Okay, this is near the end of a marathon day trying to get this linux machine up and
running as a PDC. At this point I am unable to get a Windows 2K machine to join the
domain, it responds with "Logon failure: unknown user name or bad password". Samba
log shows the following:
rpc_server/srv_samr_nt.c: _samr_set_userinfo(2937)
_samr_set_userinfo: 2937
rpc_server/src_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 32 FA F0 40
[010] BF 22 00 00
rpc_server/srv_samr_nt.c:access_check_samr_function(106)
_samr_set_userinfo: access check ((granted: 0x000000b0; required:0x00000024)
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_set_userinfo: ACCESS DENIED (granted: 0x000000b0; required: 0x00000024)
rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_set_userinfo
rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
The log appears to show that the machine account was established properly, but failed
when the server was attempting to set a password? Google pulls up only one hit:
http://lists.samba.org/archive/samba/2003-December/076951.html
This is a Debian box ("testing" distribution), samba package is 3.0.2a-1 (modified to
enable LDAP).
The user I am attempting to add the machine with is named Administrator, which is a
normal user (uid=3011, rid=7000) that has a primary group of "Domain Admins"
(gid=3011, sid=<SID>-512) and a secondary group of "Administrators" (gid=3002,
sid="S-1-5-32-544")
FYI, As a strange side effect of my installation, I had to modify the samba.schema
that came with the package, as the compiled output was demanding to use the
"historical schema". Don't know if it has anything to do with this issue, but I'm
throwing it out there for additional information.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
