[Samba] 3.2.8 net join of 3.0.24 PDC fails

Craig Swanson craig.swanson at midwest-tool.com
Thu Feb 19 11:53:20 GMT 2009


PDC: samba-3.0.24-1
Uses ldap with smbldap tools to modify the directory
This is a stable, working platform.

New domain member (mahalo) : samba-3.2.8-0.26 on fedora 10 i386

Symptom: net rpc join fails from the new domain member.
The trust account actually does get created. But the password fields are
not written to the account.

2nd new domain member: samba-client-3.0.24-11
net join works from this client on fedora 6. smb.conf is similar to the
config on mahalo.

Thanks,

Craig Swanson


net join error:
[2009/02/18 08:44:37,  0] utils/net_rpc_join.c:net_rpc_join_newstyle(352)
  error setting trust account password: NT code 0x1c010002
Unable to join domain MTD.

Error on the PDC smb log:
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
  get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
  _net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
  get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
  _net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:37, 0] rpc_parse/parse_prs.c:prs_mem_get(559)
  prs_mem_get: reading data of size 2 would overrun buffer by 1 bytes.
[2009/02/18 08:44:37, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(848)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2009/02/18 08:44:37, 0] rpc_server/srv_pipe.c:api_rpcTNP(2287)
  api_rpcTNP: samr: SAMR_SET_USERINFO failed.

Client smb.conf:
        workgroup = MTD
        netbios name = MAHALO
        server string = Samba Server
        security = DOMAIN
        dns proxy = No
        encrypt passwords = yes

PDC smb.conf
        workgroup = MTD
        netbios name = PUNCH
        #interfaces = eth0 eth0:1 127.0.0.1
        interfaces = 192.168.1.225/24 192.168.1.230/24 127.0.0.1
        bind interfaces only = yes
        username map = /etc/samba/smbusers
        #admin users= @"Domain Admins"
        server string = Samba Server
        security = user
        encrypt passwords = Yes
        obey pam restrictions = No
        ldap passwd sync = No
        unix password sync = Yes
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        passwd chat = "Changing UNIX password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
        passwd chat debug = Yes
        log level = 0
        syslog = 0
        log file = /var/log/samba/log
        max log size = 100000
        time server = Yes
        mangling method = hash2
        Dos charset = 850
        Unix charset = ISO8859-1
        time offset = 0

        logon script = %U.bat
        logon drive = H:
        logon home = \\%N\%U\%u
        logon path =

        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        passdb backend = ldapsam:ldap://punch.midwest-tool.com/
        # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
        ldap admin dn = cn=Directory Manager
        ldap suffix = dc=midwest-tool,dc=com
        ldap group suffix = ou=Groups
        ldap user suffix = ou=People
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=People
        ldap ssl = start_tls
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%
u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        template shell = /bin/false

        winbind use default domain = no

Machine trust account for mahalo (pdbedit -Lv mahalo$):
Unix username:        mahalo$
NT username:          mahalo$
Account Flags:        [DW         ]
User SID:             S-1-5-21-1400792368-3813960858-1703501993-1104
Primary Group SID:    S-1-5-21-1400792368-3813960858-1703501993-515
Full Name:            Computer
Home Directory:       \\punch\mahalo_\%u
HomeDir Drive:        H:
Logon Script:         mahalo_.bat
Profile Path:         
Domain:               MTD
Account desc:         Computer
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 EST
Kickoff time:         Mon, 18 Jan 2038 22:14:07 EST
Password last set:    0
Password can change:  0
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF




More information about the samba mailing list