[Samba] Adding a machine acount

Dermot paikkos at googlemail.com
Wed Oct 12 05:33:53 MDT 2011 

Hi,

I migrated from an MS NT Domain to a samba3 domain some time back. I
forgot about a couple of machines and am trying to add them. These are
Buffalo NAS workstations so are basically *nix machines with a web
interface. I have not had to add any machines to the domain from the
samba PDC before. This is what I've done. I tried to add the machine
using it's web interface but it failed and I noticed these errors in
the sambaPDC logs:

[2011/10/12 10:28:49.106714,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation FOOBAR$: no account in domain
[2011/10/12 10:28:49.106886,  0]
rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for
account FOOBAR$: NT_STATUS_ACCESS_DENIED
[2011/10/12 10:28:49.118230,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation FOOBAR$: no account in domain
[2011/10/12 10:28:49.118312,  0]
rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for
account FOOBAR$: NT_STATUS_ACCESS_DENIED

The machine didn't seem to be in the ldap backend. So I added it with
`smbldpa-useradd -w foobar`. I then went back to the user interface
and tried again. I got the same error. I tried `pdbedit -Lv | grep -i
foobar` and got "Username not found!".

I'm not sure if smbldap tool is not working but I did pdbedit -a -m
FOOBAR$. I tried to get FOOBAR (not real name) to join again and this
time got this error:

[2011/10/12 11:06:20.745128,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client LEDA machine account LEDA$
[2011/10/12 11:06:20.753498,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client LEDA machine account LEDA$

I'm a little lost now. I wouldn't mind if someone can explain or
confirm if I should do smbldap-useradd and pdbedit to add an account
(machine or otherwise) but I'd really appreciate some help resoling
this authentication problem.

Thanks in advance,
Dermot.

More information about the samba mailing list