[Samba] net rpc join fails the first time but succeeds the second

Felipe Alfaro Solana felipe.alfaro at gmail.com
Fri May 19 11:13:21 GMT 2006 

Hi.

I'm having some trouble when trying to join a SAMBA machine, acting as
a member server, to a NT-style domain server managed by a SAMBA PDC
using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6
on Red Hat Enterprise Linux 4.1 Update 3 for AMD64.

When trying to add the member server to the domain, it fails with an
error message. However, if I try to add it again, the operation
succeeds.

The first try to add the member server fails with this error message:

[root at member ~]# net rpc join CENTRAL -U Administrator%password
[2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED

Unable to join domain CENTRAL.

I can see the SAMBA machine account has been created:

[root at pdc ~]# pdbedit -L
Administrator:0:Domain Administrator
member$:10001:Machine

Then, immediately, I try to add the member server, once again:

[root at member ~]# net rpc join CENTRAL -U Administrator%password
Joined domain CENTRAL.

Both, the member server and PDC are using nss_ldap.
Thus:

[root at member ~]# id Administrator
uid=0(root) gid=0(root) groups=0(root)

The smb.conf for the PDC is:

[global]

   # Store SAMBA data into an LDAP backend
   passdb backend = ldapsam:ldap://ldap/
   ldap admin dn = cn=Directory Manager
   ldap suffix = dc=central
   ldap user suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap group suffix = ou=Groups

   # Scripts for managing users and computers
   add user script = /usr/sbin/luseradd -g "Domain Users" %u
   delete user script = /usr/sbin/luserdel -r %u
   add group script = /usr/sbin/lgroupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/lgroupmod -A %u %g
   delete user from group script = /usr/sbin/lgroupmod -R %u %g
   add machine script = /usr/sbin/luseradd -g "Domain Computers" -c
"Machine" -s /bin/false -d /dev/null -n -M "%u"

   workgroup = CENTRAL
   netbios name = NDS1
   server string = CENTRAL Samba Domain Controller

   load printers = no

   log file = /var/log/samba/%m.log

   security = user
   encrypt passwords = yes

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   os level = 35
   local master = yes
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon path =

   wins support = yes

The smb.conf for the member server is:

[global]

   workgroup = CENTRAL
   server string = CENTRAL File Server
   netbios name = FS1
   log file = /var/log/samba/%m.log
   max log size = 50
   security = domain
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Any ideas?
Thank you very much.

More information about the samba mailing list