Not sure if this is related, but I had problems joining or rejoining XP or Win 7 machines to the domain after upgrading to Samba 3.5.x. I have a Samba PDC and Samba BDC with an LDAP backend.

The backend unix account would already exist. i would have to delete the samba machine account and then precreate (or preserve) only 2 samba LDAP attributes.

Delete the machine account

    #smbpasswd -x -m machinename


The use an LDAP editor (e.g. apache directory studio), remove any remaining samba attributes (if necessary) except sambaPrimaryGroupSID and sambaAccountFlags. If necessary, create sambaPrimaryGroupSID and sambaAccountFlags.


        type:      sambaPrimaryGroupSID
        value:    S-1-5-21-XXX-YYY-ZZZZ-515
        type:      sambaAccountFlags
        value:     [W         ]


At this point I could rejoin the domain. You can also use "smbpasswd -a -m machinename" to test this. After joining the machine to the domain, verify the LDAP settings for sambaAccountFlags. Smbpasswd command may have set the sambaAccountFlags to be U (for user) not W (for workstation.) Make sure that Pbdedit and LDAP editors may report the same thing for sambaAccountFlags.




On 12/23/2011 03:08 AM, L.P.H. van Belle wrote:
please update, in wheezy samba is upgraded to 3.6.1
and test again.

Louis


-----Oorspronkelijk bericht-----
Van: [email protected]
[mailto:[email protected]] Namens John G. Heim
Verzonden: 2011-12-22 20:28
Aan: [email protected]
Onderwerp: [Samba] net rpc testjoin error

I have a PDC running debian wheezy with samba 3.5.11 . If I
run 'net rpc
testjoin' on my PDC, it does this:

# net rpc testjoin
get_schannel_session_key: could not fetch trust account
password for domain
'UW-MATH'
net_rpc_join_ok: failed to get schannel session key from
server HUBBLE for
domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Join to domain 'UW-MATH' is not valid:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO

The backend is openldap and I can find the name of my PDC in the ldap
database. It appears to have a valid machine trust account
based on the ldap
record.

The main problem I'm having is that after I joined a Win7
machine to the
domain, I can't log in as a domain user. It says "The trust
relationship
between this workstation and the domain failed."

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to