[Samba] Unable to join Samba PDC with version 3.6.5 (works with 3.3.15)
Hello Folks, I am unable to join any linux Samba clients to my Samba-3.6.5 PDC with clients running 3.4.x, 3.5.x, or 3.6.x versions. However, 3.3.x works fine and so do my Windows clients. When I do a 'net rpc join' I get a 'successfuly joined domain' message with say 3.6.5, but I am unable to authenticate on the domain thereafter. Any clues? I can send the configurations (smb.conf) of the server and client if it can help solve this mystery. I suspect I'm just missing a configuration directive on the client side... but I can't seem to find any reference in the documentation. On the Samba-3.6.5 PDC, we're using a LDAP backend. Thanks in advance! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to join Samba
recompile samba? agustin cruz wrote: hope I'm in the right place, I trying to join a samba server to Active Directory. Samba server FreeBSD 6.2 the Active Directory machine is running Windows 2008 Server When I execute net ads join -U Administrator I get the following error /libexec/ld-elf.so.1: /usr/lib/libkrb5.so.8: Undefined symbol init_error_table does any body know how to fix this error? If I execute net rpc join -U Administrator I get a Join domain lab here is the smb.conf located in FreeBSD /usr/local/etc/ [global] Netbios Name = ROCK idmap uid = 1-2 winbind enum users = yes winbind gid = 1-2 workgroup = LAB os level = 20 winbind enum groups = yes socket address = 192.168.124.23 password server = * preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba3/log.%m encrypt passwords = yes dns proxy = no realm = lab.net security = ADS wins server = 192.168.124.23 wins proxy = no [homes] comment = Home Directories valid users = %S read only = NO browseable = yes writable = yes create mask = 0777 admin users = Administrator [test] comment = TestingADintegration browseable = yes writeable = yes path = /home/usr inherit acls = yes inherit permissions = yes directory mask = 700 valid users = @lab.net+SSCSusers admin users = @lab.net+Administrator Please help? Thanks, in advance! - Augustin _ Windows Live SkyDrive lets you share files with faraway friends. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join Samba
On 5/15/08 Augustin wrote: When I execute net ads join -U Administrator I get the following error /libexec/ld-elf.so.1: /usr/lib/libkrb5.so.8: Undefined symbol init_error_table It sounds like you're missing some libraries. Did you compile krb5 yourself or is it an rpm? If you compiled it yourself, you'll need to modify the configure or makefile scripts to point to the correct libraries. Also make sure you have the necessary devel libraries before you compile. As another check, run ldd on winbind and make sure you have all the library files listed. Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join Samba
hope I'm in the right place, I trying to join a samba server to Active Directory. Samba server FreeBSD 6.2 the Active Directory machine is running Windows 2008 Server When I execute net ads join -U Administrator I get the following error /libexec/ld-elf.so.1: /usr/lib/libkrb5.so.8: Undefined symbol init_error_table does any body know how to fix this error? If I execute net rpc join -U Administrator I get a Join domain lab here is the smb.conf located in FreeBSD /usr/local/etc/ [global] Netbios Name = ROCK idmap uid = 1-2 winbind enum users = yes winbind gid = 1-2 workgroup = LAB os level = 20 winbind enum groups = yes socket address = 192.168.124.23 password server = * preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba3/log.%m encrypt passwords = yes dns proxy = no realm = lab.net security = ADS wins server = 192.168.124.23 wins proxy = no [homes] comment = Home Directories valid users = %S read only = NO browseable = yes writable = yes create mask = 0777 admin users = Administrator [test] comment = TestingADintegration browseable = yes writeable = yes path = /home/usr inherit acls = yes inherit permissions = yes directory mask = 700 valid users = @lab.net+SSCSusers admin users = @lab.net+Administrator Please help? Thanks, in advance! - Augustin _ Windows Live SkyDrive lets you share files with faraway friends. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join Samba 3 domain with Samba 2.2.12
Hey, I'm having problems getting my Samba 2 client to join my Samba 3 domain. I get the following error: error creating domain user: NT_STATUS_NO_SUCH_USER Unable to join domain FOOBAR The one thing I'd seen and tried was setting smb ports = 139 in my smb.conf. But this doesn't seem to work.. Thanks, Margaret -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John / Jim, Thanks for the feedback. It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. Any guidance would be appreciated. Regards, Ash --Original Message- -From: John H Terpstra [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 11:27 PM -To: 'Van Sickler, Jim' -Cc: samba@lists.samba.org, '[EMAIL PROTECTED]' -Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback - -Jim / Others, - -I have tried to deal with the issues raised in this email. I agree entirely -with the suggestion. I hope it has been sufficiently dealt with in my latest -update that should become visible on the Samba web servers within 24 hours. - -Please check over the changes to Section 7.3.2 and let me know if it missed -the mark. Thanks for the feedback. - -- John T. - -On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: - John, - - The restrictanonymous setting was the primary culprit - in Ash's issue. I think he's using basically the same - setup as I am; no winbind/LDAP involved. I'm thinking - there's some initial handshaking that requires an - anonymous connection to PDC, and it's being blocked - if the restrictanonymous setting is too high. - - I sent a note to Ash ( the list) asking for the - restrictanonymous settings on his server. They - were 2 (no join) and 0 (successful join). His - admin has changed it back to 2 now that the - Samba server is a member server. The setting - is dynamic; no NT4 server reboot is required. - Can this be added to Chap 7 as a note for section 7.3.2.3? - - In the case of using net rpc join -U administrator%xx - his result was Unable to find a suitable server - which indicate Samba wasn't finding the PDC. - - In the case of using - net rpc join -S NT4SERVER -U administrator - net rpc join -S NT4SERVER -U administrator%'' - net rpc join -W MYWORKGROUP -U administrator - net rpc join -W MYWORKGROUP -U administrator%'' - his results were Unable to join domain domain - which indicate a connection to the PDC. - - He had the PDC entry in smb.conf and /etc/lmhosts, - so I think the syntax for the example in the - Guide should be revised to net join rpc -S PDC -U root%not24get - (which are %not24et on pgs 241/242 in the current Guide) - to aid in first-try success. - - Section 7.3.2 might be broken into 2 sections: - - 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers - Detailing use of the /etc/samba/smbusers file for *nix/Domain users - Incorporate the current Item 3 for joining the domain - Using net rpc info/net rpc testjoin to validate membership - This is for OS that support Samba but don't support Winbind - - 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind - Containing the current 7.3.2 contents - - - That's all for now... - Jim Van Sickler - Network Administrator - Kaman Aerospace Corp - --- -John H Terpstra -Samba-Team Member -Phone: +1 (650) 580-8668 - -Author: -The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 -Samba-3 by Example, ISBN: 0131472216 -Hardening Linux, ISBN: 0072254971 -Other books in production. - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John / Jim, Thanks for the feedback. It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. Any guidance would be appreciated. Regards, Ash --Original Message- -From: John H Terpstra [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 11:27 PM -To: 'Van Sickler, Jim' -Cc: samba@lists.samba.org, '[EMAIL PROTECTED]' -Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback - -Jim / Others, - -I have tried to deal with the issues raised in this email. I agree entirely -with the suggestion. I hope it has been sufficiently dealt with in my latest -update that should become visible on the Samba web servers within 24 hours. - -Please check over the changes to Section 7.3.2 and let me know if it missed -the mark. Thanks for the feedback. - -- John T. - -On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: - John, - - The restrictanonymous setting was the primary culprit - in Ash's issue. I think he's using basically the same - setup as I am; no winbind/LDAP involved. I'm thinking - there's some initial handshaking that requires an - anonymous connection to PDC, and it's being blocked - if the restrictanonymous setting is too high. - - I sent a note to Ash ( the list) asking for the - restrictanonymous settings on his server. They - were 2 (no join) and 0 (successful join). His - admin has changed it back to 2 now that the - Samba server is a member server. The setting - is dynamic; no NT4 server reboot is required. - Can this be added to Chap 7 as a note for section 7.3.2.3? - - In the case of using net rpc join -U administrator%xx - his result was Unable to find a suitable server - which indicate Samba wasn't finding the PDC. - - In the case of using - net rpc join -S NT4SERVER -U administrator - net rpc join -S NT4SERVER -U administrator%'' - net rpc join -W MYWORKGROUP -U administrator - net rpc join -W MYWORKGROUP -U administrator%'' - his results were Unable to join domain domain - which indicate a connection to the PDC. - - He had the PDC entry in smb.conf and /etc/lmhosts, - so I think the syntax for the example in the - Guide should be revised to net join rpc -S PDC -U root%not24get - (which are %not24et on pgs 241/242 in the current Guide) - to aid in first-try success. - - Section 7.3.2 might be broken into 2 sections: - - 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers - Detailing use of the /etc/samba/smbusers file for *nix/Domain users - Incorporate the current Item 3 for joining the domain - Using net rpc info/net rpc testjoin to validate membership - This is for OS that support Samba but don't support Winbind - - 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind - Containing the current 7.3.2 contents - - - That's all for now... - Jim Van Sickler - Network Administrator - Kaman Aerospace Corp - --- -John H Terpstra -Samba-Team Member -Phone: +1 (650) 580-8668 - -Author: -The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 -Samba-3 by Example, ISBN: 0131472216 -Hardening Linux, ISBN: 0072254971 -Other books in production. - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried removing the domain machine account for the Samba server from the PDC and made sure that the smbd, nmbd daemons were down before I execute the net rpc join commands. The result was the same as before, it wasnt able to join the domain and gave the message: Unable to join domain domain-name. The --long option does not seem to give me any additional information on the screen. Would it post any information in logs anywhere else? Any thoughts? Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the server to the domain -without having to create the machine trust -account on the PDC beforehand. - -and is a change from Samba 2.x, which required -the creation of the machine trust account -on the PDC before running smbpasswd -j DOM -r DOMPDC. - -John: if this is true, can Chap 7 be amended to -reflect the change? - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 2:25 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I have Samba shut down while executing the net rpc join - commands, as the HOW-TO says. - - On trying the following, - - # ./net rpc join -S NTSERVER - Password: - - This is the response I get, - - Could not connect to server NTSERVER - The username or password was not correct. - - The password used was that of the administrator authorized to - add machines to the domain. Is there any other - username/password I should be using? - - On trying this, - - net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - This is the response I get, - - Unable to join domain domain-name. - - BTW, what does the switch --long do? - - I have followed the exact steps in the document you have - pointed out and the HOW-TOs. Thanks for pointing that out - this particular chapter. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 08:30 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Do you have Samba shut down while you're - -running net rpc join? The daemons - -shouldn't be running, AFAIK. - - - -Make sure they're down, and try your earlier - -net rpc join commands... - - - -If that doesn't work, try just: - - net rpc join -S NT4SERVER - - - -Maybe try deleting MYSERVER from the domain, - -then - -net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - - -See - -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain - -member.html#id - -2522086 - - - - - -Jim - - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:50 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - - kind of logs on the net join rpc command? - - - - -Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:40 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -Is NT4SERVER the PDC? - - -If not, use -S PDC instead of -S NT4SERVER - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:24 PM - - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - For all of the four commands you have mentioned, I get the - - - same response: - - - - - - Unable to join domain domain-name. - - - - - - There are no error messages or explanation with it, just the - - - plain text. - - - - - - Regards, - - - - - - Ash
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried something as per your suggestion: # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean? Thanks, Ash -8 [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) Processing section [global] [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62890215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED Unable to join domain GLOBALNET. [2005/04/15 12:09:30, 2] utils/net.c:main(897) return code = 1 -8--- --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, Can you check the value of the restrictanonymous registry key on your NT4 server - I think if it's set higher than 0 or 1 you'll be prevented from joining the Domain. Set it to 0, let the Samba box join, and set it back to the previous level. You'll find the setting in 3 places with regedit; 2 are editable, and the 3rd is the current setting. Also, I'm using the smbusers file to map *nix-Windows users, because I'm not running winbindd (it's an OpenBSD box). I've got an entry of: root=administrator You might try adding that file/entry to see if it helps. I guess the --long doesn't display anything, or you have to tell it to debug in order for it to work... If you're not using a WINS server, I'd add this to your smb.conf: name resolve order = lmhosts host bcast I'm not sure if your lmhosts entry for the NT4 server is gnsi_server1 or gnsi_server10x20 I think it should be the former. Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 9:20 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I tried something as per your suggestion: # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean? Thanks, Ash -8 [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) Processing section [global] [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62890215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, One more thing to try... according to http://www.spinics.net/lists/samba/msg20429.html (Re: RE: Microsoft hotfix MS04-011, breaks Samba password change.) The samba 3 command net rpc oldjoin works in the same way as smbpasswd -j dom -r pdc in samba 2 did. You don't have to type the root password You might have to add the Samba box to the Domain again, in order to get this to work... You WILL prevail (eventually)! Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 9:05 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I tried removing the domain machine account for the Samba server from the PDC and made sure that the smbd, nmbd daemons were down before I execute the net rpc join commands. The result was the same as before, it wasnt able to join the domain and gave the message: Unable to join domain domain-name. The --long option does not seem to give me any additional information on the screen. Would it post any information in logs anywhere else? Any thoughts? Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the server to the domain -without having to create the machine trust -account on the PDC beforehand. - -and is a change from Samba 2.x, which required -the creation of the machine trust account -on the PDC before running smbpasswd -j DOM -r DOMPDC. - -John: if this is true, can Chap 7 be amended to -reflect the change? - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 2:25 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I have Samba shut down while executing the net rpc join - commands, as the HOW-TO says. - - On trying the following, - - # ./net rpc join -S NTSERVER - Password: - - This is the response I get, - - Could not connect to server NTSERVER - The username or password was not correct. - - The password used was that of the administrator authorized to - add machines to the domain. Is there any other - username/password I should be using? - - On trying this, - - net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - This is the response I get, - - Unable to join domain domain-name. - - BTW, what does the switch --long do? - - I have followed the exact steps in the document you have - pointed out and the HOW-TOs. Thanks for pointing that out - this particular chapter. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 08:30 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Do you have Samba shut down while you're - -running net rpc join? The daemons - -shouldn't be running, AFAIK. - - - -Make sure they're down, and try your earlier - -net rpc join commands... - - - -If that doesn't work, try just: - - net rpc join -S NT4SERVER - - - -Maybe try deleting MYSERVER from the domain, - -then - -net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - - -See - -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain - -member.html#id - -2522086 - - - - - -Jim - - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:50 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - - kind of logs on the net join rpc command? - - - - -Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, It worked! The modification of the registry value on the PDC allowed the samba server to join the domain. Phew! I can get some peace now :) I have also acted upon your suggestions about adding the entry to smb.conf. You were right about the server name, it was the former. Now, what we have done in terms of setting the registryvalue to 0 is a workaround. Does this have to be done everytime a Samba server joins the domain? I am going to ask my NT admin to change the value back to its original setting. Hope this doesnt cause any problems. Is there a patch for this problem that you are aware of? I would think this is a problem which the community knows about (I found a few references to this problem on Google) Thanks for you efforts. Samba and Me both prevail! Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 04:57 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - - Can you check the value of the -restrictanonymous registry key on your -NT4 server - I think if it's set higher -than 0 or 1 you'll be prevented from -joining the Domain. Set it to 0, let the -Samba box join, and set it back to the -previous level. You'll find the -setting in 3 places with regedit; 2 are -editable, and the 3rd is the current -setting. - -Also, I'm using the smbusers file to -map *nix-Windows users, because I'm not -running winbindd (it's an OpenBSD box). -I've got an entry of: -root=administrator - -You might try adding that file/entry -to see if it helps. - -I guess the --long doesn't display -anything, or you have to tell it to -debug in order for it to work... - -If you're not using a WINS server, -I'd add this to your smb.conf: -name resolve order = lmhosts host bcast - -I'm not sure if your lmhosts entry for the -NT4 server is gnsi_server1 or gnsi_server10x20 -I think it should be the former. - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Friday, April 15, 2005 9:20 AM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I tried something as per your suggestion: - - # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' - - This gave me the output listed below. Hopefully, this will - help shed some light on the problem. Do you know what does - status NT_STATUS_ACCESS_DENIED mean? - - Thanks, - - Ash - - -8 - - [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) - lp_load: refreshing parameters - [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) - Initialising global parameters - [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) - params.c:pm_process() - Processing configuration file - /usr/local/samba/lib/smb.conf - [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) - Processing section [global] - [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) - added interface ip=192.168.2.37 bcast=192.168.2.255 - nmask=255.255.255.0 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) - resolve_lmhosts: Attempting lmhosts lookup for name - gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) - resolve_wins: Attempting wins lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) - resolve_wins: WINS server resolution selected and no WINS - servers listed. - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) - resolve_hosts: Attempting host lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) - failed tcon_X with NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) - Cannot connect to server (anonymously). Error was - NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(708) - Doing spnego session setup (blob length=110) - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 48018 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 3 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 3
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, I'd try adding the next Samba box to the Domain, and use the net rpc oldjoin command first, to see if it works that way. If it does, then you won't have to mess with the restrictanonymous setting at all. I don't think setting it back to the original setting will cause problems, as everything else was working at that setting. I'm also glad that it's a dynamic setting; you don't have to reboot the server every time you change it... Maybe the reason the Samba 2.x server setups worked was that the NT4 default restrictanonymous setting was 0, and about the time 2.2x/3.x was released, NT Admins were made aware of the vulnerability at 0 and were changing it to 1 or 2. Anyway, I'm glad it's up running! Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 11:26 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, It worked! The modification of the registry value on the PDC allowed the samba server to join the domain. Phew! I can get some peace now :) I have also acted upon your suggestions about adding the entry to smb.conf. You were right about the server name, it was the former. Now, what we have done in terms of setting the registryvalue to 0 is a workaround. Does this have to be done everytime a Samba server joins the domain? I am going to ask my NT admin to change the value back to its original setting. Hope this doesnt cause any problems. Is there a patch for this problem that you are aware of? I would think this is a problem which the community knows about (I found a few references to this problem on Google) Thanks for you efforts. Samba and Me both prevail! Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 04:57 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - - Can you check the value of the -restrictanonymous registry key on your -NT4 server - I think if it's set higher -than 0 or 1 you'll be prevented from -joining the Domain. Set it to 0, let the -Samba box join, and set it back to the -previous level. You'll find the -setting in 3 places with regedit; 2 are -editable, and the 3rd is the current -setting. - -Also, I'm using the smbusers file to -map *nix-Windows users, because I'm not -running winbindd (it's an OpenBSD box). -I've got an entry of: -root=administrator - -You might try adding that file/entry -to see if it helps. - -I guess the --long doesn't display -anything, or you have to tell it to -debug in order for it to work... - -If you're not using a WINS server, -I'd add this to your smb.conf: -name resolve order = lmhosts host bcast - -I'm not sure if your lmhosts entry for the -NT4 server is gnsi_server1 or gnsi_server10x20 -I think it should be the former. - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Friday, April 15, 2005 9:20 AM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I tried something as per your suggestion: - - # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' - - This gave me the output listed below. Hopefully, this will - help shed some light on the problem. Do you know what does - status NT_STATUS_ACCESS_DENIED mean? - - Thanks, - - Ash - - -8 - - [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) - lp_load: refreshing parameters - [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) - Initialising global parameters - [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) - params.c:pm_process() - Processing configuration file - /usr/local/samba/lib/smb.conf - [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) - Processing section [global] - [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) - added interface ip=192.168.2.37 bcast=192.168.2.255 - nmask=255.255.255.0 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) - resolve_lmhosts: Attempting lmhosts lookup for name - gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) - resolve_wins: Attempting wins lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) - resolve_wins: WINS server resolution selected and no WINS - servers listed. - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) - resolve_hosts: Attempting host lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib
RE: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED)
Ash, Out of curiosity, what restrictanonymous setting was the NT4 server set to originally, and what was it set to when it allowed the net rpc join command to work? Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED)
Jim, The restrictanonymous value was set to 2, by default and was changed to 0 to allow net rpc join to work. It's back to 2 and there are no problems, yet. Thanks, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 08:33 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED) - -Ash, - - Out of curiosity, what restrictanonymous -setting was the NT4 server set to -originally, and what was it set to when it -allowed the net rpc join command to work? - -Jim - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John, The restrictanonymous setting was the primary culprit in Ash's issue. I think he's using basically the same setup as I am; no winbind/LDAP involved. I'm thinking there's some initial handshaking that requires an anonymous connection to PDC, and it's being blocked if the restrictanonymous setting is too high. I sent a note to Ash ( the list) asking for the restrictanonymous settings on his server. They were 2 (no join) and 0 (successful join). His admin has changed it back to 2 now that the Samba server is a member server. The setting is dynamic; no NT4 server reboot is required. Can this be added to Chap 7 as a note for section 7.3.2.3? In the case of using net rpc join -U administrator%xx his result was Unable to find a suitable server which indicate Samba wasn't finding the PDC. In the case of using net rpc join -S NT4SERVER -U administrator net rpc join -S NT4SERVER -U administrator%'' net rpc join -W MYWORKGROUP -U administrator net rpc join -W MYWORKGROUP -U administrator%'' his results were Unable to join domain domain which indicate a connection to the PDC. He had the PDC entry in smb.conf and /etc/lmhosts, so I think the syntax for the example in the Guide should be revised to net join rpc -S PDC -U root%not24get (which are %not24et on pgs 241/242 in the current Guide) to aid in first-try success. Section 7.3.2 might be broken into 2 sections: 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers Detailing use of the /etc/samba/smbusers file for *nix/Domain users Incorporate the current Item 3 for joining the domain Using net rpc info/net rpc testjoin to validate membership This is for OS that support Samba but don't support Winbind 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind Containing the current 7.3.2 contents That's all for now... Jim Van Sickler Network Administrator Kaman Aerospace Corp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
Jim / Others, I have tried to deal with the issues raised in this email. I agree entirely with the suggestion. I hope it has been sufficiently dealt with in my latest update that should become visible on the Samba web servers within 24 hours. Please check over the changes to Section 7.3.2 and let me know if it missed the mark. Thanks for the feedback. - John T. On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: John, The restrictanonymous setting was the primary culprit in Ash's issue. I think he's using basically the same setup as I am; no winbind/LDAP involved. I'm thinking there's some initial handshaking that requires an anonymous connection to PDC, and it's being blocked if the restrictanonymous setting is too high. I sent a note to Ash ( the list) asking for the restrictanonymous settings on his server. They were 2 (no join) and 0 (successful join). His admin has changed it back to 2 now that the Samba server is a member server. The setting is dynamic; no NT4 server reboot is required. Can this be added to Chap 7 as a note for section 7.3.2.3? In the case of using net rpc join -U administrator%xx his result was Unable to find a suitable server which indicate Samba wasn't finding the PDC. In the case of using net rpc join -S NT4SERVER -U administrator net rpc join -S NT4SERVER -U administrator%'' net rpc join -W MYWORKGROUP -U administrator net rpc join -W MYWORKGROUP -U administrator%'' his results were Unable to join domain domain which indicate a connection to the PDC. He had the PDC entry in smb.conf and /etc/lmhosts, so I think the syntax for the example in the Guide should be revised to net join rpc -S PDC -U root%not24get (which are %not24et on pgs 241/242 in the current Guide) to aid in first-try success. Section 7.3.2 might be broken into 2 sections: 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers Detailing use of the /etc/samba/smbusers file for *nix/Domain users Incorporate the current Item 3 for joining the domain Using net rpc info/net rpc testjoin to validate membership This is for OS that support Samba but don't support Winbind 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind Containing the current 7.3.2 contents That's all for now... Jim Van Sickler Network Administrator Kaman Aerospace Corp -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join samba server to a NT4 style domain
Hello, I have installed Samba version 3.0.13 on a Solaris 9 machine and am trying to add it to an existing NT domain as a member server. I have followed the instructions in Chapter 2 of the Samba HOW-TO collection for adding a samba server as a Domain member. The problem is that when i use the net rpc join command to join the domain, I get the following error: # ./net rpc join -U administrator%'' Unable to find a suitable server Unable to find a suitable server Specifying the domain name with a -w switch or the PDC doesnt seem to help. Is there a way for me to see a detailed version of the error message or some log file where this is dumped to? I am posting the smb.conf for reference. Please help me resolve this error. Thanks, Ash --8-- smb.conf [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = * idmap uid = 15000-2 debug level = 3 security = domain server string = Samba Server workgroup = MYWORKGROUP log level = 3 log file = /usr/local/samba/var/log.%m netbios name = MYSERVER load printers = yes os level = 33 default = share [homes] comment = Home Directories valid users = %S browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes [share] path = /share comment = Solaris share valid users = @Accounts guest ok = Yes read only = No --8-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Try adding the Samba server to the NT4 Domain first. Is the NT4 server also a WINS server? If so, add that info to the smb.conf wins server = xxx.xxx.xxx.xxx name resolve order = wins lmhosts host bcast Put the NT4 server info into /etc/lmhosts and /etc/hosts xxx.xxx.xxx.xxx NT4SERVER restart Samba and see if you can join the domain now. Hope this helps, Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 12:58 AM To: samba@lists.samba.org Subject: [Samba] Unable to join samba server to a NT4 style domain Hello, I have installed Samba version 3.0.13 on a Solaris 9 machine and am trying to add it to an existing NT domain as a member server. I have followed the instructions in Chapter 2 of the Samba HOW-TO collection for adding a samba server as a Domain member. The problem is that when i use the net rpc join command to join the domain, I get the following error: # ./net rpc join -U administrator%'' Unable to find a suitable server Unable to find a suitable server Specifying the domain name with a -w switch or the PDC doesnt seem to help. Is there a way for me to see a detailed version of the error message or some log file where this is dumped to? I am posting the smb.conf for reference. Please help me resolve this error. Thanks, Ash --8-- smb.conf [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = * idmap uid = 15000-2 debug level = 3 security = domain server string = Samba Server workgroup = MYWORKGROUP log level = 3 log file = /usr/local/samba/var/log.%m netbios name = MYSERVER load printers = yes os level = 33 default = share [homes] comment = Home Directories valid users = %S browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes [share] path = /share comment = Solaris share valid users = @Accounts guest ok = Yes read only = No --8-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, -Try adding the Samba server to the NT4 Domain first. Response: The samba server has already been added to the NT domain. -Is the NT4 server also a WINS server? -If so, add that info to the smb.conf - -wins server = xxx.xxx.xxx.xxx -name resolve order = wins lmhosts host bcast - -Put the NT4 server info into /etc/lmhosts -and /etc/hosts -xxx.xxx.xxx.xxxNT4SERVER Response: The NT server is not functioning as a WINS server. The /etc/hosts and /etc/lmhosts already have the entry for the NT server. The server can also resolve the NTSERVER_NAME using DNS. I also used rpcclient to see if there any connection problems, and it was able to connect just fine to the NTSERVER. Thorougly confused. Any other ideas? Thanks for your response, Ash - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:58 AM - To: samba@lists.samba.org - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - Hello, - - I have installed Samba version 3.0.13 on a Solaris 9 machine - and am trying to add it to an existing NT domain as a member - server. I have followed the instructions in Chapter 2 of the - Samba HOW-TO collection for adding a samba server as a Domain - member. The problem is that when i use the net rpc join - command to join the domain, I get the following error: - - # ./net rpc join -U administrator%'' - - Unable to find a suitable server - - Unable to find a suitable server - - Specifying the domain name with a -w switch or the PDC doesnt - seem to help. - - Is there a way for me to see a detailed version of the error - message or some log file where this is dumped to? I am - posting the smb.conf for reference. Please help me resolve - this error. - - Thanks, - - Ash - - --8-- - smb.conf - - [global] - dns proxy = no - debug timestamp = yes - encrypt passwords = yes - idmap gid = 15000-2 - socket options = TCP_NODELAY - max log size = 1024 - password server = * - idmap uid = 15000-2 - debug level = 3 - security = domain - server string = Samba Server - workgroup = MYWORKGROUP - log level = 3 - log file = /usr/local/samba/var/log.%m - netbios name = MYSERVER - load printers = yes - os level = 33 - default = share - [homes] -comment = Home Directories -valid users = %S -browseable = no -writable = yes - - [printers] -comment = All Printers -path = /usr/spool/samba -browseable = no -guest ok = no -writable = no -printable = yes - - [share] - path = /share - comment = Solaris share - valid users = @Accounts - guest ok = Yes - read only = No - - --8-- - - - - -- - To unsubscribe from this list go to the following URL and read the - instructions: https://lists.samba.org/mailman/listinfo/samba - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Hello, Is there any way to see the logs of what happens when you issue a net join rpc domain-name command? Any help would be greatly appreciated. Thanks, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 06:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Try adding the Samba server to the NT4 Domain first. - -Is the NT4 server also a WINS server? -If so, add that info to the smb.conf - -wins server = xxx.xxx.xxx.xxx -name resolve order = wins lmhosts host bcast - -Put the NT4 server info into /etc/lmhosts -and /etc/hosts -xxx.xxx.xxx.xxxNT4SERVER - -restart Samba and see if you can join -the domain now. - -Hope this helps, - Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:58 AM - To: samba@lists.samba.org - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - Hello, - - I have installed Samba version 3.0.13 on a Solaris 9 machine - and am trying to add it to an existing NT domain as a member - server. I have followed the instructions in Chapter 2 of the - Samba HOW-TO collection for adding a samba server as a Domain - member. The problem is that when i use the net rpc join - command to join the domain, I get the following error: - - # ./net rpc join -U administrator%'' - - Unable to find a suitable server - - Unable to find a suitable server - - Specifying the domain name with a -w switch or the PDC doesnt - seem to help. - - Is there a way for me to see a detailed version of the error - message or some log file where this is dumped to? I am - posting the smb.conf for reference. Please help me resolve - this error. - - Thanks, - - Ash - - --8-- - smb.conf - - [global] - dns proxy = no - debug timestamp = yes - encrypt passwords = yes - idmap gid = 15000-2 - socket options = TCP_NODELAY - max log size = 1024 - password server = * - idmap uid = 15000-2 - debug level = 3 - security = domain - server string = Samba Server - workgroup = MYWORKGROUP - log level = 3 - log file = /usr/local/samba/var/log.%m - netbios name = MYSERVER - load printers = yes - os level = 33 - default = share - [homes] -comment = Home Directories -valid users = %S -browseable = no -writable = yes - - [printers] -comment = All Printers -path = /usr/spool/samba -browseable = no -guest ok = no -writable = no -printable = yes - - [share] - path = /share - comment = Solaris share - valid users = @Accounts - guest ok = Yes - read only = No - - --8-- - - - - -- - To unsubscribe from this list go to the following URL and read the - instructions: https://lists.samba.org/mailman/listinfo/samba - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, try one of the following: ./net rpc join -S NT4SERVER -U administrator ./net rpc join -S NT4SERVER -U administrator%'' ./net rpc join -W MYWORKGROUP -U administrator ./net rpc join -W MYWORKGROUP -U administrator%'' Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 11:48 AM To: Van Sickler, Jim; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, -Try adding the Samba server to the NT4 Domain first. Response: The samba server has already been added to the NT domain. -Is the NT4 server also a WINS server? -If so, add that info to the smb.conf - -wins server = xxx.xxx.xxx.xxx -name resolve order = wins lmhosts host bcast - -Put the NT4 server info into /etc/lmhosts -and /etc/hosts -xxx.xxx.xxx.xxx NT4SERVER Response: The NT server is not functioning as a WINS server. The /etc/hosts and /etc/lmhosts already have the entry for the NT server. The server can also resolve the NTSERVER_NAME using DNS. I also used rpcclient to see if there any connection problems, and it was able to connect just fine to the NTSERVER. Thorougly confused. Any other ideas? Thanks for your response, Ash - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:58 AM - To: samba@lists.samba.org - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - Hello, - - I have installed Samba version 3.0.13 on a Solaris 9 machine - and am trying to add it to an existing NT domain as a member - server. I have followed the instructions in Chapter 2 of the - Samba HOW-TO collection for adding a samba server as a Domain - member. The problem is that when i use the net rpc join - command to join the domain, I get the following error: - - # ./net rpc join -U administrator%'' - - Unable to find a suitable server - - Unable to find a suitable server - - Specifying the domain name with a -w switch or the PDC doesnt - seem to help. - - Is there a way for me to see a detailed version of the error - message or some log file where this is dumped to? I am - posting the smb.conf for reference. Please help me resolve - this error. - - Thanks, - - Ash - - --8-- - smb.conf - - [global] - dns proxy = no - debug timestamp = yes - encrypt passwords = yes - idmap gid = 15000-2 - socket options = TCP_NODELAY - max log size = 1024 - password server = * - idmap uid = 15000-2 - debug level = 3 - security = domain - server string = Samba Server - workgroup = MYWORKGROUP - log level = 3 - log file = /usr/local/samba/var/log.%m - netbios name = MYSERVER - load printers = yes - os level = 33 - default = share - [homes] -comment = Home Directories -valid users = %S -browseable = no -writable = yes - - [printers] -comment = All Printers -path = /usr/spool/samba -browseable = no -guest ok = no -writable = no -printable = yes - - [share] - path = /share - comment = Solaris share - valid users = @Accounts - guest ok = Yes - read only = No - - --8-- - - - - -- - To unsubscribe from this list go to the following URL and read the - instructions: https://lists.samba.org/mailman/listinfo/samba - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, For all of the four commands you have mentioned, I get the same response: Unable to join domain domain-name. There are no error messages or explanation with it, just the plain text. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:15 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -try one of the following: - -./net rpc join -S NT4SERVER -U administrator - -./net rpc join -S NT4SERVER -U administrator%'' - -./net rpc join -W MYWORKGROUP -U administrator - -./net rpc join -W MYWORKGROUP -U administrator%'' - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 11:48 AM - To: Van Sickler, Jim; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - -Try adding the Samba server to the NT4 Domain first. - Response: The samba server has already been added to the NT domain. - - -Is the NT4 server also a WINS server? - -If so, add that info to the smb.conf - - - -wins server = xxx.xxx.xxx.xxx - -name resolve order = wins lmhosts host bcast - - - -Put the NT4 server info into /etc/lmhosts - -and /etc/hosts - -xxx.xxx.xxx.xxx NT4SERVER - - Response: The NT server is not functioning as a WINS server. - The /etc/hosts and /etc/lmhosts already have the entry for - the NT server. The server can also resolve the NTSERVER_NAME - using DNS. - - I also used rpcclient to see if there any connection - problems, and it was able to connect just fine to the - NTSERVER. Thorougly confused. - - Any other ideas? - - Thanks for your response, - - Ash - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:58 AM - - To: samba@lists.samba.org - - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - - - - Hello, - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - and am trying to add it to an existing NT domain as a member - - server. I have followed the instructions in Chapter 2 of the - - Samba HOW-TO collection for adding a samba server as a Domain - - member. The problem is that when i use the net rpc join - - command to join the domain, I get the following error: - - - - # ./net rpc join -U administrator%'' - - - - Unable to find a suitable server - - - - Unable to find a suitable server - - - - Specifying the domain name with a -w switch or the PDC doesnt - - seem to help. - - - - Is there a way for me to see a detailed version of the error - - message or some log file where this is dumped to? I am - - posting the smb.conf for reference. Please help me resolve - - this error. - - - - Thanks, - - - - Ash - - - - - --8-- - - smb.conf - - - - [global] - - dns proxy = no - - debug timestamp = yes - - encrypt passwords = yes - - idmap gid = 15000-2 - - socket options = TCP_NODELAY - - max log size = 1024 - - password server = * - - idmap uid = 15000-2 - - debug level = 3 - - security = domain - - server string = Samba Server - - workgroup = MYWORKGROUP - - log level = 3 - - log file = /usr/local/samba/var/log.%m - - netbios name = MYSERVER - - load printers = yes - - os level = 33 - - default = share - - [homes] - -comment = Home Directories - -valid users = %S - -browseable = no - -writable = yes - - - - [printers] - -comment = All Printers - -path = /usr/spool/samba - -browseable = no - -guest ok = no - -writable = no - -printable = yes - - - - [share] - - path = /share - - comment = Solaris share - - valid users = @Accounts - - guest ok = Yes - - read only = No - - - - - --8-- - - - - - - - - -- - - To unsubscribe from this list go to the following URL and read the - - instructions: https://lists.samba.org/mailman/listinfo/samba - - - - - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, Is NT4SERVER the PDC? If not, use -S PDC instead of -S NT4SERVER Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 12:24 PM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, For all of the four commands you have mentioned, I get the same response: Unable to join domain domain-name. There are no error messages or explanation with it, just the plain text. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:15 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -try one of the following: - -./net rpc join -S NT4SERVER -U administrator - -./net rpc join -S NT4SERVER -U administrator%'' - -./net rpc join -W MYWORKGROUP -U administrator - -./net rpc join -W MYWORKGROUP -U administrator%'' - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 11:48 AM - To: Van Sickler, Jim; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - -Try adding the Samba server to the NT4 Domain first. - Response: The samba server has already been added to the NT domain. - - -Is the NT4 server also a WINS server? - -If so, add that info to the smb.conf - - - -wins server = xxx.xxx.xxx.xxx - -name resolve order = wins lmhosts host bcast - - - -Put the NT4 server info into /etc/lmhosts - -and /etc/hosts - -xxx.xxx.xxx.xxx NT4SERVER - - Response: The NT server is not functioning as a WINS server. - The /etc/hosts and /etc/lmhosts already have the entry for - the NT server. The server can also resolve the NTSERVER_NAME - using DNS. - - I also used rpcclient to see if there any connection - problems, and it was able to connect just fine to the - NTSERVER. Thorougly confused. - - Any other ideas? - - Thanks for your response, - - Ash - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:58 AM - - To: samba@lists.samba.org - - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - - - - Hello, - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - and am trying to add it to an existing NT domain as a member - - server. I have followed the instructions in Chapter 2 of the - - Samba HOW-TO collection for adding a samba server as a Domain - - member. The problem is that when i use the net rpc join - - command to join the domain, I get the following error: - - - - # ./net rpc join -U administrator%'' - - - - Unable to find a suitable server - - - - Unable to find a suitable server - - - - Specifying the domain name with a -w switch or the PDC doesnt - - seem to help. - - - - Is there a way for me to see a detailed version of the error - - message or some log file where this is dumped to? I am - - posting the smb.conf for reference. Please help me resolve - - this error. - - - - Thanks, - - - - Ash - - - - - --8-- - - smb.conf - - - - [global] - - dns proxy = no - - debug timestamp = yes - - encrypt passwords = yes - - idmap gid = 15000-2 - - socket options = TCP_NODELAY - - max log size = 1024 - - password server = * - - idmap uid = 15000-2 - - debug level = 3 - - security = domain - - server string = Samba Server - - workgroup = MYWORKGROUP - - log level = 3 - - log file = /usr/local/samba/var/log.%m - - netbios name = MYSERVER - - load printers = yes - - os level = 33 - - default = share - - [homes] - -comment = Home Directories - -valid users = %S - -browseable = no - -writable = yes - - - - [printers] - -comment = All Printers - -path = /usr/spool/samba - -browseable = no - -guest ok = no - -writable = no - -printable = yes - - - - [share] - - path = /share - - comment = Solaris share - - valid users = @Accounts - - guest ok = Yes - - read only = No - - - - - --8-- - - - - - - - - -- - - To unsubscribe from this list go to the following URL and read the - - instructions: https://lists.samba.org/mailman/listinfo/samba - - - - - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, Yes, the NTSERVER is a PDC. Do you know of a way to see any kind of logs on the net join rpc command? -Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Is NT4SERVER the PDC? -If not, use -S PDC instead of -S NT4SERVER - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:24 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - For all of the four commands you have mentioned, I get the - same response: - - Unable to join domain domain-name. - - There are no error messages or explanation with it, just the - plain text. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:15 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -try one of the following: - - - -./net rpc join -S NT4SERVER -U administrator - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - -./net rpc join -W MYWORKGROUP -U administrator - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 11:48 AM - - To: Van Sickler, Jim; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - -Try adding the Samba server to the NT4 Domain first. - - Response: The samba server has already been added to the NT domain. - - - - -Is the NT4 server also a WINS server? - - -If so, add that info to the smb.conf - - - - - -wins server = xxx.xxx.xxx.xxx - - -name resolve order = wins lmhosts host bcast - - - - - -Put the NT4 server info into /etc/lmhosts - - -and /etc/hosts - - -xxx.xxx.xxx.xxx NT4SERVER - - - - Response: The NT server is not functioning as a WINS server. - - The /etc/hosts and /etc/lmhosts already have the entry for - - the NT server. The server can also resolve the NTSERVER_NAME - - using DNS. - - - - I also used rpcclient to see if there any connection - - problems, and it was able to connect just fine to the - - NTSERVER. Thorougly confused. - - - - Any other ideas? - - - - Thanks for your response, - - - - Ash - - - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:58 AM - - - To: samba@lists.samba.org - - - Subject: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - - - - Hello, - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - - and am trying to add it to an existing NT domain as a member - - - server. I have followed the instructions in Chapter 2 of the - - - Samba HOW-TO collection for adding a samba server as a Domain - - - member. The problem is that when i use the net rpc join - - - command to join the domain, I get the following error: - - - - - - # ./net rpc join -U administrator%'' - - - - - - Unable to find a suitable server - - - - - - Unable to find a suitable server - - - - - - Specifying the domain name with a -w switch or the PDC doesnt - - - seem to help. - - - - - - Is there a way for me to see a detailed version of the error - - - message or some log file where this is dumped to? I am - - - posting the smb.conf for reference. Please help me resolve - - - this error. - - - - - - Thanks, - - - - - - Ash - - - - - - - - - --8-- - - - smb.conf - - - - - - [global] - - - dns proxy = no - - - debug timestamp = yes - - - encrypt passwords = yes - - - idmap gid = 15000-2 - - - socket options = TCP_NODELAY - - - max log size = 1024 - - - password server = * - - - idmap uid = 15000-2 - - - debug level = 3 - - - security = domain - - - server string = Samba Server - - - workgroup = MYWORKGROUP - - - log level = 3 - - - log file = /usr/local/samba/var/log.%m - - - netbios name = MYSERVER - - - load printers = yes - - - os level = 33 - - - default = share - - - [homes] - - -comment = Home Directories - - -valid users = %S - - -browseable = no - - -writable = yes - - - - - - [printers] - - -comment = All Printers - - -path = /usr/spool/samba - - -browseable = no - - -guest ok = no - - -writable = no - - -printable = yes - - - - - - [share] - - - path = /share - - - comment = Solaris share - - - valid users
Re: [Samba] Unable to join samba server to a NT4 style domain
On Thursday 14 April 2005 13:49, Ashutosh Kamdar wrote: Jim, Yes, the NTSERVER is a PDC. Do you know of a way to see any kind of logs on the net join rpc command? Are you following chapter 7 of the currently available Samba-Guide? You can download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf If you have carefully followed the steps outlined I'd like to know what is not working for you so I can fix the documentation. - John T. -Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Is NT4SERVER the PDC? -If not, use -S PDC instead of -S NT4SERVER - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:24 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - For all of the four commands you have mentioned, I get the - same response: - - Unable to join domain domain-name. - - There are no error messages or explanation with it, just the - plain text. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:15 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -try one of the following: - - - -./net rpc join -S NT4SERVER -U administrator - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - -./net rpc join -W MYWORKGROUP -U administrator - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 11:48 AM - - To: Van Sickler, Jim; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - -Try adding the Samba server to the NT4 Domain first. - - Response: The samba server has already been added to the NT domain. - - - - -Is the NT4 server also a WINS server? - - -If so, add that info to the smb.conf - - - - - -wins server = xxx.xxx.xxx.xxx - - -name resolve order = wins lmhosts host bcast - - - - - -Put the NT4 server info into /etc/lmhosts - - -and /etc/hosts - - -xxx.xxx.xxx.xxxNT4SERVER - - - - Response: The NT server is not functioning as a WINS server. - - The /etc/hosts and /etc/lmhosts already have the entry for - - the NT server. The server can also resolve the NTSERVER_NAME - - using DNS. - - - - I also used rpcclient to see if there any connection - - problems, and it was able to connect just fine to the - - NTSERVER. Thorougly confused. - - - - Any other ideas? - - - - Thanks for your response, - - - - Ash - - - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:58 AM - - - To: samba@lists.samba.org - - - Subject: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - - - - Hello, - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - - and am trying to add it to an existing NT domain as a member - - - server. I have followed the instructions in Chapter 2 of the - - - Samba HOW-TO collection for adding a samba server as a Domain - - - member. The problem is that when i use the net rpc join - - - command to join the domain, I get the following error: - - - - - - # ./net rpc join -U administrator%'' - - - - - - Unable to find a suitable server - - - - - - Unable to find a suitable server - - - - - - Specifying the domain name with a -w switch or the PDC doesnt - - - seem to help. - - - - - - Is there a way for me to see a detailed version of the error - - - message or some log file where this is dumped to? I am - - - posting the smb.conf for reference. Please help me resolve - - - this error. - - - - - - Thanks, - - - - - - Ash - - - - - - - - - --8-- - - - smb.conf - - - - - - [global] - - - dns proxy = no - - - debug timestamp = yes - - - encrypt passwords = yes - - - idmap gid = 15000-2 - - - socket options = TCP_NODELAY - - - max log size = 1024 - - - password server = * - - - idmap uid = 15000-2 - - - debug level = 3 - - - security = domain - - - server string = Samba Server - - - workgroup = MYWORKGROUP - - - log level = 3 - - - log file = /usr/local/samba/var/log.%m - - - netbios name = MYSERVER - - - load printers = yes
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, Do you have Samba shut down while you're running net rpc join? The daemons shouldn't be running, AFAIK. Make sure they're down, and try your earlier net rpc join commands... If that doesn't work, try just: net rpc join -S NT4SERVER Maybe try deleting MYSERVER from the domain, then net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long See http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain-member.html#id 2522086 Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 12:50 PM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, Yes, the NTSERVER is a PDC. Do you know of a way to see any kind of logs on the net join rpc command? -Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Is NT4SERVER the PDC? -If not, use -S PDC instead of -S NT4SERVER - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:24 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - For all of the four commands you have mentioned, I get the - same response: - - Unable to join domain domain-name. - - There are no error messages or explanation with it, just the - plain text. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:15 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -try one of the following: - - - -./net rpc join -S NT4SERVER -U administrator - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - -./net rpc join -W MYWORKGROUP -U administrator - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 11:48 AM - - To: Van Sickler, Jim; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - -Try adding the Samba server to the NT4 Domain first. - - Response: The samba server has already been added to the NT domain. - - - - -Is the NT4 server also a WINS server? - - -If so, add that info to the smb.conf - - - - - -wins server = xxx.xxx.xxx.xxx - - -name resolve order = wins lmhosts host bcast - - - - - -Put the NT4 server info into /etc/lmhosts - - -and /etc/hosts - - -xxx.xxx.xxx.xxxNT4SERVER - - - - Response: The NT server is not functioning as a WINS server. - - The /etc/hosts and /etc/lmhosts already have the entry for - - the NT server. The server can also resolve the NTSERVER_NAME - - using DNS. - - - - I also used rpcclient to see if there any connection - - problems, and it was able to connect just fine to the - - NTSERVER. Thorougly confused. - - - - Any other ideas? - - - - Thanks for your response, - - - - Ash - - - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:58 AM - - - To: samba@lists.samba.org - - - Subject: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - - - - Hello, - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - - and am trying to add it to an existing NT domain as a member - - - server. I have followed the instructions in Chapter 2 of the - - - Samba HOW-TO collection for adding a samba server as a Domain - - - member. The problem is that when i use the net rpc join - - - command to join the domain, I get the following error: - - - - - - # ./net rpc join -U administrator%'' - - - - - - Unable to find a suitable server - - - - - - Unable to find a suitable server - - - - - - Specifying the domain name with a -w switch or the PDC doesnt - - - seem to help. - - - - - - Is there a way for me to see a detailed version of the error - - - message or some log file where this is dumped to? I am - - - posting the smb.conf for reference. Please help me resolve - - - this error. - - - - - - Thanks, - - - - - - Ash - - - - - - - - - --8-- - - - smb.conf - - - - - - [global] - - - dns proxy = no - - - debug timestamp = yes - - - encrypt passwords = yes - - - idmap gid = 15000-2 - - - socket
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I have Samba shut down while executing the net rpc join commands, as the HOW-TO says. On trying the following, # ./net rpc join -S NTSERVER Password: This is the response I get, Could not connect to server NTSERVER The username or password was not correct. The password used was that of the administrator authorized to add machines to the domain. Is there any other username/password I should be using? On trying this, net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long This is the response I get, Unable to join domain domain-name. BTW, what does the switch --long do? I have followed the exact steps in the document you have pointed out and the HOW-TOs. Thanks for pointing that out this particular chapter. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 08:30 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Do you have Samba shut down while you're -running net rpc join? The daemons -shouldn't be running, AFAIK. - -Make sure they're down, and try your earlier -net rpc join commands... - -If that doesn't work, try just: - net rpc join -S NT4SERVER - -Maybe try deleting MYSERVER from the domain, -then -net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long - -See -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain-member.html#id -2522086 - - -Jim - - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:50 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - kind of logs on the net join rpc command? - - -Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:40 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Is NT4SERVER the PDC? - -If not, use -S PDC instead of -S NT4SERVER - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:24 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - For all of the four commands you have mentioned, I get the - - same response: - - - - Unable to join domain domain-name. - - - - There are no error messages or explanation with it, just the - - plain text. - - - - Regards, - - - - Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:15 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -try one of the following: - - - - - -./net rpc join -S NT4SERVER -U administrator - - - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - - - -./net rpc join -W MYWORKGROUP -U administrator - - - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 11:48 AM - - - To: Van Sickler, Jim; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - -Try adding the Samba server to the NT4 Domain first. - - - Response: The samba server has already been added to - the NT domain. - - - - - - -Is the NT4 server also a WINS server? - - - -If so, add that info to the smb.conf - - - - - - - -wins server = xxx.xxx.xxx.xxx - - - -name resolve order = wins lmhosts host bcast - - - - - - - -Put the NT4 server info into /etc/lmhosts - - - -and /etc/hosts - - - -xxx.xxx.xxx.xxx NT4SERVER - - - - - - Response: The NT server is not functioning as a WINS server. - - - The /etc/hosts and /etc/lmhosts already have the entry for - - - the NT server. The server can also resolve the NTSERVER_NAME - - - using DNS. - - - - - - I also used rpcclient to see if there any connection - - - problems, and it was able to connect just fine to the - - - NTSERVER. Thorougly confused. - - - - - - Any other ideas? - - - - - - Thanks for your response, - - - - - - Ash - - - - - - - - - - - -Original Message- - - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - - Sent: Thursday, April 14, 2005 12:58 AM - - - - To: samba@lists.samba.org - - - - Subject: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - - - - Hello, - - - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine
Re: [Samba] Unable to join samba server to a NT4 style domain
Ash, What error messages are being recorded in the Eventlog on the NT4 PDC? You can obtain further diagnositic output with: net rpc join -S NTSERVER -U administrator%password -d 5 /tmp/foolog 21 Can you connect to the NTSERVER using smbclient? You should be able to connect with: smbclient //NTSERVER/C$ -U administrator%password - John T. On Thursday 14 April 2005 15:24, Ashutosh Kamdar wrote: Jim, I have Samba shut down while executing the net rpc join commands, as the HOW-TO says. On trying the following, # ./net rpc join -S NTSERVER Password: This is the response I get, Could not connect to server NTSERVER The username or password was not correct. The password used was that of the administrator authorized to add machines to the domain. Is there any other username/password I should be using? On trying this, net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long This is the response I get, Unable to join domain domain-name. BTW, what does the switch --long do? I have followed the exact steps in the document you have pointed out and the HOW-TOs. Thanks for pointing that out this particular chapter. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 08:30 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Do you have Samba shut down while you're -running net rpc join? The daemons -shouldn't be running, AFAIK. - -Make sure they're down, and try your earlier -net rpc join commands... - -If that doesn't work, try just: - net rpc join -S NT4SERVER - -Maybe try deleting MYSERVER from the domain, -then -net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long - -See -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain-member.html# id -2522086 - - -Jim - - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:50 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - kind of logs on the net join rpc command? - - -Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:40 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Is NT4SERVER the PDC? - -If not, use -S PDC instead of -S NT4SERVER - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:24 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - For all of the four commands you have mentioned, I get the - - same response: - - - - Unable to join domain domain-name. - - - - There are no error messages or explanation with it, just the - - plain text. - - - - Regards, - - - - Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:15 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -try one of the following: - - - - - -./net rpc join -S NT4SERVER -U administrator - - - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - - - -./net rpc join -W MYWORKGROUP -U administrator - - - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 11:48 AM - - - To: Van Sickler, Jim; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - -Try adding the Samba server to the NT4 Domain first. - - - Response: The samba server has already been added to - the NT domain. - - - - - - -Is the NT4 server also a WINS server? - - - -If so, add that info to the smb.conf - - - - - - - -wins server = xxx.xxx.xxx.xxx - - - -name resolve order = wins lmhosts host bcast - - - - - - - -Put the NT4 server info into /etc/lmhosts - - - -and /etc/hosts - - - -xxx.xxx.xxx.xxx NT4SERVER - - - - - - Response: The NT server is not functioning as a WINS server. - - - The /etc/hosts and /etc/lmhosts already have the entry for - - - the NT server. The server can also resolve the NTSERVER_NAME - - - using DNS. - - - - - - I also used rpcclient to see if there any connection - - - problems, and it was able to connect
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, net help rpc shows the following for the --long option: -l or --longDisplay full information In what I've found from googling and the Samba-Guide (thanks, John!), it looks like net rpc join will create the Domain machine account when you run it; if MYSERVER already exists, you'll be prevented from creating a duplicate entry. Try deleting MYSERVER from the Domain. then run your original command... ./net rpc join -U administrator%'' or ./net rpc join -S NT4SERVER -U administrator%'' and see what happens. If this works, it reinforces this comment from my earlier link: This process joins the server to the domain without having to create the machine trust account on the PDC beforehand. and is a change from Samba 2.x, which required the creation of the machine trust account on the PDC before running smbpasswd -j DOM -r DOMPDC. John: if this is true, can Chap 7 be amended to reflect the change? Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 2:25 PM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I have Samba shut down while executing the net rpc join commands, as the HOW-TO says. On trying the following, # ./net rpc join -S NTSERVER Password: This is the response I get, Could not connect to server NTSERVER The username or password was not correct. The password used was that of the administrator authorized to add machines to the domain. Is there any other username/password I should be using? On trying this, net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long This is the response I get, Unable to join domain domain-name. BTW, what does the switch --long do? I have followed the exact steps in the document you have pointed out and the HOW-TOs. Thanks for pointing that out this particular chapter. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 08:30 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Do you have Samba shut down while you're -running net rpc join? The daemons -shouldn't be running, AFAIK. - -Make sure they're down, and try your earlier -net rpc join commands... - -If that doesn't work, try just: - net rpc join -S NT4SERVER - -Maybe try deleting MYSERVER from the domain, -then -net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long - -See -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain -member.html#id -2522086 - - -Jim - - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:50 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - kind of logs on the net join rpc command? - - -Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:40 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Is NT4SERVER the PDC? - -If not, use -S PDC instead of -S NT4SERVER - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:24 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - For all of the four commands you have mentioned, I get the - - same response: - - - - Unable to join domain domain-name. - - - - There are no error messages or explanation with it, just the - - plain text. - - - - Regards, - - - - Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:15 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -try one of the following: - - - - - -./net rpc join -S NT4SERVER -U administrator - - - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - - - -./net rpc join -W MYWORKGROUP -U administrator - - - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 11:48 AM - - - To: Van Sickler, Jim; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server
Re: [Samba] Unable to join samba server to a NT4 style domain
On Thursday 14 April 2005 15:42, Van Sickler, Jim wrote: Ash, net help rpc shows the following for the --long option: -l or --longDisplay full information In what I've found from googling and the Samba-Guide (thanks, John!), it looks like net rpc join will create the Domain machine account when you run it; if MYSERVER already exists, you'll be prevented from creating a duplicate entry. Try deleting MYSERVER from the Domain. then run your original command... /net rpc join -U administrator%''. or ./net rpc join -S NT4SERVER -U administrator%'' and see what happens. If this works, it reinforces this comment from my earlier link: This process joins the server to the domain without having to create the machine trust account on the PDC beforehand. and is a change from Samba 2.x, which required the creation of the machine trust account on the PDC before running smbpasswd -j DOM -r DOMPDC. John: if this is true, can Chap 7 be amended to reflect the change? Samba-3 works the same way as Samba-2.2 did. The machine account is created by calling out the appropriate script. On Samba-2.2 the add user script was called for machine accounts. On Samba-3 this is done by the add machine script. In neither case is it necessary to create the machine account before joining - so long as the script is correctly configured. - John T. Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 2:25 PM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I have Samba shut down while executing the net rpc join commands, as the HOW-TO says. On trying the following, # ./net rpc join -S NTSERVER Password: This is the response I get, Could not connect to server NTSERVER The username or password was not correct. The password used was that of the administrator authorized to add machines to the domain. Is there any other username/password I should be using? On trying this, net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long This is the response I get, Unable to join domain domain-name. BTW, what does the switch --long do? I have followed the exact steps in the document you have pointed out and the HOW-TOs. Thanks for pointing that out this particular chapter. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 08:30 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Do you have Samba shut down while you're -running net rpc join? The daemons -shouldn't be running, AFAIK. - -Make sure they're down, and try your earlier -net rpc join commands... - -If that doesn't work, try just: - net rpc join -S NT4SERVER - -Maybe try deleting MYSERVER from the domain, -then -net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long - -See -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain -member.html#id -2522086 - - -Jim - - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:50 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - kind of logs on the net join rpc command? - - -Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:40 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Is NT4SERVER the PDC? - -If not, use -S PDC instead of -S NT4SERVER - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:24 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - For all of the four commands you have mentioned, I get the - - same response: - - - - Unable to join domain domain-name. - - - - There are no error messages or explanation with it, just the - - plain text. - - - - Regards, - - - - Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:15 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash
[Samba] Unable to join samba host to domain
Greetings, I am trying to join a host to an Active Directory domain in orser to authenticate squid users. I have compiled keberos 1.3.5 and Samba 3.0.9 on my system. When I run the command net ads join -U amdin.user password, the server gives the following response and does not proceed any further: [2004/12/10 14:24:36, 0] libads/ldap.c:ads_add_machine_acct(1473) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- WORKGROUP Why is it doing this? How can I make it work? *** This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Department of Lands. This email message has been swept by MIMEsweeper for the presence of computer viruses. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join Samba server to Win2k domain
Dear Samba users. I have tried to add my Samba server to a Win2k AD mixed mode domain for several days. I have searched the Internet for information, but couldn't find a solution. So I will try to describe my problems here. I first tried to use security = ADS and add the Samba server as a native member. I have changed the settings in my krb5.conf and tested this with kinit: -- cut # kinit -V Password for [EMAIL PROTECTED]: Authenticated to Kerberos v5 -- cut But when I try to add the server to the domain with the command net ads join MEMBER -Uadministrator%password -d 10 I get the following error: -- cut [2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) Got KRB5 session key of length 8 [2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181) ads_connect: Invalid credentials [2003/12/13 23:30:00, 2] utils/net.c:main(759) return code = -1 -- cut If i use a wrong password, I get a preauthentication failed so again the kerberos part should be OK. I then tried security = domain. If I don't create a computer in the AD I get this error when running net rpc join MEMBER -Uadministrator%password -d 10: -- cut [2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286) error setting trust account password: NT_STATUS_UNSUCCESSFUL Unable to join domain DOMAIN. [2003/12/13 23:27:40, 2] utils/net.c:main(759) return code = 1 -- cut If I create a computer account and set it to allow pre Window 2000 computers to use this account I get: -- cut [2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426) failed tcon_X with NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407) write_socket(5,45) [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410) write_socket(5,45) wrote 45 [2003/12/13 23:29:28, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 35 [2003/12/13 23:29:28, 5] lib/util.c:show_msg(456) [2003/12/13 23:29:28, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=22538 smb_pid=6905 smb_uid=3 smb_mid=28 smt_wct=0 smb_bcc=0 Unable to join domain DOMAIN. -- cut So as you can see, I haven't really succeed using any method. Anyone know what could cause all these problems or a straight solution how to solve them? Best regards Henrik -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] unable to join samba domain.
Hello, I'm trying to join several windows clients to a samba pdc. I've got local, prefered, and domain master all set to yes, workgroup set, and domain logons also set to yes. I've got a machine account in /etc/master.passwd, this is being done on a FreeBSD 4.7-release box, and a machine account in the smbpasswd file along with a root account. When i try to join the domain i get an error 53, the network path can not be found. If, from one of my clients, i do a net view i get the same thing: error 53. Can anyone give me some pointers as to what i missed? I've set up samba domains before, using 2.2.1, without difficulty, i'm now trying it with 2.2.6. Thanks. Dave. Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
