[Samba] Domain Member Server connecting to Samba PDC

Anthony Powell apowell at gmail.com
Thu Sep 10 16:13:55 MDT 2009


Hello:

I'm trying to set up a small domain on my home network.  The goal is
to have a domain member server connect to my samba PDC using winbind
for authentication against a tdbsam database.  I've tried reading the
official howto, and a few help sites, but I'm still having difficulty
accomplishing my goal.  I'm using Samba 3.3.2 on Fedora 11 for both
computers.

On the DMS, connecting to the domain (net rpc join) reports that it
has connected successfully.  On the server, these errors are logged
(though I suspect most are not actual errors):
[2009/09/10 16:08:06,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
 get_md4pw: Workstation TV$: no account in domain
[2009/09/10 16:08:06,  0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(528)
 _netr_ServerAuthenticate2: failed to get machine password for
account TV$: NT_STATUS_ACCESS_DENIED
[2009/09/10 16:08:06,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
 get_md4pw: Workstation TV$: no account in domain
[2009/09/10 16:08:06,  0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(528)
 _netr_ServerAuthenticate2: failed to get machine password for
account TV$: NT_STATUS_ACCESS_DENIED
[2009/09/10 16:08:09,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [root] -> [root] ->
[root] succeeded
[2009/09/10 16:08:09,  2] libsmb/credentials.c:netlogon_creds_server_check(223)
 netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:08:09,  0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
 _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$
[2009/09/10 16:08:09,  2] libsmb/credentials.c:netlogon_creds_server_check(223)
 netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:08:09,  0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
 _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$

Checking the join on the DMS (net rpc testjoin) produces no local
errors, but this error on the PDC:
[2009/09/10 16:07:22,  2] libsmb/credentials.c:netlogon_creds_server_check(223)
 netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:07:22,  0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
 _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$

wbinfo -u and -g produce (maybe) a more meaningful error, but not one
I can find an answer to with google:
[2009/09/10 16:08:29,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [TV$] -> [TV$] ->
[tv$] succeeded
[2009/09/10 16:08:29,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [TV$] -> [TV$] ->
[tv$] succeeded
[2009/09/10 16:08:29,  2]
rpc_server/srv_samr_nt.c:access_check_samr_function(247)
 _samr_OpenDomain: ACCESS DENIED (granted: 0x00020010;  required: 0x00000020)

Can anyone help?  I originally thought it was an IDMAP problem, but
the errors are not suggesting that in any comprehensible way to me.

Thanks!
Anthony


More information about the samba mailing list