[Samba] Cannot join linux based clients to PDC (Samba 3.5.1)
Mikael Sundell
mikael.sundell at gmail.com
Wed Mar 31 10:53:30 MDT 2010
Hi all!
The problem relates to joining linux based clients to our PDC (all
Samba 3.5.1 running on CentOS5).
For some time Profiles, Homes, Netlogon and in general adding new
Windows machines has been working fine but when we try to add a new
linux client (CLIENT-FS1) to the PDC the following errors are
reported:
/var/log/messages - SERVER-PDC
Mar 31 18:13:55 localhost smbd[30810]: [2010/03/31 18:13:55.650347,
0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
Mar 31 18:13:55 localhost smbd[30810]: get_md4pw: Workstation
CLIENT-FS1$: no account in domain
Mar 31 18:13:55 localhost smbd[30810]: [2010/03/31 18:13:55.650439,
0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
Mar 31 18:13:55 localhost smbd[30810]: _netr_ServerAuthenticate2:
failed to get machine password for account CLIENT-FS1$:
NT_STATUS_ACCESS_DENIED
Domain join cmd on CLIENT-FS1:
"net rpc join -S SERVER-PDC -U root%<password>"
returns: Joined domain NTDOMAIN
The machine is added to our LDAP directory just like the Windows machines.
The following error is reported when trying to join the linux client
(again) with the newly created entry:
Mar 31 18:40:12 localhost smbd[30946]: [2010/03/31 18:40:12.162514,
0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
Mar 31 18:40:12 localhost smbd[30946]: _netr_ServerAuthenticate2:
netlogon_creds_server_check failed. Rejecting auth request from client
CLIENT-FS1 machine account CLIENT-FS1$
smb.conf - SERVER-PDC
[global]
workgroup = NTDOMAIN
realm = NTDOMAIN.COM
netbios name = SERVER-PDC
server string = Domain Controller
interfaces = lo, eth0, 192.168.222.1
bind interfaces only = Yes
passdb backend = ldapsam:"ldap://127.0.0.1:389"
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
log level = 10
smb ports = 139
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path = \\%L\Profiles\%u
domain logons = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=ntdomain,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap suffix = dc=ntdomain,dc=com
ldap ssl = no
ldap user suffix = ou=Users
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 127., 192.168.222.
cups options = raw
[homes]
comment = Home Directories
read only = No
create mask = 0700
force create mode = 0700
directory mask = 0700
force directory mode = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
share modes = No
[Profiles]
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
profile acls = Yes
browseable = No
csc policy = disable
Please tell if more information is needed,
Thanks,
Mikael
More information about the samba
mailing list