[Samba] Can't join my domain

Bevan Agard bevan at cdcga.gov.tt
Fri Mar 10 17:21:39 GMT 2006


It works now.  Thanks for all your help

I also got the DDNS working which is when all gave a happy, happy, joy, joy
feeling.

So to recap, the problem was in the faulty smbldap-adduser script (thanks
James) and incomplete DDNS configuration.

Thanks to all who responded and if there is any way I could return the favor
I shall.

In the World one must be able to 
Adapt, and Evolve 
Or run the risk of becoming EXTINCT

> -----Original Message-----
> From: James Taylor [mailto:jtaylor at laszlosystems.com]
> Sent: Thursday, March 09, 2006 2:37 PM
> To: 'Bevan Agard'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> The first time you try to join the Domain the computer account gets
> created.
> Try it once more after the computer account is created and it should work.
> 
> JT
> 
> -----Original Message-----
> From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> Sent: Wednesday, March 08, 2006 3:06 PM
> To: 'James Taylor'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Can't join my domain
> 
> OK I installed it and it did take care of the problem where the samba info
> was not being added to the database.
> 
> However my original problem still remains.
> 
> When I try to join my XP Desktop to the domain using the interface on the
> desktop I get the same error that states
> 
> "The following error occurred attempting to join the domain "CDCGA"
> The user name could not be found "
> 
> I'm thinking the problems may have to do with my DDNS not working
> properly.
> What do you think or am I just missing the boat?
> 
> 
> 
> In the World one must be able to
> Adapt, and Evolve
> Or run the risk of becoming EXTINCT
> 
> > -----Original Message-----
> > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > Sent: Friday, March 03, 2006 4:25 PM
> > To: 'Bevan Agard'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > Try this one...
> >
> > JT
> >
> > -----Original Message-----
> > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > Sent: Friday, March 03, 2006 11:39 AM
> > To: 'James Taylor'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't join my domain
> >
> > Here you go
> >
> > In the World one must be able to
> > Adapt, and Evolve
> > Or run the risk of becoming EXTINCT
> >
> > > -----Original Message-----
> > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > Sent: Friday, March 03, 2006 3:02 PM
> > > To: 'Bevan Agard'
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > Sorry I wasn't able to reply earlier.
> > >
> > > Can you send me a copy of your smbldap-useradd script?  What is
> > happening
> > > is
> > > that the script is not adding the sambaSAMAccount information to the
> > > machine
> > > account it is creating. The -w switch should add this information.  It
> > > could
> > > be this script needs to be modified to make appropriate changes.
> > >
> > > JT
> > >
> > > -----Original Message-----
> > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > Sent: Thursday, March 02, 2006 6:44 AM
> > > To: 'James Taylor'
> > > Cc: samba at lists.samba.org
> > > Subject: RE: [Samba] Can't join my domain
> > >
> > > I have tried running smbldap-useradd with various switches however
> > > objectClass: sambaSAMAccount
> > > sambaSID: "domain sid"-xxx
> > >
> > > and any other sambaxxxx info only gets added if it is run with the -a
> > > options which makes it a user not a machine.
> > > I am using smbldap 0.9.1 with samba 3.0.14a-2
> > >
> > > I don't if anyone has experienced this before but any help would be
> > > appreciated.
> > >
> > > I would really like to get this box set up as our PDC that would be
> able
> > > to
> > > do single sign-on and manage windows user accounts.
> > >
> > >
> > > In the World one must be able to
> > > Adapt, and Evolve
> > > Or run the risk of becoming EXTINCT
> > >
> > > > -----Original Message-----
> > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > Sent: Wednesday, February 22, 2006 4:06 PM
> > > > To: 'Bevan Agard'
> > > > Cc: samba at lists.samba.org
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > > Then that would be your problem... change your Add Machine Script...
> > > >
> > > > smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false
> > '%m'
> > > >
> > > > Then try adding a new machine.
> > > >
> > > > JT
> > > >
> > > > -----Original Message-----
> > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > Sent: Wednesday, February 22, 2006 12:04 PM
> > > > To: 'James Taylor'
> > > > Subject: RE: [Samba] Can't join my domain
> > > >
> > > >
> > > >
> > > > In the World one must be able to
> > > > Adapt, and Evolve
> > > > Or run the risk of becoming EXTINCT
> > > >
> > > > > -----Original Message-----
> > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > Sent: Wednesday, February 22, 2006 3:59 PM
> > > > > To: 'Bevan Agard'
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > > Does the LDAP Machine account include:
> > > > > objectClass: sambaSAMAccount
> > > > > sambaSID: "domain sid"-xxxx
> > > > >
> > > > > JT
> > > > [Bevan Agard]
> > > >
> > > > Actually it does not.  strange
> > > > >
> > > > > -----Original Message-----
> > > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > > Sent: Wednesday, February 22, 2006 11:53 AM
> > > > > To: 'James Taylor'
> > > > > Subject: RE: [Samba] Can't join my domain
> > > > >
> > > > >
> > > > >
> > > > > In the World one must be able to
> > > > > Adapt, and Evolve
> > > > > Or run the risk of becoming EXTINCT
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > > Sent: Wednesday, February 22, 2006 3:04 PM
> > > > > > To: 'Bevan Agard'
> > > > > > Subject: RE: [Samba] Can't join my domain
> > > > > >
> > > > > > When you are trying to join a system to your Domain are the
> > computer
> > > > > > accounts created in your LDAP Database as "machinename$" also
> with
> > > the
> > > > > > sambaSAMAccount information?
> > > > > >
> > > > > [Bevan Agard]
> > > > > Yes the machine name gets added to the LDAP Database and I get an
> > > error
> > > > on
> > > > > the windows box stating
> > > > > "Cannot join Domain"
> > > > > "User name not found"
> > > > >
> > > > >
> > > > >
> > > > > > What does your SAMBA "Add Machine Script" look like in your
> > smb.conf
> > > > > file?
> > > > > >
> > > > > > JT
> > > > > [Bevan Agard]
> > > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > > > >
> > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Bevan Agard [mailto:bevan at cdcga.gov.tt]
> > > > > > Sent: Wednesday, February 22, 2006 11:00 AM
> > > > > > To: 'James Taylor'; samba at lists.samba.org
> > > > > > Subject: RE: [Samba] Can't join my domain
> > > > > >
> > > > > >
> > > > > >
> > > > > > In the World one must be able to
> > > > > > Adapt, and Evolve
> > > > > > Or run the risk of becoming EXTINCT
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: James Taylor [mailto:jtaylor at laszlosystems.com]
> > > > > > > Sent: Wednesday, February 22, 2006 2:39 PM
> > > > > > > To: 'Bevan Agard'; samba at lists.samba.org
> > > > > > > Subject: RE: [Samba] Can't join my domain
> > > > > > >
> > > > > > > What do your Add Machine Scripts look like in Samba?  Also,
> are
> > > you
> > > > > > using
> > > > > > > the smbldap-tools from idealx?
> > > > > > >
> > > > > > [Bevan Agard]
> > > > > >
> > > > > > I am using the scripts from idealx.
> > > > > >
> > > > > > I followed the HOWTO on samba.org (Happy Users Ch 5)
> > > > > >
> > > > > >
> > > > > > > JT
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > > > > > [mailto:samba-
> bounces+jtaylor=laszlosystems.com at lists.samba.org]
> > > On
> > > > > > Behalf
> > > > > > > Of Bevan Agard
> > > > > > > Sent: Wednesday, February 22, 2006 5:12 AM
> > > > > > > To: samba at lists.samba.org
> > > > > > > Subject: [Samba] Can't join my domain
> > > > > > >
> > > > > > > Guys and dolls,
> > > > > > > Greetings, I hope you all are in good health, great spirits
> and
> > > your
> > > > > > > glasses
> > > > > > > never empty.
> > > > > > >
> > > > > > > I have a samba, openldap question.
> > > > > > >
> > > > > > > I am trying to setup a FC-4 box to be a PDC for a small
> network
> > of
> > > > > about
> > > > > > > 150
> > > > > > > users.  I was following the HOWTO on the SAMBA site.
> Everything
> > > > seems
> > > > > > to
> > > > > > > be
> > > > > > > fine however I cannot join the domain.  I get the error "User
> > name
> > > > > could
> > > > > > > not
> > > > > > > be found." The error logs show that the login/password used to
> > > join
> > > > > the
> > > > > > > domain was accpeted and correct.  I decided to step back a bit
> > to
> > > > see
> > > > > if
> > > > > > > the
> > > > > > > PDC could join the domain but also no luck.  I got the
> following
> > > > when
> > > > > I
> > > > > > > ran
> > > > > > > the command
> > > > > > >
> > > > > > > [root at anansi ~]# net rpc join -d 3 -l -S PDC -U root
> > > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916)
> > > > > > >   lp_load: refreshing parameters
> > > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321)
> > > > > > >   Initialising global parameters
> > > > > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573)
> > > > > > >   params.c:pm_process() - Processing configuration file
> > > > > > > "/etc/samba/smb.conf"
> > > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418)
> > > > > > >   Processing section "[global]"
> > > > > > > [2006/02/21 10:57:03, 1]
> param/loadparm.c:lp_do_parameter(3159)
> > > > > > >   WARNING: The "min passwd length" option is deprecated
> > > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > > >   added interface ip=10.50.0.20 bcast=10.50.255.255
> > > > nmask=255.255.0.0
> > > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81)
> > > > > > >   added interface ip=127.0.0.1 bcast=127.255.255.255
> > > nmask=255.0.0.0
> > > > > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752)
> > > > > > >   resolve_wins: Attempting wins lookup for name PDC<0x20>
> > > > > > > [2006/02/21 10:57:03, 3]
> > > libsmb/namequery.c:name_resolve_bcast(694)
> > > > > > >   name_resolve_bcast: Attempting broadcast lookup for name
> > > PDC<0x20>
> > > > > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492)
> > > > > > >   Got a positive name query response from 10.50.0.20 (
> > 10.50.0.20
> > > )
> > > > > > > [2006/02/21 10:57:03, 3]
> > > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > > >   Connecting to host=PDC
> > > > > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752)
> > > > > > >   Connecting to 10.50.0.20 at port 445
> > > > > > > [2006/02/21 10:57:04, 3]
> > > > > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
> > > > > > >   cli_nt_setup_creds: auth2 challenge failed
> > > NT_STATUS_ACCESS_DENIED
> > > > > > > [2006/02/21 10:57:04, 3]
> > > > > > libsmb/trusts_util.c:just_change_the_password(43)
> > > > > > >   just_change_the_password: unable to setup creds
> > > > > > > (NT_STATUS_ACCESS_DENIED)!
> > > > > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138)
> > > > > > >   rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> > > > > > > Password:
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/cliconnect.c:cli_start_connection(1406)
> > > > > > >   Connecting to host=PDC
> > > > > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752)
> > > > > > >   Connecting to 10.50.0.20 at port 445
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > > libsmb/cliconnect.c:cli_session_setup_spnego(708)
> > > > > > >   Doing spnego session setup (blob length=58)
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > > libsmb/cliconnect.c:cli_session_setup_spnego(733)
> > > > > > >   got OID=1 3 6 1 4 1 311 2 2 10
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > > libsmb/cliconnect.c:cli_session_setup_spnego(740)
> > > > > > >   got principal=NONE
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
> > > > > > >   Got challenge flags:
> > > > > > > [2006/02/21 10:57:10, 3]
> > libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > >   Got NTLMSSP neg_flags=0x60890215
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
> > > > > > >   NTLMSSP: Set final flags:
> > > > > > > [2006/02/21 10:57:10, 3]
> > libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > > > [2006/02/21 10:57:10, 3]
> > > > libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> > > > > > >   NTLMSSP Sign/Seal - Initialising with flags:
> > > > > > > [2006/02/21 10:57:10, 3]
> > libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> > > > > > >   Got NTLMSSP neg_flags=0x60080215
> > > > > > > [2006/02/21 10:57:10, 3]
> > rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
> > > > > > >   lsa_io_sec_qos: length c does not match size 8
> > > > > > > Creation of workstation account failed
> > > > > > > Unable to join domain CDCGA.
> > > > > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897)
> > > > > > >   return code = 1
> > > > > > >
> > > > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as
> > of
> > > > yet.
> > > > > > >
> > > > > > > Have any of you samba sensei seen anything like this or have
> an
> > > > > > > suggestions
> > > > > > > as to how to kick this trouble ticket out.
> > > > > > >
> > > > > > > Thanks
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > In the World one must be able to
> > > > > > >
> > > > > > > Adapt, and Evolve
> > > > > > >
> > > > > > > Or run the risk of becoming EXTINCT
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > To unsubscribe from this list go to the following URL and read
> > the
> > > > > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > >
> > >
> > >
> 
> 




More information about the samba mailing list