Not sure if this is related, but I had problems joining or rejoining XP
or Win 7 machines to the domain after upgrading to Samba 3.5.x. I have
a Samba PDC and Samba BDC with an LDAP backend.
The backend unix account would already exist. i would have to delete
the samba machine account and then precreate (or preserve) only 2 samba
LDAP attributes.
Delete the machine account
#smbpasswd -x -m machinename
The use an LDAP editor (e.g. apache directory studio), remove any
remaining samba attributes (if necessary) except sambaPrimaryGroupSID
and sambaAccountFlags. If necessary, create sambaPrimaryGroupSID and
sambaAccountFlags.
type: sambaPrimaryGroupSID
value: S-1-5-21-XXX-YYY-ZZZZ-515
type: sambaAccountFlags
value: [W ]
At this point I could rejoin the domain. You can also use "smbpasswd -a
-m machinename" to test this. After joining the machine to the
domain, verify the LDAP settings for sambaAccountFlags. Smbpasswd
command may have set the sambaAccountFlags to be U (for user) not W (for
workstation.) Make sure that Pbdedit and LDAP editors may report the
same thing for sambaAccountFlags.
On 12/23/2011 03:08 AM, L.P.H. van Belle wrote:
please update, in wheezy samba is upgraded to 3.6.1
and test again.
Louis
-----Oorspronkelijk bericht-----
Van: [email protected]
[mailto:[email protected]] Namens John G. Heim
Verzonden: 2011-12-22 20:28
Aan: [email protected]
Onderwerp: [Samba] net rpc testjoin error
I have a PDC running debian wheezy with samba 3.5.11 . If I
run 'net rpc
testjoin' on my PDC, it does this:
# net rpc testjoin
get_schannel_session_key: could not fetch trust account
password for domain
'UW-MATH'
net_rpc_join_ok: failed to get schannel session key from
server HUBBLE for
domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Join to domain 'UW-MATH' is not valid:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
The backend is openldap and I can find the name of my PDC in the ldap
database. It appears to have a valid machine trust account
based on the ldap
record.
The main problem I'm having is that after I joined a Win7
machine to the
domain, I can't log in as a domain user. It says "The trust
relationship
between this workstation and the domain failed."
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba