[Samba] PDC: Linux Client can't join the domain.

Alessandro Baggi alessandro.baggi at gmail.com
Fri May 15 15:56:17 GMT 2009 

Hi Adam. I'm sorry for the late answer. Ok I've added the machine 
account manually with a .ldif. Then, when the client join the domain, 
samba modifiy the entry, with sambaSID and other.
On the client I receive: Joined Domain DOMINIO

but on log I still receive:
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
Rejecting auth request from client DEBIAN machine account DEBIAN$

then with an high loglevel on samba I get this:

[2009/05/14 15:15:57, 10] libsmb/credentials.c:creds_server_init(186)
  creds_server_init: client chal : A047C2F85202142F
[2009/05/14 15:15:57, 10] libsmb/credentials.c:creds_server_init(187)
  creds_server_init: server chal : 0012364D7628C4B5
[2009/05/14 15:15:57,  5] libsmb/credentials.c:creds_init_128(70)
  creds_init_128
[2009/05/14 15:15:57,  5] libsmb/credentials.c:creds_init_128(71)
        clnt_chal_in: A047C2F85202142F
[2009/05/14 15:15:57,  5] libsmb/credentials.c:creds_init_128(72)
        srv_chal_in : 0012364D7628C4B5
[2009/05/14 15:15:57, 10] libsmb/credentials.c:creds_server_init(205)
  creds_server_init: clnt : 9E53396C4265DCC1
[2009/05/14 15:15:57, 10] libsmb/credentials.c:creds_server_init(206)
  creds_server_init: server : DE8F791907CC3E7A
[2009/05/14 15:15:57, 10] libsmb/credentials.c:creds_server_init(207)
  creds_server_init: seed : 9E53396C4265DCC1
[2009/05/14 15:15:57,  5] 
libsmb/credentials.c:netlogon_creds_server_check(221)
  netlogon_creds_server_check: challenge : ADBFFA3C1575AA41
[2009/05/14 15:15:57,  5] 
libsmb/credentials.c:netlogon_creds_server_check(222)
  calculated: 9E53396C4265DCC1
[2009/05/14 15:15:57,  2] 
libsmb/credentials.c:netlogon_creds_server_check(223)
  netlogon_creds_server_check: credentials check failed.


Another thing, after joined the domain, i can see domain users with 
getent passwd? Or I must add ldap support on the client computer?

Thanks in advance

Adam Williams wrote:

i would delete uid=debian$,ou=Computers,dc=DOMINIO and load this ldif:

dn: uid=debian$,ou=Computers,dc=DOMINIO
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: debian$
uid: debian$
sn: debian$
uidNumber: 1001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
displayName: DEBIAN$
userPassword: {crypt}!!
shadowLastChange: 13916
shadowMax: 99999
shadowWarning: 7

then on DEBIAN do net join -D DOMINIO -S PDC_SERVER_NAME -U root%password

More information about the samba mailing list