[Samba] "Incorrectly formatted request" from NT4, "Network responded incorrectly" from SAMBA 'net', trying to join NT4 domain on 4.13, 4.15

Gérard Guével gguevel at interfaceconcept.com
Mon Nov 8 17:48:39 UTC 2021 

Hi Dylan,

Here is a sorted smb.conf file which works with Samba version 4.7.6-Ubuntu.
I had the same error :  
"Failed to join domain: failed to lookup DC info for domain 'DOMAIN' over
rpc: [Access Denied]
A process has requested access to an object but has not been granted those
access rights."
Now it works but I don't know which parameters are mandatory.
You can add '-d 5' to debug your command 'net -d 5 rpc join -S PDC -U
myadmin%mypwd'.

[global]
    allow dns updates = disabled
    bind interfaces only = No
    cldap port = 0
    client ipc signing = auto
    client ldap sasl wrapping = plain
    client max protocol = NT1
    client min protocol = CORE
    client min protocol = NT1
    client schannel = Auto
    client use spnego = No
    ctdbd socket = /var/run/ctdb/ctdbd.socket
    dcerpc endpoint servers =
    debug timestamp = Yes
    dgram port = 0
    dns proxy = no
    dns update command =
    domain logons = yes
    domain master = no
    encrypt passwords = true
    force create mode = 00
    force directory mode = 00
    hosts allow = 192.168.1. 192.168.2. 192.168.3. 192.168.4. 127.
    hosts allow = 192.168.1., 192.168.2., 192.168.3., 192.168.4., 127.
    idmap gid = 10000-20000
    idmap uid = 10000-20000
    inherit owner = No
    kpasswd port = 0
    krb5 port = 0
    ldap page size = 1024
    load printers = no
    local master = no
    log file = /var/log/samba/samba.log
    log level = 3
    logon path =
    mangled names = Yes
    map to guest = bad user
    max open files = 16404
    name resolve order = wins bcast host
    name resolve order = wins, bcast, host
    nbt port = 0
    netbios name = MYNAME
    nsupdate command =
    ntlm auth = Yes
    ntp signd socket directory =
    ntvfs handler =
    os level = 64
    passdb backend = tdbsam
    preferred master = no
    preload =
    print notify backchannel = Yes
    print ok = No
    require strong key = No
    rndc command =
    samba kcc command =
    security = domain
    server string =
    share backend =
    show add printer wizard = no
    smb2 max read = 1048576
    smb2 max trans = 1048576
    smb2 max write = 1048576
    smb ports = 445, 139
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    spn update command =
    strict sync = No
    tls cafile =
    tls certfile =
    tls enabled = No
    tls keyfile =
    username map = /etc/samba/smbusers
    web port = 0
    winbind enum groups = yes
    winbind enum groups = Yes
    winbind enum users = yes
    winbind enum users = Yes
    winbind expand groups = 1
    winbind rpc only = No
    winbind rpc only = yes
    winbind sealed pipes = No
    winbind sealed pipes = No
    winbind separator = /
    winbind use default domain = yes
    winbind use default domain = Yes
    wins proxy = no
    wins server = 192.168.4.212
    wins support = no
    workgroup = DOMAIN

Hope it helps you
Gerard

De : samba [mailto:samba-bounces at lists.samba.org] De la part de Dylan J.
Morrison via samba
Envoyé : lundi 8 novembre 2021 15:11 À : samba at lists.samba.org
Objet : Re: [Samba] "Incorrectly formatted request" from NT4, "Network
responded incorrectly" from SAMBA 'net', trying to join NT4 domain on 4.13,
4.15

Re "is winbind running" bit of a catch-22 there. winbind gives me this
error:

  Could not find our SID. Did we join?

And then quits. Which means I can't actually have it running while
attempting to join.

That said, changing to NT1 and adding the idmap bits did at least change the
error I'm receiving. Now it's this:

  Failed to join domain: failed to lookup DC info for domain 'OLDSEP' over
rpc: [Access Denied] A process has requested access to an object but has not
been granted those access rights.

And in the event log on the PDC:

  The session startup for the computer FILESRV failed because these is no
trust account in the security database for this computer. The name of the
account referenced in the security database is FILESRV$.

So it's still failing to do something right, because JOIN should be
*creating* the trust account. Thanks for the help though, we're on the right
track.
Worst comes to worst and I can't figure out how to get them to talk to each
other I supposed I can compile 4.7 since that's before these changes you
mentioned.
Apologies for the lack of proper quoting, I'm using digest mode and I don't
know how to do quote blocks on Thunderbird. Can you tell I don't use mailing
lists much?

Dylan M
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list