[Samba] Can't join my domain

James Taylor jtaylor at laszlosystems.com
Thu Mar 9 18:37:01 GMT 2006


The first time you try to join the Domain the computer account gets created.
Try it once more after the computer account is created and it should work.

JT

-----Original Message-----
From: Bevan Agard [mailto:bevan at cdcga.gov.tt] 
Sent: Wednesday, March 08, 2006 3:06 PM
To: 'James Taylor'
Cc: samba at lists.samba.org
Subject: RE: [Samba] Can't join my domain

OK I installed it and it did take care of the problem where the samba info
was not being added to the database.

However my original problem still remains.

When I try to join my XP Desktop to the domain using the interface on the
desktop I get the same error that states 

"The following error occurred attempting to join the domain "CDCGA" 
The user name could not be found "

I'm thinking the problems may have to do with my DDNS not working properly.
What do you think or am I just missing the boat?



In the World one must be able to 
Adapt, and Evolve 
Or run the risk of becoming EXTINCT

> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Friday, March 03, 2006 4:25 PM
> To: 'Bevan Agard'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> Try this one...
> 
> JT
> 
> -----Original Message-----
> From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> Sent: Friday, March 03, 2006 11:39 AM
> To: 'James Taylor'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> Here you go
> 
> In the World one must be able to
> Adapt, and Evolve
> Or run the risk of becoming EXTINCT
> 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Friday, March 03, 2006 3:02 PM
> > To: 'Bevan Agard'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > Sorry I wasn't able to reply earlier.
> >
> > Can you send me a copy of your smbldap-useradd script?  What is
> happening
> > is
> > that the script is not adding the sambaSAMAccount information to the
> > machine
> > account it is creating. The -w switch should add this information.  It
> > could
> > be this script needs to be modified to make appropriate changes.
> >
> > JT
> >
> > -----Original Message-----
> > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > Sent: Thursday, March 02, 2006 6:44 AM
> > To: 'James Taylor'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > I have tried running smbldap-useradd with various switches however
> > objectClass: sambaSAMAccount
> > sambaSID: "domain sid"-xxx
> >
> > and any other sambaxxxx info only gets added if it is run with the -a
> > options which makes it a user not a machine.
> > I am using smbldap 0.9.1 with samba 3.0.14a-2
> >
> > I don't if anyone has experienced this before but any help would be
> > appreciated.
> >
> > I would really like to get this box set up as our PDC that would be able
> > to
> > do single sign-on and manage windows user accounts.
> >
> >
> > In the World one must be able to
> > Adapt, and Evolve
> > Or run the risk of becoming EXTINCT
> >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Wednesday, February 22, 2006 4:06 PM
> > > To: 'Bevan Agard'
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > Then that would be your problem... change your Add Machine Script...
> > >
> > > smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false
> '%m'
> > >
> > > Then try adding a new machine.
> > >
> > > JT
> > >
> > > -----Original Message-----
> > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > Sent: Wednesday, February 22, 2006 12:04 PM
> > > To: 'James Taylor'
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > >
> > >
> > > In the World one must be able to
> > > Adapt, and Evolve
> > > Or run the risk of becoming EXTINCT
> > >
> > > > -----Original Message-----
> > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > Sent: Wednesday, February 22, 2006 3:59 PM
> > > > To: 'Bevan Agard'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > > Does the LDAP Machine account include:
> > > > objectClass: sambaSAMAccount
> > > > sambaSID: "domain sid"-xxxx
> > > >
> > > > JT
> > > [Bevan Agard]
> > >
> > > Actually it does not.  strange
> > > >
> > > > -----Original Message-----
> > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > Sent: Wednesday, February 22, 2006 11:53 AM
> > > > To: 'James Taylor'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > >
> > > >
> > > > In the World one must be able to
> > > > Adapt, and Evolve
> > > > Or run the risk of becoming EXTINCT
> > > >
> > > > > -----Original Message-----
> > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > Sent: Wednesday, February 22, 2006 3:04 PM
> > > > > To: 'Bevan Agard'
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > > When you are trying to join a system to your Domain are the
> computer
> > > > > accounts created in your LDAP Database as "machinename$" also with
> > the
> > > > > sambaSAMAccount information?
> > > > >
> > > > [Bevan Agard]
> > > > Yes the machine name gets added to the LDAP Database and I get an
> > error
> > > on
> > > > the windows box stating
> > > > "Cannot join Domain"
> > > > "User name not found"
> > > >
> > > >
> > > >
> > > > > What does your SAMBA "Add Machine Script" look like in your
> smb.conf
> > > > file?
> > > > >
> > > > > JT
> > > > [Bevan Agard]
> > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > > >
> > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > > Sent: Wednesday, February 22, 2006 11:00 AM
> > > > > To: 'James Taylor'; samba at lists.samba.org
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > >
> > > > >
> > > > > In the World one must be able to
> > > > > Adapt, and Evolve
> > > > > Or run the risk of becoming EXTINCT
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > > Sent: Wednesday, February 22, 2006 2:39 PM
> > > > > > To: 'Bevan Agard'; samba at lists.samba.org
> > > > > > Subject: RE: [Samba] Can't join my domain
> > > > > >
> > > > > > What do your Add Machine Scripts look like in Samba?  Also, are
> > you
> > > > > using
> > > > > > the smbldap-tools from idealx?
> > > > > >
> > > > > [Bevan Agard]
> > > > >
> > > > > I am using the scripts from idealx.
> > > > >
> > > > > I followed the HOWTO on samba.org (Happy Users Ch 5)
> > > > >
> > > > >
> > > > > > JT
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > > > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org]
> > On
> > > > > Behalf
> > > > > > Of Bevan Agard
> > > > > > Sent: Wednesday, February 22, 2006 5:12 AM
> > > > > > To: samba at lists.samba.org
> > > > > > Subject: [Samba] Can't join my domain
> > > > > >
> > > > > > Guys and dolls,
> > > > > > Greetings, I hope you all are in good health, great spirits and
> > your
> > > > > > glasses
> > > > > > never empty.
> > > > > >
> > > > > > I have a samba, openldap question.
> > > > > >
> > > > > > I am trying to setup a FC-4 box to be a PDC for a small network
> of
> > > > about
> > > > > > 150
> > > > > > users.  I was following the HOWTO on the SAMBA site.  Everything
> > > seems
> > > > > to
> > > > > > be
> > > > > > fine however I cannot join the domain.  I get the error "User
> name
> > > > could
> > > > > > not
> > > > > > be found." The error logs show that the login/password used to
> > join
> > > > the
> > > > > > domain was accpeted and correct.  I decided to step back a bit
> to
> > > see
> > > > if
> > > > > > the
> > > > > > PDC could join the domain but also no luck.  I got the following
> > > when
> > > > I
> > > > > > ran
> > > > > > the command
> > > > > >
> > > > > > [root at anansi ~]# net rpc join -d 3 -l -S PDC -U root
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916)
> > > > > >   lp_load: refreshing parameters
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321)
> > > > > >   Initialising global parameters
> > > > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573)
> > > > > >   params.c:pm_process() - Processing configuration file
> > > > > > "/etc/samba/smb.conf"
> > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418)
> > > > > >   Processing section "[global]"
> > > > > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159)
> > > > > >   WARNING: The "min passwd length" option is deprecated
> > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > >   added interface ip=10.50.0.20 bcast=10.50.255.255
> > > nmask=255.255.0.0
> > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > >   added interface ip=127.0.0.1 bcast=127.255.255.255
> > nmask=255.0.0.0
> > > > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752)
> > > > > >   resolve_wins: Attempting wins lookup for name PDC<0x20>
> > > > > > [2006/02/21 10:57:03, 3]
> > libsmb/namequery.c:name_resolve_bcast(694)
> > > > > >   name_resolve_bcast: Attempting broadcast lookup for name
> > PDC<0x20>
> > > > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492)
> > > > > >   Got a positive name query response from 10.50.0.20 (
> 10.50.0.20
> > )
> > > > > > [2006/02/21 10:57:03, 3]
> > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > >   Connecting to host=PDC
> > > > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752)
> > > > > >   Connecting to 10.50.0.20 at port 445
> > > > > > [2006/02/21 10:57:04, 3]
> > > > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
> > > > > >   cli_nt_setup_creds: auth2 challenge failed
> > NT_STATUS_ACCESS_DENIED
> > > > > > [2006/02/21 10:57:04, 3]
> > > > > libsmb/trusts_util.c:just_change_the_password(43)
> > > > > >   just_change_the_password: unable to setup creds
> > > > > > (NT_STATUS_ACCESS_DENIED)!
> > > > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138)
> > > > > >   rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > > > > > Password:
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > >   Connecting to host=PDC
> > > > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752)
> > > > > >   Connecting to 10.50.0.20 at port 445
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(708)
> > > > > >   Doing spnego session setup (blob length=58)
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(733)
> > > > > >   got OID=1 3 6 1 4 1 311 2 2 10
> > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_session_setup_spnego(740)
> > > > > >   got principal=NONE
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
> > > > > >   Got challenge flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > >   Got NTLMSSP neg_flags=0x60890215
> > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
> > > > > >   NTLMSSP: Set final flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > > [2006/02/21 10:57:10, 3]
> > > libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> > > > > >   NTLMSSP Sign/Seal - Initialising with flags:
> > > > > > [2006/02/21 10:57:10, 3]
> libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > > [2006/02/21 10:57:10, 3]
> rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
> > > > > >   lsa_io_sec_qos: length c does not match size 8
> > > > > > Creation of workstation account failed
> > > > > > Unable to join domain CDCGA.
> > > > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897)
> > > > > >   return code = 1
> > > > > >
> > > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as
> of
> > > yet.
> > > > > >
> > > > > > Have any of you samba sensei seen anything like this or have an
> > > > > > suggestions
> > > > > > as to how to kick this trouble ticket out.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > >
> > > > > > In the World one must be able to
> > > > > >
> > > > > > Adapt, and Evolve
> > > > > >
> > > > > > Or run the risk of becoming EXTINCT
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and read
> the
> > > > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> >
> >





More information about the samba mailing list