samba - Jun 2002 - Error Joining NT DOMAIN

I'm trying to use the documentation found with Samba-2.2.4 to set up a samba
server under RH linux 7.2 (kernel 2.4.9-21) to join an existing NT domain
for a couple of weeks with no success. I obtained the samba 2.2.4 source
code, compiled with the following options to configure:

--with-winbind --prefix=/usr/local/samba --with-smbwrapper --with-pam --with
-pam_smbpass

After compiling, I created a machine account on the PDC (NT 4.0 SP6, clean
install) for the samba server. Without smbd running, I attempted to join the
domain with:

/usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r SMBTEST

which didn't work. I also tried:

/usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r
SMBTEST -UAdministrator%<password>

which shows 'Joined domain TESTDOMAIN', at which point winbind will
query
the PDC and return a list of NT users and groups. However, wbinfo -t returns
'Bad secret'. The samba server and the PDC are on the same network, and
the
samba server (when smbd and nmbd are running) has no difficulty resolving an
IP address for SMBTEST, according to 'nmblookup SMBTEST'.

The following is the log entry from smbtest.log when attempting to join the
domain:

[2002/06/11 11:40:21, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2002/06/11 11:40:21, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/06/11 11:40:21, 0]
smbd/password.c:connect_to_domain_password_server(1359)
  connect_to_domain_password_server: unable to setup the PDC credentials to
mach
ine SMBTEST. Error was : NT_STATUS_OK.
[2002/06/11 11:40:21, 0] smbd/password.c:domain_client_validate(1585)
  domain_client_validate: Domain password server not available.
[2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
  unable to open passdb database.
[2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
  unable to open passdb database.

And the NT server shows in its event logs that there is no trust account for
the samba server. I've read the instructions repeatedly, even recompiled
samba and verified my smb.conf file several times, all with the same
results.

Pertinent portions of my smb.conf file:
[global]

   netbios name = QUINCYTEST
   workgroup = TESTDOMAIN
   security = domain
   password server = *
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   obey pam restrictions = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   os level = 33
   domain master = no
   preferred master = no
   domain logons = yes
   logon path = \\%L\Profiles\%U
   wins server = 198.175.30.4 198.175.18.21
   winbind separator = +
   winbind uid = 550-999
   winbind gid = 550-999
   winbind enum users = yes
   winbind enum groups = yes
   template shell = /bin/tcsh
   name resolve order = lmhosts bcast wins

Any idea(s) what is wrong here? I've searched the archives for answers, and
while I've seen this problem, or one very much like it, posted several
times, I didn't see any answers.

Michael Sloan
Network Administrator
The Printing House, Ltd.
email: michael@theprintinghouse.com
voice: (850) 875-1500x155
fax: (850) 875-4080

Hello,

I am using samba 2.2.3a on RedHat 7.2. Lately I've noticed that the log
files are being bombarded by the following messages..

Jun 12 12:31:28 bender smbd[2684]:   talloc_realloc failed to allocate more
memory for data!
Jun 12 12:31:30 bender smbd[2684]: [2002/06/12 12:31:30, 0]
rpc_server/srv_spoolss_nt.c:_spoolss_enumprinterdataex(7345)

What is broken and how can i fix it?

thanks,
anna

On Wed, 12 Jun 2002 13:20:50 -0400
"Michael Sloan" <michael@theprintinghouse.com> wrote:

Hey,

I think as long as your Samba box is no PDC, you should set "domain logons
= no"

I have occasionally experienced the same problem, but mostly due to name
resolving issues.

Try "smbpasswd -D 3 [...]" for more output.

Try to create the machine account beforehand on the PDC and then to join
the domain just with "smbpasswd -j DOMAIN"

When you try to join the domain more often, make sure to remove
MACHINE.SID (I?m not exactly sure on this...) and secrets.tdb and to
remove the account on the PDC.

Regards,
Goetz
> I'm trying to use the documentation found with Samba-2.2.4 to set up a
> samba server under RH linux 7.2 (kernel 2.4.9-21) to join an existing NT
> domain for a couple of weeks with no success. I obtained the samba 2.2.4
> source code, compiled with the following options to configure:
> 
> --with-winbind --prefix=/usr/local/samba --with-smbwrapper --with-pam
> --with-pam_smbpass
> 
> After compiling, I created a machine account on the PDC (NT 4.0 SP6,
> clean install) for the samba server. Without smbd running, I attempted
> to join the domain with:
> 
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r SMBTEST
> 
> which didn't work. I also tried:
> 
> /usr/local/samba/bin/smbpasswd -j TESTDOMAIN -r
> SMBTEST -UAdministrator%<password>
> 
> which shows 'Joined domain TESTDOMAIN', at which point winbind will
> query the PDC and return a list of NT users and groups. However, wbinfo
> -t returns'Bad secret'. The samba server and the PDC are on the
same
> network, and the samba server (when smbd and nmbd are running) has no
> difficulty resolving an IP address for SMBTEST, according to 'nmblookup
> SMBTEST'.
> 
> The following is the log entry from smbtest.log when attempting to join
> the domain:
> 
> [2002/06/11 11:40:21, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
>   cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> [2002/06/11 11:40:21, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
>   cli_nt_setup_creds: auth2 challenge failed
> [2002/06/11 11:40:21, 0]
> smbd/password.c:connect_to_domain_password_server(1359)
>   connect_to_domain_password_server: unable to setup the PDC credentials
>   to
> mach
> ine SMBTEST. Error was : NT_STATUS_OK.
> [2002/06/11 11:40:21, 0] smbd/password.c:domain_client_validate(1585)
>   domain_client_validate: Domain password server not available.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
>   unable to open passdb database.
> [2002/06/11 11:40:21, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
>   unable to open passdb database.
> 
> And the NT server shows in its event logs that there is no trust account
> for the samba server. I've read the instructions repeatedly, even
> recompiled samba and verified my smb.conf file several times, all with
> the same results.
> 
> Pertinent portions of my smb.conf file:
> [global]
> 
>    netbios name = QUINCYTEST
>    workgroup = TESTDOMAIN
>    security = domain
>    password server = *
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/smbpasswd
>    obey pam restrictions = yes
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    local master = no
>    os level = 33
>    domain master = no
>    preferred master = no
>    domain logons = yes
>    logon path = \\%L\Profiles\%U
>    wins server = 198.175.30.4 198.175.18.21
>    winbind separator = +
>    winbind uid = 550-999
>    winbind gid = 550-999
>    winbind enum users = yes
>    winbind enum groups = yes
>    template shell = /bin/tcsh
>    name resolve order = lmhosts bcast wins
> 
> Any idea(s) what is wrong here? I've searched the archives for answers,
> and while I've seen this problem, or one very much like it, posted
> several times, I didn't see any answers.
> 
> Michael Sloan
> Network Administrator
> The Printing House, Ltd.
> email: michael@theprintinghouse.com
> voice: (850) 875-1500x155
> fax: (850) 875-4080
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

-- 
Goetz Rieger                     Phone: +49 2241 92917-39
SuSE Linux Solutions AG          Fax:            314599
Geschaeftsstelle Rhein-Ruhr
Address: Marie-Curie-Str. 11-17, D-53757 St. Augustin