[Samba] Can't join my domain
Bevan Agard
bevan at cdcga.gov.tt
Wed Mar 8 23:06:02 GMT 2006
OK I installed it and it did take care of the problem where the samba info
was not being added to the database.
However my original problem still remains.
When I try to join my XP Desktop to the domain using the interface on the
desktop I get the same error that states
"The following error occurred attempting to join the domain "CDCGA"
The user name could not be found "
I'm thinking the problems may have to do with my DDNS not working properly.
What do you think or am I just missing the boat?
In the World one must be able to
Adapt, and Evolve
Or run the risk of becoming EXTINCT
> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Friday, March 03, 2006 4:25 PM
> To: 'Bevan Agard'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
>
> Try this one...
>
> JT
>
> -----Original Message-----
> From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> Sent: Friday, March 03, 2006 11:39 AM
> To: 'James Taylor'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
>
> Here you go
>
> In the World one must be able to
> Adapt, and Evolve
> Or run the risk of becoming EXTINCT
>
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Friday, March 03, 2006 3:02 PM
> > To: 'Bevan Agard'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > Sorry I wasn't able to reply earlier.
> >
> > Can you send me a copy of your smbldap-useradd script? What is
> happening
> > is
> > that the script is not adding the sambaSAMAccount information to the
> > machine
> > account it is creating. The -w switch should add this information. It
> > could
> > be this script needs to be modified to make appropriate changes.
> >
> > JT
> >
> > -----Original Message-----
> > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > Sent: Thursday, March 02, 2006 6:44 AM
> > To: 'James Taylor'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > I have tried running smbldap-useradd with various switches however
> > objectClass: sambaSAMAccount
> > sambaSID: "domain sid"-xxx
> >
> > and any other sambaxxxx info only gets added if it is run with the -a
> > options which makes it a user not a machine.
> > I am using smbldap 0.9.1 with samba 3.0.14a-2
> >
> > I don't if anyone has experienced this before but any help would be
> > appreciated.
> >
> > I would really like to get this box set up as our PDC that would be able
> > to
> > do single sign-on and manage windows user accounts.
> >
> >
> > In the World one must be able to
> > Adapt, and Evolve
> > Or run the risk of becoming EXTINCT
> >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Wednesday, February 22, 2006 4:06 PM
> > > To: 'Bevan Agard'
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > Then that would be your problem... change your Add Machine Script...
> > >
> > > smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false
> '%m'
> > >
> > > Then try adding a new machine.
> > >
> > > JT
> > >
> > > -----Original Message-----
> > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > Sent: Wednesday, February 22, 2006 12:04 PM
> > > To: 'James Taylor'
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > >
> > >
> > > In the World one must be able to
> > > Adapt, and Evolve
> > > Or run the risk of becoming EXTINCT
> > >
> > > > -----Original Message-----
> > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > Sent: Wednesday, February 22, 2006 3:59 PM
> > > > To: 'Bevan Agard'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > > Does the LDAP Machine account include:
> > > > objectClass: sambaSAMAccount
> > > > sambaSID: "domain sid"-xxxx
> > > >
> > > > JT
> > > [Bevan Agard]
> > >
> > > Actually it does not. strange
> > > >
> > > > -----Original Message-----
> > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > Sent: Wednesday, February 22, 2006 11:53 AM
> > > > To: 'James Taylor'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > >
> > > >
> > > > In the World one must be able to
> > > > Adapt, and Evolve
> > > > Or run the risk of becoming EXTINCT
> > > >
> > > > > -----Original Message-----
> > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > Sent: Wednesday, February 22, 2006 3:04 PM
> > > > > To: 'Bevan Agard'
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > > When you are trying to join a system to your Domain are the
> computer
> > > > > accounts created in your LDAP Database as "machinename$" also with
> > the
> > > > > sambaSAMAccount information?
> > > > >
> > > > [Bevan Agard]
> > > > Yes the machine name gets added to the LDAP Database and I get an
> > error
> > > on
> > > > the windows box stating
> > > > "Cannot join Domain"
> > > > "User name not found"
> > > >
> > > >
> > > >
> > > > > What does your SAMBA "Add Machine Script" look like in your
> smb.conf
> > > > file?
> > > > >
> > > > > JT
> > > > [Bevan Agard]
> > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > > >
> > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > > Sent: Wednesday, February 22, 2006 11:00 AM
> > > > > To: 'James Taylor'; samba at lists.samba.org
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > >
> > > > >
> > > > > In the World one must be able to
> > > > > Adapt, and Evolve
> > > > > Or run the risk of becoming EXTINCT
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > > Sent: Wednesday, February 22, 2006 2:39 PM
> > > > > > To: 'Bevan Agard'; samba at lists.samba.org
> > > > > > Subject: RE: [Samba] Can't join my domain
> > > > > >
> > > > > > What do your Add Machine Scripts look like in Samba? Also, are
> > you
> > > > > using
> > > > > > the smbldap-tools from idealx?
> > > > > >
> > > > > [Bevan Agard]
> > > > >
> > > > > I am using the scripts from idealx.
> > > > >
> > > > > I followed the HOWTO on samba.org (Happy Users Ch 5)
> > > > >
> > > > >
> > > > > > JT
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > > > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org]
> > On
> > > > > Behalf
> > > > > > Of Bevan Agard
> > > > > > Sent: Wednesday, February 22, 2006 5:12 AM
> > > > > > To: samba at lists.samba.org
> > > > > > Subject: [Samba] Can't join my domain
> > > > > >
> > > > > > Guys and dolls,
> > > > > > Greetings, I hope you all are in good health, great spirits and
> > your
> > > > > > glasses
> > > > > > never empty.
> > > > > >
> > > > > > I have a samba, openldap question.
> > > > > >
> > > > > > I am trying to setup a FC-4 box to be a PDC for a small network
> of
> > > > about
> > > > > > 150
> > > > > > users. I was following the HOWTO on the SAMBA site. Everything
> > > seems
> > > > > to
> > > > > > be
> > > > > > fine however I cannot join the domain. I get the error "User
> name
> > > > could
> > > > > > not
> > > > > > be found." The error logs show that the login/password used to
> > join
> > > > the
> > > > > > domain was accpeted and correct. I decided to step back a bit
> to
> > > see
> > > > if
> > > > > > the
> > > > > > PDC could join the domain but also no luck. I got the following
> > > when
> > > > I
> > > > > > ran
> > > > > > the command
> > > > > >
> > > > > > [root at anansi ~]# net rpc join -d 3 -l -S PDC -U root
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916)
> > > > > > lp_load: refreshing parameters
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321)
> > > > > > Initialising global parameters
> > > > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573)
> > > > > > params.c:pm_process() - Processing configuration file
> > > > > > "/etc/samba/smb.conf"
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418)
> > > > > > Processing section "[global]"
> > > > > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159)
> > > > > > WARNING: The "min passwd length" option is deprecated
> > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > > added interface ip=10.50.0.20 bcast=10.50.255.255
> > > nmask=255.255.0.0
> > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > > added interface ip=127.0.0.1 bcast=127.255.255.255
> > nmask=255.0.0.0
> > > > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752)
> > > > > > resolve_wins: Attempting wins lookup for name PDC<0x20>
> > > > > > [2006/02/21 10:57:03, 3]
> > libsmb/namequery.c:name_resolve_bcast(694)
> > > > > > name_resolve_bcast: Attempting broadcast lookup for name
> > PDC<0x20>
> > > > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492)
> > > > > > Got a positive name query response from 10.50.0.20 (
> 10.50.0.20
> > )
> > > > > > [2006/02/21 10:57:03, 3]
> > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > > Connecting to host=PDC
> > > > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752)
> > > > > > Connecting to 10.50.0.20 at port 445
> > > > > > [2006/02/21 10:57:04, 3]
> > > > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
> > > > > > cli_nt_setup_creds: auth2 challenge failed
> > NT_STATUS_ACCESS_DENIED
> > > > > > [2006/02/21 10:57:04, 3]
> > > > > libsmb/trusts_util.c:just_change_the_password(43)
> > > > > > just_change_the_password: unable to setup creds
> > > > > > (NT_STATUS_ACCESS_DENIED)!
> > > > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138)
> > > > > > rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > > > > > Password:
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > > Connecting to host=PDC
> > > > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752)
> > > > > > Connecting to 10.50.0.20 at port 445
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(708)
> > > > > > Doing spnego session setup (blob length=58)
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(733)
> > > > > > got OID=1 3 6 1 4 1 311 2 2 10
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(740)
> > > > > > got principal=NONE
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
> > > > > > Got challenge flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > Got NTLMSSP neg_flags=0x60890215
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
> > > > > > NTLMSSP: Set final flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > Got NTLMSSP neg_flags=0x60080215
> > > > > > [2006/02/21 10:57:10, 3]
> > > libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> > > > > > NTLMSSP Sign/Seal - Initialising with flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > Got NTLMSSP neg_flags=0x60080215
> > > > > > [2006/02/21 10:57:10, 3]
> rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
> > > > > > lsa_io_sec_qos: length c does not match size 8
> > > > > > Creation of workstation account failed
> > > > > > Unable to join domain CDCGA.
> > > > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897)
> > > > > > return code = 1
> > > > > >
> > > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as
> of
> > > yet.
> > > > > >
> > > > > > Have any of you samba sensei seen anything like this or have an
> > > > > > suggestions
> > > > > > as to how to kick this trouble ticket out.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > >
> > > > > > In the World one must be able to
> > > > > >
> > > > > > Adapt, and Evolve
> > > > > >
> > > > > > Or run the risk of becoming EXTINCT
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and read
> the
> > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> >
> >
More information about the samba
mailing list