[Samba] Re: NT Workstation and Samba PDC

Marcelo Terres mhterres at gmail.com
Thu Oct 5 16:55:38 GMT 2006 

Hi again.

I found my error in  Samba3-HOWTO:

"
The Machine Trust Account Is Not Accessible

 "When I try to join the domain I get the message, "The machine
account  for this computer either does not exist or is not
accessible." What's wrong?"

This problem is caused by the PDC not having a suitable Machine Trust
Account.  If you are using the add machine script method to create
accounts, then this would indicate that it has not worked. Ensure the
domain admin user system is working.
"

The problem is that is not working just in NT workstations. W2K e XP
works great. So, it's not a problem with the smbldap-tools scripts.
Looks like a samba bug.

I tried again with 3.0.22 and 3.0.23c.

Any ideas ?

Thanks,

On 10/4/06, Marcelo Terres <mhterres at gmail.com> wrote:
> Hi.
>
> I'm having a big trouble.
>
> We migrate a NT PDC to a Samba PDC. No problems in migration. Everything works fine.
>
> The problem is: I can't add a NT machine to Domain. Simply does not work. XP and W2K works great.
>
> I started using Debian Sarge Package 3.0.14. In this version I could not manage groups using the Domain User Manager from NT. So I updated to 3.0.23c packages from samba.org. Same problem with adding a NT machine, but the User Manager now works.
>
> I tried the 3.0.22 from backports.org but with the same problem.
>
> The behaviour changes depending of the version of Samba. I'm using smbldap-useradd (0.9.2) in the add machine script.
>
> In 3.0.14 I saw in logs this error:
> 2006/10/04 13:03:42, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
>   ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
>
>
> In 3.0.22 the error is similar, but because the LDAP timed out, looks like the account is created and NT thinks that it joined in the domain, but when I tried to login does not work. Look the logs:
>
> 2006/10/04 14:28:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
>   ldapsam_update_sam_account: failed to modify user with uid = testing$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
> [2006/10/04 14:28:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (12384, 513) - sec_ctx_stack_ndx = 0
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
>   free_pipe_context: destroying talloc pool of size 924
> [2006/10/04 14:28:38, 3] smbd/process.c:process_smb(1194)
>   Transaction 21 of length 132
> [2006/10/04 14:28:38, 3] smbd/process.c:switch_message(993)
>   switch message SMBtrans (pid 3026) conn 0x83cd180
> [2006/10/04 14:28:38, 3] smbd/ipc.c:reply_trans(539)
>   trans <\PIPE\> data=44 params=0 setup=2
> [2006/10/04 14:28:38, 3] smbd/ipc.c:named_pipe(334)
>   named pipe command on <> name
> [2006/10/04 14:28:38, 3] smbd/ipc.c:api_fd_reply(294)
>   Got API command 0x26 on pipe "samr" (pnum 7494)
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
>   free_pipe_context: destroying talloc pool of size 0
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(2237)
>   api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER
> [2006/10/04 14:28:38, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:38, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 1 try!
> [2006/10/04 14:28:39, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:39, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 2 try!
> [2006/10/04 14:28:40, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:40, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 3 try!
> [2006/10/04 14:28:41, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:41, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 4 try!
> [2006/10/04 14:28:42, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:42, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 5 try!
> [2006/10/04 14:28:43, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:43, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 6 try!
> [2006/10/04 14:28:44, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:44, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 7 try!
> [2006/10/04 14:28:45, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:45, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 8 try!
> [2006/10/04 14:28:46, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:46, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 9 try!
> [2006/10/04 14:28:47, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:47, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 10 try!
> [2006/10/04 14:28:48, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:48, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 11 try!
> [2006/10/04 14:28:49, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:49, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 12 try!
> [2006/10/04 14:28:50, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:50, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 13 try!
> [2006/10/04 14:28:51, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:51, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 14 try!
> [2006/10/04 14:28:52, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:52, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 15 try!
> [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:53, 0] lib/smbldap.c:smbldap_search_suffix(1346)
>   smbldap_search_suffix: Problem during the LDAP search: modify/delete: sambaPrimaryGroupSID: no such value (Time limit exceeded)
> [2006/10/04 14:28:53, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
>   free_pipe_context: destroying talloc pool of size 0



-- 
Marcelo H. Terres
mhterres at gmail.com

More information about the samba mailing list