[Samba] Failing to add XP SP3 client to Samba domain

Steve Cayford cayfo001 at umn.edu
Fri Sep 18 14:29:47 MDT 2009 

Hi,

I'm running samba 3.2.5 as a domain controller on a Debian Lenny server 
with authentication data stored in a local openldap instance. The server 
has been running smoothly since I originally set it up on Sarge. I upgraded 
to Etch a while back and then to Lenny about a month ago.

I'm trying to add a new Windows XP SP3 client to the domain for the first 
time since the latest upgrade and I'm getting the error message "The user 
name could not be found" on the client. I've joined clients to the domain 
previously with no problems using the "root" account on the server.

Upon examining the ldap entries I can see that an account *was* created for 
the computer (named foshan), but it is incomplete as it only has the 
following attributes:

cn 		foshan$
description	Computer
gecos		Computer
gidNumber	515
homeDirectory	/dev/null
loginShell	/bin/false
uid		foshan$
uidNumber	4905

Looking at a previously joined computer account, it should contain the 
following (some details removed):

cn			clientname$
description		Computer
displayName		CLIENTNAME$
gecos			Computer
gidNumber		515
homeDirectory		/dev/null
loginShell		/bin/false
sambaAcctFlags		[W ]
sambaNTPassword		...
sambaPrimaryGroupSID	...
sambaPwdCanChange	...
sambaPwdLastSet		...
sambaPwdMustChange	...
sambaSID		...
sn			clientname$
uid			clientname$
uidNumber		3023

The log file log.foshan has these error messages interspersed throughout it:

[2009/09/18 15:02:04,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
   write_data: write failure in writing to client 0.0.0.0. Error Connection 
reset by peer
[2009/09/18 15:02:04,  0] smbd/process.c:srv_send_smb(74)
   Error writing 4 bytes to client. -1. (Transport endpoint is not connected)

However the join itself doesn't seemed to have failed:

[2009/09/18 15:02:04,  2] auth/auth.c:check_ntlm_password(308)
   check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
[2009/09/18 15:02:04,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 544
[2009/09/18 15:02:04,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 512
[2009/09/18 15:02:05,  0] lib/util_sock.c:write_data(1136)
[2009/09/18 15:02:05,  0] lib/util_sock.c:get_peer_addr_internal(1676)
   getpeername failed. Error was Transport endpoint is not connected
   write_data: write failure in writing to client 0.0.0.0. Error Connection 
reset by peer
[2009/09/18 15:02:05,  0] smbd/process.c:srv_send_smb(74)
   Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2009/09/18 15:02:05,  2] lib/smbldap.c:smbldap_open_connection(796)
   smbldap_open_connection: connection opened
[2009/09/18 15:02:05,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
   init_sam_from_ldap: Entry found for user: root
[2009/09/18 15:02:05,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 512
[2009/09/18 15:02:05,  2] auth/auth.c:check_ntlm_password(308)
   check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
[2009/09/18 15:02:05,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 544
[2009/09/18 15:02:05,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 512
[2009/09/18 15:02:06,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
   Returning domain sid for domain MAC -> S-1-... etc


Thanks for any suggestions on what to look for.

-Steve

More information about the samba mailing list