[Samba] PDC: Linux Client can't join the domain.

Alessandro Baggi alessandro.baggi at gmail.com
Thu Apr 30 12:10:58 GMT 2009 

Hi there. I've a problem with using samba as Primary Domain Controller 
with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on 
Debian Lenny.
When I try to join the domain with a Windows XP Pro Client, all works 
fine...profiles updating, logon, ecc..but when I try to join the domain 
with a Linux Client (Slackware 12.1) I get different errors:


client:~# net rpc join -U root%password
Joined Domain DOMINIO.

and in samba log (log.__ffff_10.1.4.85):

[2009/04/30 13:45:42,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
  get_md4pw: Workstation PARIS$: no account in domain
[2009/04/30 13:45:42,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
  _netr_ServerAuthenticate2: failed to get machine password for account 
PARIS$: NT_STATUS_ACCESS_DENIED

and samba add an entry-Computer account for paris$:

# paris$, Computers, DOMINIO
dn: uid=paris$,ou=Computers,dc=DOMINIO
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: paris$
uid: paris$
uidNumber: 2008
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-1849485170-1217343015-651458238-1008
displayName: Computer
sambaAcctFlags: [W          ]

Then, I try to log out from the client and try login with a user in ldap 
(I've tried with a PosixAccount and SambaAccount), but it doesn't work.
If I try again to rejoin the domain, the client side give me: Joined 
Domain DOMINIO., but samba log (log.__ffff_10.1.4.85) give me:

[2009/04/30 13:48:07,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
Rejecting auth request from client PARIS machine account PARIS$

and I can't log-in in client side. These problems only when try to join 
domain from simple Linux client.
I've also removed the entire ldap db, repopulate, but the problem persist.

This is a client configuration problem or Server PDC configuration 
problem? Samba? or OpenLDAP?


thanks in advance for help.

More information about the samba mailing list