[Samba] Problems when trying to join samba PDC with W2K8 server

Justas Poderys (UAB Naujos sistemos) j.poderys at newsystems.lt
Tue Feb 24 12:35:12 GMT 2009 

Hello all,

 I am trying to add W2K8 server to our domain "ns.local". This domain is
working O.K. for all XP machines we have (~10), but when adding a W2K8
server, I get user/pass prompt and then after typing my* username and
password I get:
---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "NS.LOCAL":

The parameter is incorrect.

Our topology is as follows:
We have a samba server and a separate machine as a ldap server running
OpenLDAP.
* - I am using my (instead of root) password, because It work on XP machines
and because I'm a member of "cn=Domain Admins".
Interesting note is that when trying to join a domain with W2K8 server
sambaAcctFlags in "uid=TERMINALAS$" changes from [W] to [DW         ].
"TERMINALAS" is the name of W2K8 server that I'm using to join domain.

We are running samba Version 3.0.24.

All help and clues highly appreciated. Sorry, if this was already discussed,
must have missed it.

Justas Poderys



[samba log when trying to join domain with log & debug levels = 2 ]

[2009/02/24 14:31:01, 2] lib/access.c:check_access(323)
  Allowed connection from  (10.10.11.27)
[2009/02/24 14:31:01, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/02/24 14:31:01, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/02/24 14:31:01, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: j.poderys
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 22782
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 22782
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 22782
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 6934
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 7036
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 10460
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 11698
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 25121
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 54776
[2009/02/24 14:31:01, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 56436
[2009/02/24 14:31:01, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [j.poderys] -> [j.poderys]
-> [j.poderys] succeeded
[2009/02/24 14:31:01, 2] lib/access.c:check_access(323)
  Allowed connection from  (10.10.11.27)
[2009/02/24 14:31:01, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2009/02/24 14:31:01, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/02/24 14:31:02, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/02/24 14:31:03, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
  Returning domain sid for domain NS.LOCAL ->
S-1-5-21-3890934015-1816655379-4264717526-7054
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
  pdb_get_group_sid: Failed to find Unix account for TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
  pdb_get_group_sid: Failed to find Unix account for TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
  init_ldap_from_sam: Setting entry for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1817)
  ldapsam_update_sam_account: successfully modified uid = TERMINALAS$ in the
LDAP database
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
  init_ldap_from_sam: Setting entry for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1817)
  ldapsam_update_sam_account: successfully modified uid = TERMINALAS$ in the
LDAP database
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
  init_ldap_from_sam: Setting entry for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1817)
  ldapsam_update_sam_account: successfully modified uid = TERMINALAS$ in the
LDAP database
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
  init_ldap_from_sam: Setting entry for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1817)
  ldapsam_update_sam_account: successfully modified uid = TERMINALAS$ in the
LDAP database
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: TERMINALAS$
[2009/02/24 14:31:03, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
  pdb_get_group_sid: Failed to find Unix account for TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
  init_ldap_from_sam: Setting entry for user: TERMINALAS$
[2009/02/24 14:31:03, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1817)
  ldapsam_update_sam_account: successfully modified uid = TERMINALAS$ in the
LDAP database


[smb.config snip]

passdb backend = ldapsam:"ldaps://ldap.ns.local ldap://ldap1.ns.local"
ldap suffix = dc=ns,dc=local
ldap machine suffix = ou=Machines
ldap user suffix = ou=Employees
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=ns,dc=local
ldap delete dn = no
ldap ssl = yes
ldap timeout = 5
#ldap filter = (&(uid=%u)(objectClass=posixAccount))
ldap idmap suffix = ou=Employees
idmap backend = "ldaps://ldap.ns.local ldap://ldap1.ns.local"
idmap uid = 5000-500000
idmap gid = 5000-500000
enable privileges = yes
obey pam restrictions = yes

guest account = nobody
invalid users = root

More information about the samba mailing list