[Samba] testjoin on samba pdc fails to get schannel session key

corrie jukit corrie.jukit at gmail.com
Fri Jan 18 11:35:06 GMT 2008

Debian 2.6.18


        workgroup = DOMAIN
        server string = %h server
        interfaces = eth0
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = lmhosts host wins bcast
        add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u
        domain logons = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        panic action = /usr/share/samba/panic-action %d


useradd -g machines -d /var/lib/nobody -s /bin/false inside$
passwd -l inside$
smbpasswd -a -m inside

net rpc testjoin
net rpc testjoin -U Administrator%'adminpassword'

[2008/01/18 09:43:43, 0]
  get_schannel_session_key: could not fetch trust account password for
domain 'SERVER'
[2008/01/18 09:43:43, 0] utils/net_rpc_join.c:net_rpc_join_ok(70)
  net_rpc_join_ok: failed to get schannel session key from server SERVER for
Join to domain 'DOMAIN' is not valid


After following the instruction here:


I now get an additional error appearing before other net rpc response:

[2008/01/18 10:07:43, 0] param/loadparm.c:handle_copy(3147)
  Unable to copy service - source not found:


I want to run the linux samba server as PDC. After some reading I am not
completely clear if the correct approach is: join PDC machine to domain
always; optionally use winbind. I take it also at this point there is no
requirement to set up default windows domain groups.

However, doing so, log.nmbd shows:

[2008/01/18 11:01:15, 0] param/loadparm.c:handle_copy(3147)
  Unable to copy service - source not found:
[2008/01/18 11:01:15, 0] auth/auth_util.c:create_builtin_administrators(785)

  create_builtin_administrators: Failed to create Administrators

Thanks for any advice.

More information about the samba mailing list