x60080215
> [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
> returned ok.
> [2006/12/28 09:59:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
>  lsa_io_sec_qos: length c does not match size 8
> [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>  rpc_pipe_bind: Remote machine PDC pipe \samr fnum 0x764d bind request
> returned ok.
> Creation of workstation account failed
> Unable to join domain EXAMPLE.COM.
> [2006/12/28 09:59:30, 2] utils/net.c:main(988)
>  return code = 1
>
> The following is my smb.conf
> #######################################smb.conf####################################
>
> [global]
>
>  workgroup = example.com
>  netbios name = pdc
>  passdb backend = ldapsam:ldap://example.com
>  server string = Domain Controller
>  security = user
>  encrypt passwords = yes
>  hosts allow = 10.129.149. 127.0.0.
>  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>  interfaces = eth0,lo
>  printing = cups
>  disable spoolss = Yes
>  printcap name = cups
>  max print jobs = 100
>  log level = 5
>  #password level = 8
>  #username level = 8
>  bind interfaces only = yes
>  local master = Yes
>  os level = 33
>  domain master = yes
>  preferred master = yes
>  null passwords = no
>  hide unreadable = yes
>  hide dot files = yes
>  domain logons = yes
>  logon script = %u.bat
>  logon path =
>  logon drive = X:
>  logon home = \\pdc\%U
>  wins support = yes
> name resolve order = wins lmhosts host bcast
>  #dns proxy = no
>  time server = yes
>  log file = /var/log/samba/%m.log
>  max log size = 50
>  nt acl support = yes
>  ldap passwd sync = yes
>  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>  delete user script = /usr/local/sbin/smbldap-userdel "%u"
>  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>  #add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
>  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> "%g"
>  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
>  ldap delete dn = Yes
>  ldap ssl = no
>  ldap suffix = dc=example,dc=com
>  ldap admin dn = cn=Directory Manager
>  ldap group suffix = ou=Groups
>  ldap user suffix = ou=People
>  ldap machine suffix = ou=Computers
>  ldap timeout = 50
>  map acl inherit = yes
>  winbind use default domain = yes
>  template shell = /bin/false
> ######################################################[Share
> Definations]###########################################
> [homes]
>   comment = Home Directories
>   valid users = %S, root
>   browseable = no
>   read only = no
>   nt acl support = Yes
> [profiles]
>  comment = Roaming Profiles
>  path = /profiles
>  browseable = no
>  writeable = yes
>
> [wpkg]
> comment = Windows Packager
> path = /wpkg
> read only = yes
> browseable = no
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
>   comment = Network Logon Service
>   path = /netlogon/scripts
>   guest ok = yes
>   browseable = yes
>   write list = root
> [printers]
>   comment = All Printers
>   path = /var/spool/samba
>   create mask = 0600
>   printable = yes
>   use client driver = Yes
>   browseable = Yes
> #########################################################################################
>
>
> Regards
> Niranjan

-- 
Scott B. Ackerman
1212 Baker Street
Fort Collins, Colorado 80524
970-231-9035
www.scott-ackerman.com


"Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris

More information about the samba mailing list