[Samba] Cannot join server to Samba4 NT4 domain

Jones Syue jonessyue at qnap.com
Thu May 5 03:14:52 UTC 2016


Hello list,

How about add 'server signing = auto',
for example:

[global]
server signing = auto

--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.

On Thu, May 5, 2016 at 3:16 AM, Marcio Vogel Merlone dos Santos <
marcio.merlone at a1.ind.br> wrote:

> Em 28-04-2016 12:14, Rowland penny escreveu:
>
>> On 28/04/16 15:16, MI wrote:
>>
>>> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP.
>>>
>>> I would like to add another server, and have it authenticate users
>>> against openLDAP. I thought I had to add the new server to the domain with
>>> "net rpc join", but that seems to think I want to join an AD domain, and
>>> fails:
>>>
>>>     # net rpc join -U root%mypassword
>>>     No realm has been specified! Do you really want to join an Active
>>> Directory server?
>>>     Failed to join domain: failed to lookup DC info for domain
>>> 'MYDOMAIN' over rpc: This error indicates that the requested
>>>     operation cannot be completed due to a catastrophic media failure or
>>> an on-disk data structure corruption.
>>>
>>>
>> I did something similar last week in a test domain and had a similar
>> problem, I got it to work by using 'administrator' instead of 'root'. It
>> still complained about active directory, I think somebody changed 'net'
>> without considering NT-4 style domains.
>>
>
> Sorry to say just "me too".
>
> Trying to join my Mint 17.3 Desktop (samba 2:4.3.9+dfsg-0ubuntu0.14.04.1)
> as a NT4-style domain member of an old 3.4 samba PDC
> (2:3.4.7~dfsg-1ubuntu3.15) I get this:
>
> mic-158 samba # net rpc join -S pdc -U administrador
> No realm has been specified! Do you really want to join an Active
> Directory server?
> Enter administrador's password:
> smb_signing_good: BAD SIG: seq 1
> Failed to join domain: failed to lookup DC info for domain 'DOM' over rpc:
> Access denied
> mic-158 samba #
>
> Log from server:
> [2016/05/04 14:51:15,  2] lib/smbldap.c:890(smbldap_open_connection)
>   smbldap_open_connection: connection opened
> [2016/05/04 14:51:15,  2] passdb/pdb_ldap.c:2434(init_group_from_ldap)
>   init_group_from_ldap: Entry found for group: 5144
> [2016/05/04 14:51:15,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
>   get_md4pw: Workstation MIC-158$: no account in domain
> [2016/05/04 14:51:15,  0]
> rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: failed to get machine password for account
> MIC-158$: NT_STATUS_ACCESS_DENIED
> [2016/05/04 14:51:15,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
>   get_md4pw: Workstation MIC-158$: no account in domain
> [2016/05/04 14:51:15,  0]
> rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: failed to get machine password for account
> MIC-158$: NT_STATUS_ACCESS_DENIED
>
> Frozen hell: no problem to add Windows XP, 7, 8.x, 10 machines to domain.
> Just another samba.
>
> Found any workaround? Tks, best regards.
>
>
> --
> *Marcio Merlone*
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list