[Samba] I can't join to an existing domain (yet)

Rowland Penny rowlandpenny at googlemail.com
Fri Feb 13 13:39:34 MST 2015 

On 13/02/15 19:31, Denis Morejon Lopez wrote:
> Yes, it exists and it's a real pc:
>
> (Command)
> ldbsearch -H /var/lib/samba/private/sam.ldb '(CN=PC009375)'
>
> (Response)
> # record 1
> dn: CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> cn: PC009375
> instanceType: 4
> whenCreated: 20150211134757.0Z
> uSNCreated: 40651
> name: PC009375
> objectGUID: 210eef29-986f-4bdc-a0ae-5833f1948018
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> objectSid: S-1-5-21-1294415360-3796152602-1730644256-3166
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: PC009375$
> objectCategory: 
> CN=Computer,CN=Schema,CN=Configuration,DC=dtcf,DC=etecsa,DC=cu
> sAMAccountType: 805306369
> isCriticalSystemObject: FALSE
> primaryGroupID: 515
> pwdLastSet: 130681360770000000
> displayName: PC009375$
> userAccountControl: 4096
> dNSHostName: pc009375.dtcf.etecsa.cu
> servicePrincipalName: HOST/pc009375.dtcf.etecsa.cu
> servicePrincipalName: HOST/PC009375
> operatingSystem: Windows XP Professional
> operatingSystemServicePack: Service Pack 3
> operatingSystemVersion: 5.1 (2600)
> whenChanged: 20150211134801.0Z
> uSNChanged: 40656
> distinguishedName: CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>
> I will try using repadmin.
>
>
>
> On 02/13/2015 11:06 AM, Rowland Penny wrote:
>>
>> On 13/02/15 15:29, Denis Morejon Lopez wrote:
>>>
>>> I tried first all these with linux ldbmodify using that ldif with 
>>> the dn::  (code 64)
>>> but an error like the last you will see here occurred.
>>>
>>> Then, I tried with Windows ldifde.
>>>
>>> # The Windows OS is in spanish. That's why I will comment the must 
>>> important lines for you (Since my point of view).
>>>
>>> C:\Users\denis.morejon.DTCF.002\rename.ldif
>>> # Rename a RDN using base64 encode
>>> dn:: 
>>> Q049UEMwMDAxNzEwNDMzNlwwQUNORjo1Nzk4NDI1YS1kYjMwLTRmMzktOThlZC02ZThhYTE1YzM0YjUsQ049UEMwMDkzNzUsQ049Q29tcHV0ZXJzLERDPWR0Y2YsREM9ZXRlY3NhLERDPWN1Cg==
>>> changetype:modrdn
>>> newrdn: cn=trash1
>>> deleteoldrdn: 1
>>>
>>> # Note: The encode is ok because if I change some characters in the 
>>> encoded string, It doesn't show me CN=PC00... in the response.
>>>
>>> C:\Users\denis.morejon.DTCF.002>ldifde -i -f rename.ldif -s zentyal1
>>> Conectándose a "zentyal1"
>>> Iniciando sesión como usuario actual usando SSPI
>>> Importando directorio desde el archivo "rename.ldif"
>>> La compatibilidad con compromiso relajado no está disponible en el 
>>> servidor; (*Support for relaxed commitment is not available on the 
>>> server)
>>> el compromiso relajado se deshabilitará. (relaxed commitment will be 
>>> disabled)
>>> Cargando entradas.
>>> Agregar error en la entrada que empieza en la línea 2: otros
>>> El error del lado del servidor es: 0x2095 Error del servicio de 
>>> directorios.
>>> El error extendido del servidor es:
>>> 00002095: objectclass: Cannot rename 
>>> CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
>>> 8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>>> , parent does not exist!
>>> 0 entradas modificadas correctamente.
>>> Error en el programa
>>> No se escribieron archivos de registro. Para generar un archivo de 
>>> registro,
>>> utilice la opción -j para especificar su ruta de acceso.
>>>
>>
>> Hmm:
>>
>> El error extendido del servidor es:
>> 00002095: objectclass: Cannot rename 
>> CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
>> 8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>> , parent does not exist!
>>
>> does 'CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu' exist ??
>>
>> As you have access to windows you could try 'repadmin'
>>
>> Rowland
>>
>>
>>
>> ---
>> This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running at host imx2.etecsa.cu
>> Visit our web-site:<http://www.kaspersky.com>,<http://www.viruslist.com>
>
>
>
> ---
> This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running at host imx3.etecsa.cu
> Visit our web-site: <http://www.kaspersky.com>, <http://www.viruslist.com>

Then what is: CN=PC00017104336 ??

Rowland

More information about the samba mailing list