[Samba] Cannot join server to Samba4 NT4 domain

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed May 11 15:09:52 UTC 2016


is  "security=domain" set in smb.conf ?



On 05/04/16 15:16, Marcio Vogel Merlone dos Santos wrote:
> Em 28-04-2016 12:14, Rowland penny escreveu:
>> On 28/04/16 15:16, MI wrote:
>>> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP.
>>>
>>> I would like to add another server, and have it authenticate users 
>>> against openLDAP. I thought I had to add the new server to the 
>>> domain with "net rpc join", but that seems to think I want to join 
>>> an AD domain, and fails:
>>>
>>>     # net rpc join -U root%mypassword
>>>     No realm has been specified! Do you really want to join an 
>>> Active Directory server?
>>>     Failed to join domain: failed to lookup DC info for domain 
>>> 'MYDOMAIN' over rpc: This error indicates that the requested
>>>     operation cannot be completed due to a catastrophic media 
>>> failure or an on-disk data structure corruption.
>>>
>>
>> I did something similar last week in a test domain and had a similar 
>> problem, I got it to work by using 'administrator' instead of 'root'. 
>> It still complained about active directory, I think somebody changed 
>> 'net' without considering NT-4 style domains.
>
> Sorry to say just "me too".
>
> Trying to join my Mint 17.3 Desktop (samba 
> 2:4.3.9+dfsg-0ubuntu0.14.04.1) as a NT4-style domain member of an old 
> 3.4 samba PDC (2:3.4.7~dfsg-1ubuntu3.15) I get this:
>
> mic-158 samba # net rpc join -S pdc -U administrador
> No realm has been specified! Do you really want to join an Active 
> Directory server?
> Enter administrador's password:
> smb_signing_good: BAD SIG: seq 1
> Failed to join domain: failed to lookup DC info for domain 'DOM' over 
> rpc: Access denied
> mic-158 samba #
>
> Log from server:
> [2016/05/04 14:51:15,  2] lib/smbldap.c:890(smbldap_open_connection)
>   smbldap_open_connection: connection opened
> [2016/05/04 14:51:15,  2] passdb/pdb_ldap.c:2434(init_group_from_ldap)
>   init_group_from_ldap: Entry found for group: 5144
> [2016/05/04 14:51:15,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
>   get_md4pw: Workstation MIC-158$: no account in domain
> [2016/05/04 14:51:15,  0] 
> rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: failed to get machine password for 
> account MIC-158$: NT_STATUS_ACCESS_DENIED
> [2016/05/04 14:51:15,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
>   get_md4pw: Workstation MIC-158$: no account in domain
> [2016/05/04 14:51:15,  0] 
> rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: failed to get machine password for 
> account MIC-158$: NT_STATUS_ACCESS_DENIED
>
> Frozen hell: no problem to add Windows XP, 7, 8.x, 10 machines to 
> domain. Just another samba.
>
> Found any workaround? Tks, best regards.
>
>




More information about the samba mailing list