Okay, I have determined that the problem is with the BDC. I shutdown samba
on the BDC and was able to log into the domain. So perhaps the ldap
replication isn't working.
Should 'net getlocalsid' on a BDC show a SID that matches the SID on the
PDC? I ran 'net rpc getsid' on the BDC and it said it was storing the SID in
secrets.tdb. when I ask for the localsid, it gives me a mismatched SID.
root@gracie:~# net rpc getsid
Storing SID S-1-5-21-1546634795-1778232220-242194531 for Domain UW-MATH in
secre
ts.tdb
root@gracie:~# net getlocalsid
From: "Gaiseric Vandal" <[email protected]>
To: <[email protected]>
Sent: Thursday, December 22, 2011 1:43 PM
Subject: Re: [Samba] net rpc testjoin error
Did you make the required registry changes
http://wiki.samba.org/index.php/Windows7
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do you have problems with XP machines?
On 12/22/2011 02:28 PM, John G. Heim wrote:
I have a PDC running debian wheezy with samba 3.5.11 . If I run 'net rpc
testjoin' on my PDC, it does this:
# net rpc testjoin
get_schannel_session_key: could not fetch trust account password for
domain 'UW-MATH'
net_rpc_join_ok: failed to get schannel session key from server HUBBLE
for domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Join to domain 'UW-MATH' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
The backend is openldap and I can find the name of my PDC in the ldap
database. It appears to have a valid machine trust account based on the
ldap record.
The main problem I'm having is that after I joined a Win7 machine to the
domain, I can't log in as a domain user. It says "The trust relationship
between this workstation and the domain failed."
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba