[Samba] Can't join my domain

Bevan Agard bevan at cdcga.gov.tt
Fri Mar 3 19:39:25 GMT 2006 

Here you go

In the World one must be able to 
Adapt, and Evolve 
Or run the risk of becoming EXTINCT

> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Friday, March 03, 2006 3:02 PM
> To: 'Bevan Agard'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> Sorry I wasn't able to reply earlier.
> 
> Can you send me a copy of your smbldap-useradd script?  What is happening
> is
> that the script is not adding the sambaSAMAccount information to the
> machine
> account it is creating. The -w switch should add this information.  It
> could
> be this script needs to be modified to make appropriate changes.
> 
> JT
> 
> -----Original Message-----
> From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> Sent: Thursday, March 02, 2006 6:44 AM
> To: 'James Taylor'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> I have tried running smbldap-useradd with various switches however
> objectClass: sambaSAMAccount
> sambaSID: "domain sid"-xxx
> 
> and any other sambaxxxx info only gets added if it is run with the -a
> options which makes it a user not a machine.
> I am using smbldap 0.9.1 with samba 3.0.14a-2
> 
> I don't if anyone has experienced this before but any help would be
> appreciated.
> 
> I would really like to get this box set up as our PDC that would be able
> to
> do single sign-on and manage windows user accounts.
> 
> 
> In the World one must be able to
> Adapt, and Evolve
> Or run the risk of becoming EXTINCT
> 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Wednesday, February 22, 2006 4:06 PM
> > To: 'Bevan Agard'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > Then that would be your problem... change your Add Machine Script...
> >
> > smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m'
> >
> > Then try adding a new machine.
> >
> > JT
> >
> > -----Original Message-----
> > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > Sent: Wednesday, February 22, 2006 12:04 PM
> > To: 'James Taylor'
> > Subject: RE: [Samba] Can't join my domain
> >
> >
> >
> > In the World one must be able to
> > Adapt, and Evolve
> > Or run the risk of becoming EXTINCT
> >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Wednesday, February 22, 2006 3:59 PM
> > > To: 'Bevan Agard'
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > Does the LDAP Machine account include:
> > > objectClass: sambaSAMAccount
> > > sambaSID: "domain sid"-xxxx
> > >
> > > JT
> > [Bevan Agard]
> >
> > Actually it does not.  strange
> > >
> > > -----Original Message-----
> > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > Sent: Wednesday, February 22, 2006 11:53 AM
> > > To: 'James Taylor'
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > >
> > >
> > > In the World one must be able to
> > > Adapt, and Evolve
> > > Or run the risk of becoming EXTINCT
> > >
> > > > -----Original Message-----
> > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > Sent: Wednesday, February 22, 2006 3:04 PM
> > > > To: 'Bevan Agard'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > > When you are trying to join a system to your Domain are the computer
> > > > accounts created in your LDAP Database as "machinename$" also with
> the
> > > > sambaSAMAccount information?
> > > >
> > > [Bevan Agard]
> > > Yes the machine name gets added to the LDAP Database and I get an
> error
> > on
> > > the windows box stating
> > > "Cannot join Domain"
> > > "User name not found"
> > >
> > >
> > >
> > > > What does your SAMBA "Add Machine Script" look like in your smb.conf
> > > file?
> > > >
> > > > JT
> > > [Bevan Agard]
> > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > >
> > >
> > > >
> > > > -----Original Message-----
> > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > Sent: Wednesday, February 22, 2006 11:00 AM
> > > > To: 'James Taylor'; samba at lists.samba.org
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > >
> > > >
> > > > In the World one must be able to
> > > > Adapt, and Evolve
> > > > Or run the risk of becoming EXTINCT
> > > >
> > > > > -----Original Message-----
> > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > Sent: Wednesday, February 22, 2006 2:39 PM
> > > > > To: 'Bevan Agard'; samba at lists.samba.org
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > > What do your Add Machine Scripts look like in Samba?  Also, are
> you
> > > > using
> > > > > the smbldap-tools from idealx?
> > > > >
> > > > [Bevan Agard]
> > > >
> > > > I am using the scripts from idealx.
> > > >
> > > > I followed the HOWTO on samba.org (Happy Users Ch 5)
> > > >
> > > >
> > > > > JT
> > > > >
> > > > > -----Original Message-----
> > > > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org]
> On
> > > > Behalf
> > > > > Of Bevan Agard
> > > > > Sent: Wednesday, February 22, 2006 5:12 AM
> > > > > To: samba at lists.samba.org
> > > > > Subject: [Samba] Can't join my domain
> > > > >
> > > > > Guys and dolls,
> > > > > Greetings, I hope you all are in good health, great spirits and
> your
> > > > > glasses
> > > > > never empty.
> > > > >
> > > > > I have a samba, openldap question.
> > > > >
> > > > > I am trying to setup a FC-4 box to be a PDC for a small network of
> > > about
> > > > > 150
> > > > > users.  I was following the HOWTO on the SAMBA site.  Everything
> > seems
> > > > to
> > > > > be
> > > > > fine however I cannot join the domain.  I get the error "User name
> > > could
> > > > > not
> > > > > be found." The error logs show that the login/password used to
> join
> > > the
> > > > > domain was accpeted and correct.  I decided to step back a bit to
> > see
> > > if
> > > > > the
> > > > > PDC could join the domain but also no luck.  I got the following
> > when
> > > I
> > > > > ran
> > > > > the command
> > > > >
> > > > > [root at anansi ~]# net rpc join -d 3 -l -S PDC -U root
> > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916)
> > > > >   lp_load: refreshing parameters
> > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321)
> > > > >   Initialising global parameters
> > > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573)
> > > > >   params.c:pm_process() - Processing configuration file
> > > > > "/etc/samba/smb.conf"
> > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418)
> > > > >   Processing section "[global]"
> > > > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159)
> > > > >   WARNING: The "min passwd length" option is deprecated
> > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > >   added interface ip=10.50.0.20 bcast=10.50.255.255
> > nmask=255.255.0.0
> > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > >   added interface ip=127.0.0.1 bcast=127.255.255.255
> nmask=255.0.0.0
> > > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752)
> > > > >   resolve_wins: Attempting wins lookup for name PDC<0x20>
> > > > > [2006/02/21 10:57:03, 3]
> libsmb/namequery.c:name_resolve_bcast(694)
> > > > >   name_resolve_bcast: Attempting broadcast lookup for name
> PDC<0x20>
> > > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492)
> > > > >   Got a positive name query response from 10.50.0.20 ( 10.50.0.20
> )
> > > > > [2006/02/21 10:57:03, 3]
> > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > >   Connecting to host=PDC
> > > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752)
> > > > >   Connecting to 10.50.0.20 at port 445
> > > > > [2006/02/21 10:57:04, 3]
> > > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
> > > > >   cli_nt_setup_creds: auth2 challenge failed
> NT_STATUS_ACCESS_DENIED
> > > > > [2006/02/21 10:57:04, 3]
> > > > libsmb/trusts_util.c:just_change_the_password(43)
> > > > >   just_change_the_password: unable to setup creds
> > > > > (NT_STATUS_ACCESS_DENIED)!
> > > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138)
> > > > >   rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > > > > Password:
> > > > > [2006/02/21 10:57:10, 3]
> > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > >   Connecting to host=PDC
> > > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752)
> > > > >   Connecting to 10.50.0.20 at port 445
> > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/cliconnect.c:cli_session_setup_spnego(708)
> > > > >   Doing spnego session setup (blob length=58)
> > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/cliconnect.c:cli_session_setup_spnego(733)
> > > > >   got OID=1 3 6 1 4 1 311 2 2 10
> > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/cliconnect.c:cli_session_setup_spnego(740)
> > > > >   got principal=NONE
> > > > > [2006/02/21 10:57:10, 3]
> > > libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
> > > > >   Got challenge flags:
> > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > >   Got NTLMSSP neg_flags=0x60890215
> > > > > [2006/02/21 10:57:10, 3]
> > > libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
> > > > >   NTLMSSP: Set final flags:
> > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > [2006/02/21 10:57:10, 3]
> > libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> > > > >   NTLMSSP Sign/Seal - Initialising with flags:
> > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
> > > > >   lsa_io_sec_qos: length c does not match size 8
> > > > > Creation of workstation account failed
> > > > > Unable to join domain CDCGA.
> > > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897)
> > > > >   return code = 1
> > > > >
> > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of
> > yet.
> > > > >
> > > > > Have any of you samba sensei seen anything like this or have an
> > > > > suggestions
> > > > > as to how to kick this trouble ticket out.
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > > >
> > > > > In the World one must be able to
> > > > >
> > > > > Adapt, and Evolve
> > > > >
> > > > > Or run the risk of becoming EXTINCT
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read the
> > > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> >
> 
>

More information about the samba mailing list