[Samba] Issues with joining to W2k3 domain

Paul K paulketelaar at gmail.com
Fri Jul 31 00:01:27 MDT 2009


Hi everyone,

I have a gentoo server running samba, winbindd, squid and apache as my main
proxy server.  I have had it authenticating 100% for a few weeks now.
Recently I can no longer join my server to the domain again using the
command "net rpc join -U username%password -S PDC".

The follwing message is displayed.

[2009/07/31 15:46:10, 0] utils/net_rpc_join.c:net_rpc_join_ok(81)
  net_rpc_join_ok: failed to get schannel session key from server PDC for
domain DOMAINNAME. Error was NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAINNAME.

I opened up my /var/log/samba/lob.wb-DOMAINNAME logfile.  below is the
result:

[2009/07/31 15:46:16, 0] libsmb/credentials.c:creds_client_check(324)
  creds_client_check: credentials check failed.
[2009/07/31 15:46:16, 0]
rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_$
  rpccli_netlogon_sam_network_logon: credentials chain check failed

The strange thing is:
- According to AD in 2003, the machine has joined (I deleted beforehand).
- I can perform authentication using wbinfo -a -u and -g.  It shows all
information.
One might say that it is working fine..  but I am rather concerned about the
error above.
- If I create a new machine account from AD and assign the computer as a
pre-2000 computer, the "net rpc join" command works perfectly.  However,
because there is no encryption happening between the computer account,
authentication failes with winbindd.

What could be causing this error?  I thought it might be a microsoft
security update..  I am certain I have not changed any of my configs.  I
thought I would ask in here first.

Any help would be appreciated!

Thanks,

Paul


More information about the samba mailing list