[Samba] net rpc testjoin error
Gaiseric Vandal
gaiseric.vandal at gmail.com
Fri Dec 23 09:04:40 MST 2011
Not sure if this is related, but I had problems joining or rejoining XP
or Win 7 machines to the domain after upgrading to Samba 3.5.x. I have
a Samba PDC and Samba BDC with an LDAP backend.
The backend unix account would already exist. i would have to delete
the samba machine account and then precreate (or preserve) only 2 samba
LDAP attributes.
Delete the machine account
#smbpasswd -x -m machinename
The use an LDAP editor (e.g. apache directory studio), remove any
remaining samba attributes (if necessary) except sambaPrimaryGroupSID
and sambaAccountFlags. If necessary, create sambaPrimaryGroupSID and
sambaAccountFlags.
type: sambaPrimaryGroupSID
value: S-1-5-21-XXX-YYY-ZZZZ-515
type: sambaAccountFlags
value: [W ]
At this point I could rejoin the domain. You can also use "smbpasswd -a
-m machinename" to test this. After joining the machine to the
domain, verify the LDAP settings for sambaAccountFlags. Smbpasswd
command may have set the sambaAccountFlags to be U (for user) not W (for
workstation.) Make sure that Pbdedit and LDAP editors may report the
same thing for sambaAccountFlags.
On 12/23/2011 03:08 AM, L.P.H. van Belle wrote:
> please update, in wheezy samba is upgraded to 3.6.1
> and test again.
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: jheim at math.wisc.edu
>> [mailto:samba-bounces at lists.samba.org] Namens John G. Heim
>> Verzonden: 2011-12-22 20:28
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] net rpc testjoin error
>>
>> I have a PDC running debian wheezy with samba 3.5.11 . If I
>> run 'net rpc
>> testjoin' on my PDC, it does this:
>>
>> # net rpc testjoin
>> get_schannel_session_key: could not fetch trust account
>> password for domain
>> 'UW-MATH'
>> net_rpc_join_ok: failed to get schannel session key from
>> server HUBBLE for
>> domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> Join to domain 'UW-MATH' is not valid:
>> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>>
>> The backend is openldap and I can find the name of my PDC in the ldap
>> database. It appears to have a valid machine trust account
>> based on the ldap
>> record.
>>
>> The main problem I'm having is that after I joined a Win7
>> machine to the
>> domain, I can't log in as a domain user. It says "The trust
>> relationship
>> between this workstation and the domain failed."
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list