[Samba] trouble joining AD domain.

Kevin Kretz kevin at rentec.com
Mon Jul 23 19:05:06 GMT 2007

Hi all,

I'm running samba-3.0.25b  w/Linux (SUSE 10.1), newly compiled.

I've joined the AD domain (which is a subdomain) whose PDC is Win2K3 
server and which is running in native mode but allowing NT4 members.  
 From the HOWTO, I followed the instructions - manually created the 
computer account, then did the "net rpc join ...." and successfully 
joined the AD domain.

 From the AD Users and Computers console on the PDC, I can see my 
machine.  But that's all  - though I've created shares on it, I can't 
browse them from another host, nor access them directly.  And when I 
just browse the domain itself in Explorer, I don't see my machine.

When I try to view a share on it from a W2K3 box on the domain, I see:

"\\sambabox is not accessibe.  You might not have permission to use this 
network resource (more omitted) There are currently no logon servers 
available to service the logon request"

When I do wbinfo -t on the samba box, I see:

# wbinfo -t
checking the trust secret via RPC calls failed
error code was  (0x0)
Could not check secret

When I use smbclient to try to connect locally, the meaningful-looking 
lines output to the log are:

[2007/07/23 14:59:47, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2007/07/23 14:59:47, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
  Got user=[kevin] domain=[I01.ADI.xxxxxx.COM] workstation=[sambabox1] 
len1=24 len2=24
[2007/07/23 14:59:47, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69)

[2007/07/23 14:59:47, 5] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user [I01.ADI.xxxxxx.COM]\[kevin] from 
workstation [sambabox1]
[2007/07/23 15:00:18, 5] 
  no timestamp for trusted domain cache located.
[2007/07/23 15:00:18, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "I01.ADI.xxxxxx.COM" domain
[2007/07/23 15:00:18, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: ", i01-ny-dc1.rentec.com"
[2007/07/23 15:00:18, 5] libads/dns.c:sitename_fetch(676)
  sitename_fetch: No stored sitename for
[2007/07/23 15:00:18, 5] libsmb/namecache.c:namecache_fetch(214)
  name i01-ny-dc1.rentec.com#20 found.
[2007/07/23 15:00:18, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 1 ip addresses in an ordered list
[2007/07/23 15:00:18, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: xxx.xxx.xxx.xxx
[2007/07/23 15:00:18, 5] libsmb/namecache.c:namecache_status_fetch(346)

[2007/07/23 15:00:22, 3] libsmb/trusts_util.c:enumerate_domain_trusts(165)
  enumerate_domain_trusts: can't locate a DC for domain I01.ADI.xxxxxx.COM

  check_ntlm_password: winbind authentication for user [kevin] FAILED 
[2007/07/23 15:00:57, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [kevin] -> [kevin] 
[2007/07/23 15:00:57, 5] auth/auth_util.c:free_user_info(2045)

Any other useful information I could provide??

thanks ...

More information about the samba mailing list