[Samba] Unable to join PDC to domain

mallapadi niranjan niranjan.ashok at gmail.com
Fri Dec 29 04:20:23 GMT 2006 

hi  scott

Sorry i could not get you. I am trying to join the samba pdc to the same
domain to which samba is configured.
ok i have also tried to configure another linux system as BDC with Fedora
directory server (replication from master ldap server ie Fedora Directory
server). i get the same error
 [root at bdc ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root password>
 Creation of workstation account failed
 Unable to join domain EXAMPLE.COM.


Regards
Niranjan


On 12/28/06, Scott Ackerman <lists at scott-ackerman.com> wrote:
>
> Okay,
>
> I have been a lurker for some time, so it is time to show my ignorance.
> I thought that you could only have one (1) PDC in a Windows Domain. If
> you are trying to join a Samba PDC to a domain that implies that the
> other domain has a PDC already. Of course I could be full of it also.
>
> mallapadi niranjan wrote:
> > Hi all
> >
> > I have installed Samba 3.0.23d and Fedora Directory Server version (
> > fedora-ds-1.0.4-1)
> > and created a primary domain controller with LDAP backed.
> > on a 64bit AMD System . My kernel Version is 2.6.9-34.EL
> >
> > The problem i am facing is i am able to join windows clients to the
> > domain,
> > the computer names are automatically
> > getting added in to OU=Computers in Fedora Directory server.
> > but i am unable to join my PDC (ie my samba server) to the domain .
> > when i
> > use the
> > command
> > [root at pdc ~]#/usr/local/samba-3d/bin/net rpc info -U root%<root
> password>
> > Domain Name: EXAMPLE.COM
> > Domain SID: S-1-5-21-275967576-2527112200-1211998457
> > Sequence number: 1167279952
> > Num users: 3
> > Num domain groups: 4
> > Num local groups: 0
> >
> > [root at pdc ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root
> password>
> > Creation of workstation account failed
> > Unable to join domain EXAMPLE.COM.
> >
> > The following is the output when i increase the debug level of the net
> > command
> >
> > [root at pdc ~]# /usr/local/samba-3d/bin/net rpc join -d 3 -U
> root%admin1234
> > [2006/12/28 09:59:29, 3] param/loadparm.c:lp_load(4945)
> > lp_load: refreshing parameters
> > [2006/12/28 09:59:29, 3] param/loadparm.c:init_globals(1410)
> >  Initialising global parameters
> > [2006/12/28 09:59:29, 3] param/params.c:pm_process(572)
> >  params.c:pm_process() - Processing configuration file
> > "/usr/local/samba-3d/lib/smb.conf"
> > [2006/12/28 09:59:29, 3] param/loadparm.c:do_section(3687)
> >  Processing section "[global]"
> > [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
> >  added interface ip=10.129.149.250 bcast=10.129.149.255
> > nmask=255.255.255.0
> > [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81)
> >  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> > [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
> >  Connecting to host=PDC
> > [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
> >  Connecting to 10.129.149.250 at port 445
> > [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> >  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
> > returned ok.
> > [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> >  rpc_pipe_bind: Remote machine PDC pipe \NETLOGON fnum 0x764d bind
> > request
> > returned ok.
> > [2006/12/28 09:59:29, 3]
> > libsmb/trusts_util.c:just_change_the_password(57)
> >  just_change_the_password: unable to setup creds
> > (NT_STATUS_ACCESS_DENIED)!
> > [2006/12/28 09:59:29, 1] utils/net_rpc.c:run_rpc_command(170)
> >  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426)
> >  Connecting to host=PDC
> > [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874)
> >  Connecting to 10.129.149.250 at port 445
> > [2006/12/28 09:59:29, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(721)
> >  Doing spnego session setup (blob length=58)
> > [2006/12/28 09:59:29, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(746)
> >  got OID=1 3 6 1 4 1 311 2 2 10
> > [2006/12/28 09:59:29, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(754)
> >  got principal=NONE
> > [2006/12/28 09:59:29, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)
> >  Got challenge flags:
> > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> >  Got NTLMSSP neg_flags=0x60890215
> > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)
> >  NTLMSSP: Set final flags:
> > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> >  Got NTLMSSP neg_flags=0x60080215
> > [2006/12/28 09:59:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
> >  NTLMSSP Sign/Seal - Initialising with flags:
> > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> >  Got NTLMSSP neg_flags=0x60080215
> > [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> >  rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request
> > returned ok.
> > [2006/12/28 09:59:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
> >  lsa_io_sec_qos: length c does not match size 8
> > [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> >  rpc_pipe_bind: Remote machine PDC pipe \samr fnum 0x764d bind request
> > returned ok.
> > Creation of workstation account failed
> > Unable to join domain EXAMPLE.COM.
> > [2006/12/28 09:59:30, 2] utils/net.c:main(988)
> >  return code = 1
> >
> > The following is my smb.conf
> >
> #######################################smb.conf####################################
> >
> > [global]
> >
> >  workgroup = example.com
> >  netbios name = pdc
> >  passdb backend = ldapsam:ldap://example.com
> >  server string = Domain Controller
> >  security = user
> >  encrypt passwords = yes
> >  hosts allow = 10.129.149. 127.0.0.
> >  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >  interfaces = eth0,lo
> >  printing = cups
> >  disable spoolss = Yes
> >  printcap name = cups
> >  max print jobs = 100
> >  log level = 5
> >  #password level = 8
> >  #username level = 8
> >  bind interfaces only = yes
> >  local master = Yes
> >  os level = 33
> >  domain master = yes
> >  preferred master = yes
> >  null passwords = no
> >  hide unreadable = yes
> >  hide dot files = yes
> >  domain logons = yes
> >  logon script = %u.bat
> >  logon path =
> >  logon drive = X:
> >  logon home = \\pdc\%U
> >  wins support = yes
> > name resolve order = wins lmhosts host bcast
> >  #dns proxy = no
> >  time server = yes
> >  log file = /var/log/samba/%m.log
> >  max log size = 50
> >  nt acl support = yes
> >  ldap passwd sync = yes
> >  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> >  delete user script = /usr/local/sbin/smbldap-userdel "%u"
> >  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
> >  #add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> >  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> >  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
> "%g"
> >  delete user from group script = /usr/local/sbin/smbldap-groupmod -x
> "%u"
> > "%g"
> >  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
> >  ldap delete dn = Yes
> >  ldap ssl = no
> >  ldap suffix = dc=example,dc=com
> >  ldap admin dn = cn=Directory Manager
> >  ldap group suffix = ou=Groups
> >  ldap user suffix = ou=People
> >  ldap machine suffix = ou=Computers
> >  ldap timeout = 50
> >  map acl inherit = yes
> >  winbind use default domain = yes
> >  template shell = /bin/false
> > ######################################################[Share
> > Definations]###########################################
> > [homes]
> >   comment = Home Directories
> >   valid users = %S, root
> >   browseable = no
> >   read only = no
> >   nt acl support = Yes
> > [profiles]
> >  comment = Roaming Profiles
> >  path = /profiles
> >  browseable = no
> >  writeable = yes
> >
> > [wpkg]
> > comment = Windows Packager
> > path = /wpkg
> > read only = yes
> > browseable = no
> >
> > # Un-comment the following and create the netlogon directory for Domain
> > Logons
> > [netlogon]
> >   comment = Network Logon Service
> >   path = /netlogon/scripts
> >   guest ok = yes
> >   browseable = yes
> >   write list = root
> > [printers]
> >   comment = All Printers
> >   path = /var/spool/samba
> >   create mask = 0600
> >   printable = yes
> >   use client driver = Yes
> >   browseable = Yes
> >
> #########################################################################################
> >
> >
> > Regards
> > Niranjan
>
> --
> Scott B. Ackerman
> 1212 Baker Street
> Fort Collins, Colorado 80524
> 970-231-9035
> www.scott-ackerman.com
>
>
> "Every improvement in the standard of work men do is followed swiftly and
> inevitably by an improvement in the men who do it" - William Morris
>
>

More information about the samba mailing list