[Samba] net rpc join fails the first time but succeeds the second

Mark Proehl M.Proehl at science-computing.de
Fri May 19 13:18:05 GMT 2006 

Hi,

if you create a new user with luseradd, is this new user immediately
available? Or do you have to wait some time between the following two
commands:

  > /usr/sbin/luseradd -g "Domain Computers" -c "Machine" -s /bin/false -d /dev/null -n -M testuser
  > id testuser

Mark



On Fri, May 19, 2006 at 01:13:21PM +0200, Felipe Alfaro Solana wrote:
> Hi.
> 
> I'm having some trouble when trying to join a SAMBA machine, acting as
> a member server, to a NT-style domain server managed by a SAMBA PDC
> using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6
> on Red Hat Enterprise Linux 4.1 Update 3 for AMD64.
> 
> When trying to add the member server to the domain, it fails with an
> error message. However, if I try to add it again, the operation
> succeeds.
> 
> The first try to add the member server fails with this error message:
> 
> [root at member ~]# net rpc join CENTRAL -U Administrator%password
> [2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
>  Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED
> 
> Unable to join domain CENTRAL.
> 
> I can see the SAMBA machine account has been created:
> 
> [root at pdc ~]# pdbedit -L
> Administrator:0:Domain Administrator
> member$:10001:Machine
> 
> Then, immediately, I try to add the member server, once again:
> 
> [root at member ~]# net rpc join CENTRAL -U Administrator%password
> Joined domain CENTRAL.
> 
> Both, the member server and PDC are using nss_ldap.
> Thus:
> 
> [root at member ~]# id Administrator
> uid=0(root) gid=0(root) groups=0(root)
> 
> The smb.conf for the PDC is:
> 
> [global]
> 
>   # Store SAMBA data into an LDAP backend
>   passdb backend = ldapsam:ldap://ldap/
>   ldap admin dn = cn=Directory Manager
>   ldap suffix = dc=central
>   ldap user suffix = ou=People
>   ldap machine suffix = ou=Computers
>   ldap group suffix = ou=Groups
> 
>   # Scripts for managing users and computers
>   add user script = /usr/sbin/luseradd -g "Domain Users" %u
>   delete user script = /usr/sbin/luserdel -r %u
>   add group script = /usr/sbin/lgroupadd %g
>   delete group script = /usr/sbin/groupdel %g
>   add user to group script = /usr/sbin/lgroupmod -A %u %g
>   delete user from group script = /usr/sbin/lgroupmod -R %u %g
>   add machine script = /usr/sbin/luseradd -g "Domain Computers" -c
> "Machine" -s /bin/false -d /dev/null -n -M "%u"
> 
>   workgroup = CENTRAL
>   netbios name = NDS1
>   server string = CENTRAL Samba Domain Controller
> 
>   load printers = no
> 
>   log file = /var/log/samba/%m.log
> 
>   security = user
>   encrypt passwords = yes
> 
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
>   os level = 35
>   local master = yes
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>   logon path =
> 
>   wins support = yes
> 
> The smb.conf for the member server is:
> 
> [global]
> 
>   workgroup = CENTRAL
>   server string = CENTRAL File Server
>   netbios name = FS1
>   log file = /var/log/samba/%m.log
>   max log size = 50
>   security = domain
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
> Any ideas?
> Thank you very much.
> --

More information about the samba mailing list