[Samba] Trouble joining Windows 7 machines to Samba PDC
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Mar 15 05:04:08 MDT 2010
Hi folks,
We have a domain controller running Samba 3.4.5 that is backed onto an
OpenLDAP datastore. The domain has no trouble joining Windows XP clients,
but we've got a couple of Windows 7 / Windows Server 2008 R2 Standard that
we can't join to the domain.
The registry changes suggested in
http://wiki.samba.org/index.php?title=Windows7&oldid=4766 have been
applied, and a UNIX account for the machine has been created.
While the creation of the object in LDAP appears to succeed, the join
fails with super-helpful message "The parameter is incorrect" on the
client.
I've attached the NetSetup.log, the output of testparm, and a debug log at
level 5 from one of the clients. The only thing particularly notable in
the NetSetup output is:
NetpSetNetlogonDomainCache: DsEnumerateDomainTrustsW for all trusts failed
with ERROR_NOT_SUPPORTED -- retry
Any hints?
David Adam
University Computer Club, UWA
zanchey at ucc.gu.uwa.edu.au
-------------- next part --------------
[global]
workgroup = UCCDOMAYNE
server string = %h server
obey pam restrictions = Yes
passdb backend = ldapsam:"ldaps://mussel.ucc.gu.uwa.edu.au ldaps://martello.ucc.gu.uwa.edu.au/"
log level = all:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
debug pid = Yes
logon path = \musundo\profiles
logon drive = H:
logon home = \\musundo\%U
domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = 130.95.13.3
ldap admin dn = cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
ldap machine suffix = ou=Computers
ldap passwd sync = only
ldap suffix = dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
-------------- next part --------------
?03/15/2010 18:19:21:613 -----------------------------------------------------------------
03/15/2010 18:19:21:613 NetpValidateName: checking to see if 'MAAXEN' is valid as type 1 name
03/15/2010 18:19:21:633 NetpCheckNetBiosNameNotInUse for 'MAAXEN' [MACHINE] returned 0x0
03/15/2010 18:19:21:633 NetpValidateName: name 'MAAXEN' is valid for type 1
03/15/2010 18:19:21:664 -----------------------------------------------------------------
03/15/2010 18:19:21:664 NetpValidateName: checking to see if 'MAAXEN.ucc.gu.uwa.edu.au' is valid as type 5 name
03/15/2010 18:19:21:664 NetpValidateName: name 'MAAXEN.ucc.gu.uwa.edu.au' is valid for type 5
03/15/2010 18:19:21:700 -----------------------------------------------------------------
03/15/2010 18:19:21:701 NetpValidateName: checking to see if 'UCCDOMAYNE' is valid as type 3 name
03/15/2010 18:19:21:828 NetpCheckDomainNameIsValid [ Exists ] for 'UCCDOMAYNE' returned 0x0
03/15/2010 18:19:21:828 NetpValidateName: name 'UCCDOMAYNE' is valid for type 3
03/15/2010 18:19:26:413 -----------------------------------------------------------------
03/15/2010 18:19:26:413 NetpDoDomainJoin
03/15/2010 18:19:26:413 NetpMachineValidToJoin: 'MAAXEN'
03/15/2010 18:19:26:413 OS Version: 6.1
03/15/2010 18:19:26:413 Build number: 7600 (7600.win7_rtm.090713-1255)
03/15/2010 18:19:26:414 SKU: Windows Server 2008 R2 Standard
03/15/2010 18:19:26:414 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
03/15/2010 18:19:26:414 NetpGetLsaPrimaryDomain: status: 0x0
03/15/2010 18:19:26:414 NetpMachineValidToJoin: status: 0x0
03/15/2010 18:19:26:415 NetpJoinDomain
03/15/2010 18:19:26:415 Machine: MAAXEN
03/15/2010 18:19:26:415 Domain: UCCDOMAYNE
03/15/2010 18:19:26:415 MachineAccountOU: (NULL)
03/15/2010 18:19:26:415 Account: UCCDOMAYNE\zanchey
03/15/2010 18:19:26:415 Options: 0x25
03/15/2010 18:19:26:415 NetpLoadParameters: loading registry parameters...
03/15/2010 18:19:26:415 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
03/15/2010 18:19:26:415 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
03/15/2010 18:19:26:415 NetpLoadParameters: status: 0x0
03/15/2010 18:19:26:415 NetpValidateName: checking to see if 'UCCDOMAYNE' is valid as type 3 name
03/15/2010 18:19:26:517 NetpCheckDomainNameIsValid [ Exists ] for 'UCCDOMAYNE' returned 0x0
03/15/2010 18:19:26:517 NetpValidateName: name 'UCCDOMAYNE' is valid for type 3
03/15/2010 18:19:26:517 NetpDsGetDcName: trying to find DC in domain 'UCCDOMAYNE', flags: 0x1020
03/15/2010 18:19:34:025 NetpLoadParameters: loading registry parameters...
03/15/2010 18:19:34:025 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
03/15/2010 18:19:34:025 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
03/15/2010 18:19:34:025 NetpLoadParameters: status: 0x0
03/15/2010 18:19:34:025 NetpDsGetDcName: found DC '\\MYLAH' in the specified domain
03/15/2010 18:19:34:025 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/15/2010 18:20:29:939 NetpJoinDomain: status of connecting to dc '\\MYLAH': 0x0
03/15/2010 18:20:29:939 NetpProvisionComputerAccount:
03/15/2010 18:20:29:939 lpDomain: UCCDOMAYNE
03/15/2010 18:20:29:939 lpMachineName: MAAXEN
03/15/2010 18:20:29:939 lpMachineAccountOU: (NULL)
03/15/2010 18:20:29:939 lpDcName: MYLAH
03/15/2010 18:20:29:939 lpDnsHostName: (NULL)
03/15/2010 18:20:29:939 lpMachinePassword: (null)
03/15/2010 18:20:29:939 lpAccount: UCCDOMAYNE\zanchey
03/15/2010 18:20:29:939 lpPassword: (non-null)
03/15/2010 18:20:29:939 dwJoinOptions: 0x25
03/15/2010 18:20:29:939 dwOptions: 0x40000003
03/15/2010 18:20:30:953 NetpLdapBind: ldap_bind failed on MYLAH: 81: Server Down
03/15/2010 18:20:30:997 NetpGetLsaPrimaryDomain: DNS Domain policy not supported, falling back to Primary Domain
03/15/2010 18:20:31:011 NetpGetLsaPrimaryDomain: status: 0x0
03/15/2010 18:20:31:012 NetpCreateComputerObjectInDs: DC passed '\\MYLAH' doesn't have writable DS 0x101
03/15/2010 18:20:31:013 NetpProvisionComputerAccount: LDAP creation failed: 0x32
03/15/2010 18:20:31:013 NetpJoinDomainOnDs: Function exits with status of: 0x32
03/15/2010 18:20:31:013 NetpJoinDomainOnDs: status of disconnecting from '\\MYLAH': 0x0
03/15/2010 18:20:31:013 NetpDoDomainJoin: status: 0x32
03/15/2010 18:20:31:035 -----------------------------------------------------------------
03/15/2010 18:20:31:035 NetpDoDomainJoin
03/15/2010 18:20:31:035 NetpMachineValidToJoin: 'MAAXEN'
03/15/2010 18:20:31:035 OS Version: 6.1
03/15/2010 18:20:31:035 Build number: 7600 (7600.win7_rtm.090713-1255)
03/15/2010 18:20:31:035 SKU: Windows Server 2008 R2 Standard
03/15/2010 18:20:31:035 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
03/15/2010 18:20:31:036 NetpGetLsaPrimaryDomain: status: 0x0
03/15/2010 18:20:31:036 NetpMachineValidToJoin: status: 0x0
03/15/2010 18:20:31:036 NetpJoinDomain
03/15/2010 18:20:31:036 Machine: MAAXEN
03/15/2010 18:20:31:036 Domain: UCCDOMAYNE
03/15/2010 18:20:31:036 MachineAccountOU: (NULL)
03/15/2010 18:20:31:036 Account: UCCDOMAYNE\zanchey
03/15/2010 18:20:31:036 Options: 0x27
03/15/2010 18:20:31:036 NetpLoadParameters: loading registry parameters...
03/15/2010 18:20:31:036 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
03/15/2010 18:20:31:036 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
03/15/2010 18:20:31:036 NetpLoadParameters: status: 0x0
03/15/2010 18:20:31:036 NetpValidateName: checking to see if 'UCCDOMAYNE' is valid as type 3 name
03/15/2010 18:20:31:138 NetpCheckDomainNameIsValid [ Exists ] for 'UCCDOMAYNE' returned 0x0
03/15/2010 18:20:31:138 NetpValidateName: name 'UCCDOMAYNE' is valid for type 3
03/15/2010 18:20:31:138 NetpDsGetDcName: trying to find DC in domain 'UCCDOMAYNE', flags: 0x1020
03/15/2010 18:20:31:339 NetpLoadParameters: loading registry parameters...
03/15/2010 18:20:31:339 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
03/15/2010 18:20:31:339 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
03/15/2010 18:20:31:339 NetpLoadParameters: status: 0x0
03/15/2010 18:20:31:339 NetpDsGetDcName: found DC '\\MYLAH' in the specified domain
03/15/2010 18:20:31:339 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/15/2010 18:20:31:339 NetpJoinDomain: status of connecting to dc '\\MYLAH': 0x0
03/15/2010 18:20:31:339 NetpProvisionComputerAccount:
03/15/2010 18:20:31:339 lpDomain: UCCDOMAYNE
03/15/2010 18:20:31:339 lpMachineName: MAAXEN
03/15/2010 18:20:31:339 lpMachineAccountOU: (NULL)
03/15/2010 18:20:31:339 lpDcName: MYLAH
03/15/2010 18:20:31:339 lpDnsHostName: (NULL)
03/15/2010 18:20:31:339 lpMachinePassword: (null)
03/15/2010 18:20:31:339 lpAccount: UCCDOMAYNE\zanchey
03/15/2010 18:20:31:339 lpPassword: (non-null)
03/15/2010 18:20:31:339 dwJoinOptions: 0x27
03/15/2010 18:20:31:339 dwOptions: 0x40000003
03/15/2010 18:20:32:332 NetpLdapBind: ldap_bind failed on MYLAH: 81: Server Down
03/15/2010 18:20:32:363 NetpGetLsaPrimaryDomain: DNS Domain policy not supported, falling back to Primary Domain
03/15/2010 18:20:32:377 NetpGetLsaPrimaryDomain: status: 0x0
03/15/2010 18:20:32:378 NetpCreateComputerObjectInDs: DC passed '\\MYLAH' doesn't have writable DS 0x101
03/15/2010 18:20:32:378 NetpProvisionComputerAccount: LDAP creation failed: 0x32
03/15/2010 18:20:32:378 NetpProvisionComputerAccount: Retrying downlevel per options
03/15/2010 18:20:32:453 NetpManageMachineAccountWithSid: NetUserAdd on 'MYLAH' for 'MAAXEN$' failed: 0x8b0
03/15/2010 18:20:32:662 NetpManageMachineAccountWithSid: status of attempting to set password on 'MYLAH' for 'MAAXEN$': 0x0
03/15/2010 18:20:32:662 NetpProvisionComputerAccount: retry status of creating account: 0x0
03/15/2010 18:20:32:662 NetpEncodeProvisioningBlob: Encoding provisioning data
03/15/2010 18:20:32:662 NetpInitBlobWin7: Constructing blob...
03/15/2010 18:20:32:662 Blob version: 1
03/15/2010 18:20:32:662 lpDomain: UCCDOMAYNE
03/15/2010 18:20:32:662 lpMachineName: MAAXEN
03/15/2010 18:20:32:662 lpMachinePassword: <omitted from log>
03/15/2010 18:20:32:662 DomainDnsPolicy:
03/15/2010 18:20:32:662 Name: UCCDOMAYNE
03/15/2010 18:20:32:662 DnsDomainName: (null)
03/15/2010 18:20:32:662 DnsForestName: (null)
03/15/2010 18:20:32:662 DomainGuid: 00000000-0000-0000-0000-000000000000
03/15/2010 18:20:32:662 Sid: S-1-5-352321536-3342141748-1574249315-1264630062
03/15/2010 18:20:32:662 DcInfo:
03/15/2010 18:20:32:662 DomainControllerName: \\MYLAH
03/15/2010 18:20:32:662 DomainControllerAddress: \\MYLAH
03/15/2010 18:20:32:662 DomainControllerAddressType: 2
03/15/2010 18:20:32:662 DomainGuid: 00000000-0000-0000-0000-000000000000
03/15/2010 18:20:32:662 DomainName: UCCDOMAYNE
03/15/2010 18:20:32:662 DnsForestName: (null)
03/15/2010 18:20:32:662 Flags: 0x101
03/15/2010 18:20:32:662 DcSiteName: (null)
03/15/2010 18:20:32:662 ClientSiteName: (null)
03/15/2010 18:20:32:662 Options: 0x40000003
03/15/2010 18:20:32:662 NetpInitBlobWin7: Blob pickling result: 0
03/15/2010 18:20:32:662 NetpEncodeProvisioningBlob: result: 0x0
03/15/2010 18:20:32:662 NetpRequestOfflineDomainJoin:
03/15/2010 18:20:32:662 dwProvisionBinDataSize: 656
03/15/2010 18:20:32:662 JoinOptions: 0x27
03/15/2010 18:20:32:662 Options: 0x40000003
03/15/2010 18:20:32:662 lpWindowsPath: C:\Windows
03/15/2010 18:20:32:662 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 656 bytes
03/15/2010 18:20:32:662 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
03/15/2010 18:20:32:662 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
03/15/2010 18:20:32:662 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
03/15/2010 18:20:32:662 Blob version: 1
03/15/2010 18:20:32:662 lpDomain: UCCDOMAYNE
03/15/2010 18:20:32:662 lpMachineName: MAAXEN
03/15/2010 18:20:32:662 lpMachinePassword: <omitted from log>
03/15/2010 18:20:32:662 DomainDnsPolicy:
03/15/2010 18:20:32:662 Name: UCCDOMAYNE
03/15/2010 18:20:32:662 DnsDomainName: (null)
03/15/2010 18:20:32:662 DnsForestName: (null)
03/15/2010 18:20:32:662 DomainGuid: 00000000-0000-0000-0000-000000000000
03/15/2010 18:20:32:662 Sid: S-1-5-352321536-3342141748-1574249315-1264630062
03/15/2010 18:20:32:662 DcInfo:
03/15/2010 18:20:32:662 DomainControllerName: \\MYLAH
03/15/2010 18:20:32:662 DomainControllerAddress: \\MYLAH
03/15/2010 18:20:32:662 DomainControllerAddressType: 2
03/15/2010 18:20:32:662 DomainGuid: 00000000-0000-0000-0000-000000000000
03/15/2010 18:20:32:662 DomainName: UCCDOMAYNE
03/15/2010 18:20:32:662 DnsForestName: (null)
03/15/2010 18:20:32:662 Flags: 0x101
03/15/2010 18:20:32:662 DcSiteName: (null)
03/15/2010 18:20:32:662 ClientSiteName: (null)
03/15/2010 18:20:32:662 Options: 0x40000003
03/15/2010 18:20:32:662 NetpDoInitiateOfflineDomainJoin
03/15/2010 18:20:32:663 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
03/15/2010 18:20:32:666 NetpInitiateOfflineJoin
03/15/2010 18:20:32:666 lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
03/15/2010 18:20:32:667 dwOptions: 0x40000003
03/15/2010 18:20:32:667 NetpConvertBlobToJoinState: Translating provisioning data to internal format
03/15/2010 18:20:32:667 NetpConvertBlobToJoinState: Selecting version 1
03/15/2010 18:20:32:667 NetpConvertBlobToJoinState: exiting: 0x0
03/15/2010 18:20:32:667 NetpValidateFullJoinState: Validating provisioning data...
03/15/2010 18:20:32:667 NetpValidateFullJoinState: exiting: 0x0
03/15/2010 18:20:32:667 NetpClearFullJoinState: Removing cached state from the registry...
03/15/2010 18:20:32:667 NetpClearFullJoinState: Status of deleting join state key 0x2
03/15/2010 18:20:32:667 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
03/15/2010 18:20:32:670 NetpSaveFullJoinStateInternal: exiting: 0x0
03/15/2010 18:20:32:670 NetpSetComputerNamesOffline: Checking for pending name changes...
03/15/2010 18:20:32:670 SetHostName: TRUE
03/15/2010 18:20:32:670 SetDnsDomain: TRUE
03/15/2010 18:20:32:670 SetNetBiosName: TRUE
03/15/2010 18:20:32:670 SetCurrentValues: TRUE
03/15/2010 18:20:32:670 NetpSetComputerNamesOffline: Setting Hostname to MAAXEN
03/15/2010 18:20:32:670 NetpSetComputerNamesOffline: Setting NetBios computer name to MAAXEN
03/15/2010 18:20:32:671 NetpDoInitiateOfflineDomainJoin: status: 0x0
03/15/2010 18:20:32:671 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
03/15/2010 18:20:32:671 NetpJoinDomainOnDs: Setting netlogon cache.
03/15/2010 18:20:32:699 NetpSetNetlogonDomainCache: DsEnumerateDomainTrustsW for all trusts failed with ERROR_NOT_SUPPORTED -- retry
03/15/2010 18:20:32:799 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
03/15/2010 18:20:32:799 NetpJoinDomainOnDs: Function exits with status of: 0x0
03/15/2010 18:20:32:799 NetpJoinDomainOnDs: status of disconnecting from '\\MYLAH': 0x0
03/15/2010 18:20:32:799 NetpCompleteOfflineDomainJoin
03/15/2010 18:20:32:799 fBootTimeCaller: FALSE
03/15/2010 18:20:32:799 fSetLocalGroups: TRUE
03/15/2010 18:20:32:800 NetpLsaOpenSecret: status: 0xc0000034
03/15/2010 18:20:32:800 NetpGetLsaPrimaryDomain: status: 0x0
03/15/2010 18:20:32:800 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
03/15/2010 18:20:32:800 NetpLsaOpenSecret: status: 0xc0000034
03/15/2010 18:20:33:087 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
03/15/2010 18:20:33:087 Calling NetpQueryService to get Netlogon service state.
03/15/2010 18:20:33:088 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
03/15/2010 18:20:33:088 NetpSetLsaPrimaryDomain: for 'UCCDOMAYNE' status: 0xc000000d
03/15/2010 18:20:33:088 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x57
03/15/2010 18:20:33:088 NetpJoinDomainLocal: initiating a rollback due to earlier errors
03/15/2010 18:20:33:088 NetpLsaOpenSecret: status: 0x0
03/15/2010 18:20:33:186 NetpJoinDomainLocal: rollback: status of deleting secret: 0x0
03/15/2010 18:20:33:186 NetpClearFullJoinState: Removing cached state from the registry...
03/15/2010 18:20:33:186 NetpClearFullJoinState: Status of deleting join state key 0x0
03/15/2010 18:20:33:186 NetpMarkLastFullJoinAttempt: No offline domain join information found, FinishJoin key not found.
03/15/2010 18:20:33:186 NetpCompleteOfflineDomainJoin: An error occured while completing the offline join action, the action can be tried again. The error code was: 0x57.
03/15/2010 18:20:33:186 NetpCompleteOfflineDomainJoin: status: 0x57
03/15/2010 18:20:33:186 NetpDoDomainJoin: status: 0x57
More information about the samba
mailing list