[Samba] Can't join to domain, Google-fu has failed me

Richard Gellman splodge at starfleet-net.co.uk
Thu Apr 9 17:43:18 GMT 2009


I've been using Samba for years as a domain controller without issue, 
but this has stumped me.

I've set up Windows Vista Enterprise SP1 on a Virtual PC. Samba is 
running on a Gentoo Linux box as version 3.3.3. I can access shares 
without issue, but I can't get the machine to join the domain. When it 
tries it shows "The parameter is incorrect".

Delving into C:\Windows\Debug\NetSetup.LOG shows that it creates the 
machine account successfully, sets a password for it, then gets to the 
point of configuring itself to be a domain member, and then fails with 
error code 0x57. At this point it disables the machine account for itself.

The relevant section of NetSetup.LOG is shown below. Everything I read 
on t'internet suggests that this should work without problems. I've 
tried setting the security option to NTLM, changing the compatibility 
mode value, almost everything I can find, but still no joy.

I'd post the smbd -d 10 log, but from what I can see nothing errors on 
the Samba side, Windows just gives up. I'm hoping that there's something 
I can configure, patch that can be applied etc that causes some kind of 
different response that Windows will accept.

Does anyone have any ideas? Let me know if there's anything useful I can 
give you from the -d 10 log. There's a lot of stuff there (mostly 
routine stuff) so let me know what sort of thing you're looking for and 
I'll gladly post it.

I should point out the password backend is OpenLDAP. As stated, no other 
machine I've joined to this domain has ever had issues.


Richard Gellman

-- NetSetup.LOG --

04/09/2009 18:32:34:458 NetpValidateName: checking to see if 'STARFLEET' 
is valid as type 3 name
04/09/2009 18:32:34:559 NetpCheckDomainNameIsValid [ Exists ] for 
'STARFLEET' returned 0x0
04/09/2009 18:32:34:559 NetpValidateName: name 'STARFLEET' is valid for 
type 3
04/09/2009 18:32:34:559 NetpDsGetDcName: trying to find DC in domain 
'STARFLEET', flags: 0x40001010
04/09/2009 18:32:34:559 NetpDsGetDcName: found DC '\\RELIANT' in the 
specified domain
04/09/2009 18:32:34:559 NetpJoinDomain: status of connecting to dc 
'\\RELIANT': 0x0
04/09/2009 18:32:34:709 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:34:709 NetpGetNt4RefusePasswordChangeStatus: trying to 
read from '\\RELIANT'
04/09/2009 18:32:35:039 NetpGetNt4RefusePasswordChangeStatus: 
RefusePasswordChange == 0
04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
04/09/2009 18:32:35:099 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
04/09/2009 18:32:35:530 NetpManageMachineAccountWithSid: NetUserAdd on 
'\\RELIANT' for 'VOYAGER$' failed: 0x8b0
04/09/2009 18:32:36:171 NetpManageMachineAccountWithSid: status of 
attempting to set password on '\\RELIANT' for 'VOYAGER$': 0x0
04/09/2009 18:32:36:171 NetpJoinDomain: status of creating account: 0x0
04/09/2009 18:32:36:171 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:36:181 NetpSetLsaPrimaryDomain: for 'STARFLEET' status: 
04/09/2009 18:32:36:181 NetpJoinDomain: status of setting LSA pri. 
domain: 0x57
04/09/2009 18:32:36:181 NetpJoinDomain: initiaing a rollback due to 
earlier errors
04/09/2009 18:32:36:281 NetpGetLsaPrimaryDomain: status: 0x0
04/09/2009 18:32:36:652 NetpManageMachineAccountWithSid: status of 
disabling account 'VOYAGER$' on '\\RELIANT': 0x0
04/09/2009 18:32:36:652 NetpJoinDomain: rollback: status of deleting 
computer account: 0x0
04/09/2009 18:32:36:652 NetpLsaOpenSecret: status: 0x0
04/09/2009 18:32:36:672 NetpJoinDomain: rollback: status of deleting 
secret: 0x0
04/09/2009 18:32:36:692 NetpJoinDomain: status of disconnecting from 
'\\RELIANT': 0x0
04/09/2009 18:32:36:692 NetpDoDomainJoin: status: 0x57

