A good question for you guys. I tried to add my newly installed Samba to NT domain but I got the following messages. Do you know why I am unable to joining the domain. lagos0# ./smbpasswd -j nignt01 -r nigntdc1 doing parameter share modes = yes doing parameter lock directory = /var/adm pm_process() returned Yes Added interface ip=10.39.48.155 bcast=10.255.255.255 nmask=255.0.0.0 resolve_name: Attempting lmhosts lookup for name NIGNTDC1<0x20> resolve_name: Attempting host lookup for name NIGNTDC1<0x20> resolve_name: Attempting wins lookup for name NIGNTDC1<0x20> resolve_name: WINS server resolution selected and no WINS server present. resolve_name: Attempting broadcast lookup for name NIGNTDC1<0x20> bind succeeded on port 0 Got a positive name query response from 10.39.48.33 ( 10.39.48.33 ) Connecting to 10.39.48.33 at port 139 cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine NIGNTDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/04/16 09:33:09 : change_trust_account_password: Failed to change password for domain NIGNT01. Unable to join domain NIGNT01. Thanks and regards Kunle Olusanya email: ezeannc@texaco.com
Olusanya, Olukunle O wrote:> > lagos0# ./smbpasswd -j nignt01 -r nigntdc1 > doing parameter share modes = yes > doing parameter lock directory = /var/adm > pm_process() returned Yes > Added interface ip=10.39.48.155 bcast=10.255.255.255 nmask=255.0.0.0 > resolve_name: Attempting lmhosts lookup for name NIGNTDC1<0x20> > resolve_name: Attempting host lookup for name NIGNTDC1<0x20> > resolve_name: Attempting wins lookup for name NIGNTDC1<0x20> > resolve_name: WINS server resolution selected and no WINS server present. > resolve_name: Attempting broadcast lookup for name NIGNTDC1<0x20> > bind succeeded on port 0 > Got a positive name query response from 10.39.48.33 ( 10.39.48.33 ) > Connecting to 10.39.48.33 at port 139 > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do you have encrypt passwords = yes? Are you sure you created the trust account on the PDC?> cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > NIGNTDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 1999/04/16 09:33:09 : change_trust_account_password: Failed to change > password for domain NIGNT01. > Unable to join domain NIGNT01.Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
Hello All,
I am struggling to get a Samba 2.2.1a server to join our NT domain. I have
read DOMAIN_MEMBER.html and it is very clear. My smb.conf borrows security
expressions from two other SAMBA servers that behave perfectly
correctly. However, when I do:
smbpasswd -j CORP -r CORP01
as root on AIX 4.3.2 I get:
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
CORP01. Error was : NT_STATUS_ACCESS_DENIED.
2001/10/01 17:00:18 : change_trust_account_password: Failed to change
password for domain CORP.
Unable to join domain CORP.
I know my Samba server is in the CORP domain. I can see it with:
netdom /d:CORP member | grep TESTSMB1 (the name of this particular
instance). My instructions to our NT Admin for defining this server's
netBIOS name in the PDC were quoted right out of Using Samba, pg 171.
We have three Samba servers, CORPSMB1, ENSDSMB1 and TESTSMB1 and only
TESTSMB1 refuses to join the domain. I can see no differences in these
three and our guy who maintains the PDC assures me all three are configured
identically.
What other tests might I perform to reveal why TESTSMB1 is balking at
joining the domain? Are there any tests that can be performed on the PDC
that would validate the machine account? Can I ask the NT guy to look at
any NT logs on the PDC that might explain this behavior?
Regards,
Will Schmidt
SW Engineer/Consultant
Kipe & Associates currently on assignment @ Freightliner LLC
Portland, OR
(541) 462-3160
(541) 462-3899 fax
-------------- next part --------------
HTML attachment scrubbed and removed
Thanks Jim for your response, the only one received BTW, but as I mentioned in my original post, I read DOMAIN_MEMBER.html in the docos and fully understood it. I was shooting myself in the foot however, as I executed smbpasswd -j Domain_Name -r PDC more than once, thinking that could do no harm. :-( It turns out it does, and you hose your PDC machine account if you do it. I proved this to my satisfaction by having the PDC account removed and recreated and then testing smbpasswd again, and again and ... again. So word to the wise, do it only once and trust your NT Admin guy when he says the account exists. BTW: it is a 30 second job to create a PDC account but like some admin guys all over the world, they like to make you think they are opening their veins when they just do their jobs, but I am ranting about consulting life in large global enterprises... After getting past this issue I still had a problem, in that my Samba server would not authenticate PC accounts in the PDC. The error I got, NT_STATUS_ACCESS_DENIED, pointed at an rpc problem between my AIX 4.3.2.0 machine and the PDC. In fact, it was this error that caused me to think I had not successfully joined the domain, and is why I executed the smbpasswd command a second time in the first instance. I traced the problem from the logs as far as the modules in ../rpc_server and I suspected the function _net_auth_2() in src_netlog_nt.c, but could see no easy way of exercising that code in dbx to examine it further. To make a long and painful story short, I moved the Samba bits compiled on this machine to another RS/6000 with AIX 4.3.3.0, got a PDC account for this machine, executed smbpasswd only once and my Samba server worked perfectly. I repeated these tests several times on both machines to verify that it was not a fluke, and got identical results. Fortunately I have access to more than one RS/6000 and can find suitable examples of different versions of the OS. Pity the poor guy with only a single machine that he must get working... So, my conclusion is that even though I compiled the 2.2.1a source distro on this AIX 4.3.2.0 machine, there is something missing in the run-time libraries or system calls that is not revealed at compile time. My compile errors for 2.2.1a where strictly type problems between signed and unsigned 32 bit ints, that all were fixed with casts. My config status was OK on both machines and after added those casts the distro compiled flawlessly. I can only conclude that my 4.3.2.0 on this particular machine is not patched to permit 2.2.1a to execute, especially the rpc code, even thought it will compile, while on 4.3.3.0, the problem is not present. So I am reluctantly abandoning all further work on AIX 4.3.2.0. It was probably good for me that no one on the list responded and I had to work through these issues on my own. I know a lot more about Samba today than I did a week ago, and I have lost all fear of getting into the sources and poking around. I recompiled the distro with -g on so that I could run smbpasswd in dbx, and learned a lot from that exercise. Thanks again Jim, for following up. At 11:46 AM 10/8/2001 -0400, Van Sickler, Jim wrote:>Will, > > I was looking at the Samba List Archive and saw your message-since it's >been a week, you probably already have your answer. > >But here's my nickel just in case-I get the same error messages if I try to >join the Domain without having already created the computer on the PDC. > >---------------------------------------------------------------------------- >------ > > Add the TESTSMB1 computer to the Domain using the Server Manager. > > su to root on TESTSMB1 > > smbpasswd -j CORP -r CORP01 > > Hopefully you're done - If not, let me know. > >---------------------------------------------------------------------------- >------- > > Jim Van Sickler > Network Administrator > Kaman Aerospace Corp EODC > vansickj-eodc@kaman.com <mailto:vansickj-eodc@kaman.com> > (520) 295-2134Regards, Will Schmidt SW Engineer/Consultant Kipe & Associates currently on assignment @ Freightliner LLC Portland, OR (541) 462-3160 (541) 462-3899 fax -------------- next part -------------- HTML attachment scrubbed and removed
Hello All, When I try my to join my Unix machine to the NT domain, I get: # smbpasswd -j <domain name> -r <nt PDC> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine EPICPROD in domain. 2002/01/08 15:14:02 : change_trust_account_password: Failed to change password . Unable to join domain <domain name>. Where I substituted my domain name and the NT PDC. Any suggestions? TIA, Tony Brown Systems Administrator Northwestern Medical Faculty Foundation 680 North Lake Shore Drive, Suite 1108 Chicago, IL 60611 tbrown2@nmff.org 312-695-3975 -------------- next part -------------- HTML attachment scrubbed and removed
Hi tony, Try removing the machine account using server manager and re-adding it, then try your smbpasswd -j.... again. don -----Original Message----- From: Brown, Tony [mailto:TBrown2@nmff.org] Sent: Tuesday, January 08, 2002 5:07 PM To: 'samba@lists.samba.org' Subject: Joining NT Domain Hello All, When I try my to join my Unix machine to the NT domain, I get: # smbpasswd -j <domain name> -r <nt PDC> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine EPICPROD in domain. 2002/01/08 15:14:02 : change_trust_account_password: Failed to change password . Unable to join domain <domain name>. Where I substituted my domain name and the NT PDC. Any suggestions? TIA, Tony Brown Systems Administrator Northwestern Medical Faculty Foundation 680 North Lake Shore Drive, Suite 1108 Chicago, IL 60611 tbrown2@nmff.org 312-695-3975 -------------- next part -------------- HTML attachment scrubbed and removed