[Samba] PDC: Linux Client can't join the domain.
Adam Williams
awilliam at mdah.state.ms.us
Mon May 4 14:11:48 GMT 2009
i would delete uid=debian$,ou=Computers,dc=DOMINIO and load this ldif:
dn: uid=debian$,ou=Computers,dc=DOMINIO
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: debian$
uid: debian$
sn: debian$
uidNumber: 1001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
displayName: DEBIAN$
userPassword: {crypt}!!
shadowLastChange: 13916
shadowMax: 99999
shadowWarning: 7
then on DEBIAN do net join -D DOMINIO -S PDC_SERVER_NAME -U root%password
Alessandro Baggi wrote:
> Ok. I've deleted the last ldap db, and renewed. I'm trying to add
> manually the machine trust account. This is an ldif from slapcat:
>
> dn: uid=debian$,ou=Computers,dc=DOMINIO
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: debian$
> uid: debian$
> uidNumber: 1001
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> sambaSID: S-1-5-21-1849485170-1217343015-651458238-1001
> displayName: DEBIAN$
> sambaAcctFlags: [W ]
> sambaNTPassword: E5A8B99BEBA13E2AC86E4477CD0588DA
> sambaPwdLastSet: 1241268555
>
> # smbpasswd debian\$ /*for the password, I've
> inserted the root domain password*/
>
> After added the entry on ldap, I must add other for this "user"?
>
> if not, it still give me:
>
> [2009/05/02 15:12:29, 0]
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
> _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
> Rejecting auth request from client DEBIAN machine account DEBIAN$
> [2009/05/02 15:12:29, 0]
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
> _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
> Rejecting auth request from client DEBIAN machine account DEBIAN$
>
>
>
> and login on client Linux does not still work.
>
> Another issue is that sometimes smbldap-tools add machine account
> correctly...other not...
More information about the samba
mailing list