[Samba] 3.2.8 net join of 3.0.24 PDC fails

Thu, 19 Feb 2009 04:07:34 -0800 

PDC: samba-3.0.24-1
Uses ldap with smbldap tools to modify the directory
This is a stable, working platform.

New domain member (mahalo) : samba-3.2.8-0.26 on fedora 10 i386

Symptom: net rpc join fails from the new domain member.
The trust account actually does get created. But the password fields are
not written to the account.

2nd new domain member: samba-client-3.0.24-11
net join works from this client on fedora 6. smb.conf is similar to the
config on mahalo.

Thanks,

Craig Swanson


net join error:
[2009/02/18 08:44:37,  0] utils/net_rpc_join.c:net_rpc_join_newstyle(352)
 error setting trust account password: NT code 0x1c010002
Unable to join domain MTD.

Error on the PDC smb log:
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
 _net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
 _net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:37, 0] rpc_parse/parse_prs.c:prs_mem_get(559)
 prs_mem_get: reading data of size 2 would overrun buffer by 1 bytes.
[2009/02/18 08:44:37, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(848)
 api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2009/02/18 08:44:37, 0] rpc_server/srv_pipe.c:api_rpcTNP(2287)
 api_rpcTNP: samr: SAMR_SET_USERINFO failed.

Client smb.conf:
       workgroup = MTD
       netbios name = MAHALO
       server string = Samba Server
       security = DOMAIN
       dns proxy = No
       encrypt passwords = yes

PDC smb.conf
       workgroup = MTD
       netbios name = PUNCH
       #interfaces = eth0 eth0:1 127.0.0.1
       interfaces = 192.168.1.225/24 192.168.1.230/24 127.0.0.1
       bind interfaces only = yes
       username map = /etc/samba/smbusers
       #admin users= @"Domain Admins"
       server string = Samba Server
       security = user
       encrypt passwords = Yes
       obey pam restrictions = No
       ldap passwd sync = No
       unix password sync = Yes
       passwd program = /usr/sbin/smbldap-passwd -u "%u"
       passwd chat = "Changing UNIX password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
       passwd chat debug = Yes
       log level = 0
       syslog = 0
       log file = /var/log/samba/log
       max log size = 100000
       time server = Yes
       mangling method = hash2
       Dos charset = 850
       Unix charset = ISO8859-1
       time offset = 0

       logon script = %U.bat
       logon drive = H:
       logon home = \\%N\%U\%u
       logon path =

       domain logons = Yes
       os level = 65
       preferred master = Yes
       domain master = Yes
       wins support = Yes
       passdb backend = ldapsam:ldap://punch.midwest-tool.com/
       # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
       ldap admin dn = cn=Directory Manager
       ldap suffix = dc=midwest-tool,dc=com
       ldap group suffix = ou=Groups
       ldap user suffix = ou=People
       ldap machine suffix = ou=Computers
       ldap idmap suffix = ou=People
       ldap ssl = start_tls
       add user script = /usr/sbin/smbldap-useradd -m "%u"
       ldap delete dn = Yes
       delete user script = /usr/sbin/smbldap-userdel "%u"
       add machine script = /usr/sbin/smbldap-useradd -w "%u"
       add group script = /usr/sbin/smbldap-groupadd -p "%g"
       delete group script = /usr/sbin/smbldap-groupdel "%g"
       add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
       delete user from group script = /usr/sbin/smbldap-groupmod -x "%
u" "%g"
       set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

       template shell = /bin/false

       winbind use default domain = no

Machine trust account for mahalo (pdbedit -Lv mahalo$):
Unix username:        mahalo$
NT username:          mahalo$
Account Flags:        [DW         ]
User SID:             S-1-5-21-1400792368-3813960858-1703501993-1104
Primary Group SID:    S-1-5-21-1400792368-3813960858-1703501993-515
Full Name:            Computer
Home Directory:       \\punch\mahalo_\%u
HomeDir Drive:        H:
Logon Script:         mahalo_.bat
Profile Path: Domain: MTD 
Account desc:         Computer
Workstations: Munged dial: Logon time: 0 
Logoff time:          Mon, 18 Jan 2038 22:14:07 EST
Kickoff time:         Mon, 18 Jan 2038 22:14:07 EST
Password last set:    0
Password can change:  0
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to