[Samba] Can't join my domain

James Taylor jtaylor at laszlosystems.com
Wed Feb 22 20:06:20 GMT 2006


Then that would be your problem... change your Add Machine Script...

smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m'

Then try adding a new machine.

JT

-----Original Message-----
From: Bevan Agard [mailto:bevan at cdcga.gov.tt] 
Sent: Wednesday, February 22, 2006 12:04 PM
To: 'James Taylor'
Subject: RE: [Samba] Can't join my domain



In the World one must be able to 
Adapt, and Evolve 
Or run the risk of becoming EXTINCT

> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Wednesday, February 22, 2006 3:59 PM
> To: 'Bevan Agard'
> Subject: RE: [Samba] Can't join my domain
> 
> Does the LDAP Machine account include:
> objectClass: sambaSAMAccount
> sambaSID: "domain sid"-xxxx
> 
> JT
[Bevan Agard] 

Actually it does not.  strange
> 
> -----Original Message-----
> From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> Sent: Wednesday, February 22, 2006 11:53 AM
> To: 'James Taylor'
> Subject: RE: [Samba] Can't join my domain
> 
> 
> 
> In the World one must be able to
> Adapt, and Evolve
> Or run the risk of becoming EXTINCT
> 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Wednesday, February 22, 2006 3:04 PM
> > To: 'Bevan Agard'
> > Subject: RE: [Samba] Can't join my domain
> >
> > When you are trying to join a system to your Domain are the computer
> > accounts created in your LDAP Database as "machinename$" also with the
> > sambaSAMAccount information?
> >
> [Bevan Agard]
> Yes the machine name gets added to the LDAP Database and I get an error on
> the windows box stating
> "Cannot join Domain"
> "User name not found"
> 
> 
> 
> > What does your SAMBA "Add Machine Script" look like in your smb.conf
> file?
> >
> > JT
> [Bevan Agard]
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> 
> 
> >
> > -----Original Message-----
> > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > Sent: Wednesday, February 22, 2006 11:00 AM
> > To: 'James Taylor'; samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> >
> >
> > In the World one must be able to
> > Adapt, and Evolve
> > Or run the risk of becoming EXTINCT
> >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Wednesday, February 22, 2006 2:39 PM
> > > To: 'Bevan Agard'; samba at lists.samba.org
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > What do your Add Machine Scripts look like in Samba?  Also, are you
> > using
> > > the smbldap-tools from idealx?
> > >
> > [Bevan Agard]
> >
> > I am using the scripts from idealx.
> >
> > I followed the HOWTO on samba.org (Happy Users Ch 5)
> >
> >
> > > JT
> > >
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
> > Behalf
> > > Of Bevan Agard
> > > Sent: Wednesday, February 22, 2006 5:12 AM
> > > To: samba at lists.samba.org
> > > Subject: [Samba] Can't join my domain
> > >
> > > Guys and dolls,
> > > Greetings, I hope you all are in good health, great spirits and your
> > > glasses
> > > never empty.
> > >
> > > I have a samba, openldap question.
> > >
> > > I am trying to setup a FC-4 box to be a PDC for a small network of
> about
> > > 150
> > > users.  I was following the HOWTO on the SAMBA site.  Everything seems
> > to
> > > be
> > > fine however I cannot join the domain.  I get the error "User name
> could
> > > not
> > > be found." The error logs show that the login/password used to join
> the
> > > domain was accpeted and correct.  I decided to step back a bit to see
> if
> > > the
> > > PDC could join the domain but also no luck.  I got the following when
> I
> > > ran
> > > the command
> > >
> > > [root at anansi ~]# net rpc join -d 3 -l -S PDC -U root
> > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916)
> > >   lp_load: refreshing parameters
> > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321)
> > >   Initialising global parameters
> > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573)
> > >   params.c:pm_process() - Processing configuration file
> > > "/etc/samba/smb.conf"
> > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418)
> > >   Processing section "[global]"
> > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159)
> > >   WARNING: The "min passwd length" option is deprecated
> > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > >   added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0
> > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > >   added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752)
> > >   resolve_wins: Attempting wins lookup for name PDC<0x20>
> > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694)
> > >   name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20>
> > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492)
> > >   Got a positive name query response from 10.50.0.20 ( 10.50.0.20 )
> > > [2006/02/21 10:57:03, 3]
> libsmb/cliconnect.c:cli_start_connection(1406)
> > >   Connecting to host=PDC
> > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752)
> > >   Connecting to 10.50.0.20 at port 445
> > > [2006/02/21 10:57:04, 3]
> > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
> > >   cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
> > > [2006/02/21 10:57:04, 3]
> > libsmb/trusts_util.c:just_change_the_password(43)
> > >   just_change_the_password: unable to setup creds
> > > (NT_STATUS_ACCESS_DENIED)!
> > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138)
> > >   rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > > Password:
> > > [2006/02/21 10:57:10, 3]
> libsmb/cliconnect.c:cli_start_connection(1406)
> > >   Connecting to host=PDC
> > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752)
> > >   Connecting to 10.50.0.20 at port 445
> > > [2006/02/21 10:57:10, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(708)
> > >   Doing spnego session setup (blob length=58)
> > > [2006/02/21 10:57:10, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(733)
> > >   got OID=1 3 6 1 4 1 311 2 2 10
> > > [2006/02/21 10:57:10, 3]
> > libsmb/cliconnect.c:cli_session_setup_spnego(740)
> > >   got principal=NONE
> > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
> > >   Got challenge flags:
> > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > >   Got NTLMSSP neg_flags=0x60890215
> > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
> > >   NTLMSSP: Set final flags:
> > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > >   Got NTLMSSP neg_flags=0x60080215
> > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> > >   NTLMSSP Sign/Seal - Initialising with flags:
> > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > >   Got NTLMSSP neg_flags=0x60080215
> > > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
> > >   lsa_io_sec_qos: length c does not match size 8
> > > Creation of workstation account failed
> > > Unable to join domain CDCGA.
> > > [2006/02/21 10:57:12, 2] utils/net.c:main(897)
> > >   return code = 1
> > >
> > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet.
> > >
> > > Have any of you samba sensei seen anything like this or have an
> > > suggestions
> > > as to how to kick this trouble ticket out.
> > >
> > > Thanks
> > >
> > >
> > >
> > > In the World one must be able to
> > >
> > > Adapt, and Evolve
> > >
> > > Or run the risk of becoming EXTINCT
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 





More information about the samba mailing list