[Samba] Rejoining Computers to the domain

mallapadi niranjan niranjan.ashok at gmail.com
Sat Feb 18 06:08:31 GMT 2006


Hi Josh

As you have suggested my Computer Accounts have the following object
classes. and RID is also uid*2+1000.

dn: uid=comp07$,ou=Computers,dc=msdpl,dc=com
*objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
*cn: comp07$
sn: comp07$
uid: comp07$
uidNumber: *1037
*gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-3963901886-956592875-555457773-*3074*
sambaPrimaryGroupSID: S-1-5-21-3963901886-956592875-555457773-515
displayName: comp07$
sambaPwdCanChange: 0
sambaAcctFlags: [W          ]

The above information is when the computer is joined to the domain and works
properly.
But when if my pdc gets shut down abruptly , the above information regarding
the computer account is same.
but the computer gives  the error that "the computer name is missing in the
domain".

I get the following errors
1.) _net_sam_logon: creds_server_setup failed. Rejecting auth request from
client comp07 machine
2.) _net_auth2: creds_server_check failed, Rejecting auth request from
client comp07 machine account comp07

The error 2 gets repeated whenever the user logon's request from that
computer, ie the error 2 repeats always even when the computer is joined to
the domain. and working properly.


I get the following messges in /var/log/messages, when the PDC is running
and all my clients are joined , what does these messages mean, i don't know.

1. smbd. api_samr_set_userinfo: unable to marshall SAMR_Q_SET_USERINFO.

2. getpeername failed. error was transport end pt. is not connected.

My samba version is 3.0.21, and smbldap-tools version is 0.9 and slapd
version is
openldap: slapd 2.2.13

Regards
Niranjan




On 2/17/06, Josh Kelley <joshkel at gmail.com> wrote:
>
> On 2/16/06, mallapadi niranjan <niranjan.ashok at gmail.com> wrote:
> > I have a query, I have a samba 3.0.21 with openldap, all my windows
> clients
> > are joined to PDC.
> > but suddenly  now , all my windows clients uanble to login
> >  but when i do getent passwd on the server , i could see all my computer
> > accounts . even
> > when i do ldapsearch -x -b "ou=Computers,dc=msdpl,dc=com" , i could see
> the
> > list of computer account names
> > but my windows clients report error message that " the compter name is
> > missing from the domain" .
> > all the systems had to rejoin to the domain. even having the computer
> > account names in the ldap database.
>
> Check that the computer accounts in LDAP have the appropriate Samba
> object class and attributes.  (In other words, check that they're not
> just POSIX accounts.)
>
> Check that their RIDs are correct.  Under the default setup, I think,
> a user account's RID = uid * 2 + 1000.
>
> Try turning up the log level to see if that gives any more information.
>
> Josh Kelley
>


More information about the samba mailing list