[Samba] Join domain on one PDC server but not another

[Mark Fox]

Symptoms: Can join machines to the domain on one PDC server, but not on
another nearly identical PDC server.

Details: I have two separate machines on the same network configured as PDC
servers and running Samba 3.3.2. Both are running Ubuntu Linux and Samba is
configured identically as far as I can tell. (Obviously, I'm missing
something.) Pretty vanilla use of Samba. No LDAP or anything like that.
Using several machines, I can successfully join the domain on the one PDC
server, but, using the same machines, can't on the other. When failing to
join the domain, the Windows XP Pro boxes complain that "Access is denied."

On a possibly related note, I have to use 'sudo /usr/sbin/useradd ...' for
the machine script on the PDC server that fails versus just
'/usr/sbin/useradd ...' on the one that works. This could all boil down to a
permissions issue.

I've captured level two and level three logs of a successful and
unsuccessful join attempt for the clients that succeed and fail, but haven't
found anything damning. The failed attempt sends the domain sid twice and
then fails. The successful attempt sends it once and then goes on to open
the domain and such.

Any ideas? I'm certainly no Samba guru, so it could be something obvious.


Mark