I'm still fighting with getting a Samba server (RH Linux 7.2, kernel 2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything I've read in the documentation indicates that this works well and readily, but I cannot get it to work. The error message received when attempting to join a domain is: ./smbpasswd -j TESTDOMAIN -r SMBTEST cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine SMBTEST. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2002/06/17 10:54:21 : change_trust_account_password: Failed to change password for domain TESTDOMAIN. Unable to join domain TESTDOMAIN. This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports: 'Secret is bad'. The samba server has been added to the NT server using Server Manager. The PDC is the only server in this domain, and was set up exclusively for getting the quirks worked out with attempting to add the server to our production NT domain. I have the following in the [Global] section of my smb.conf file: workgroup = testdomain encrypt passwords = yes security = server password server = smbtest obey pam restrictions = yes The NT server has, in its logs, that no trust account exists for the system, despite appearing in Server Manager, with the 'show only domain members' option checked. Can someone suggest some troubleshooting methodology for this problem? Is there a way to peruse the list of trust accounts other than using Server Manager? Are there other issues that can cause this same error message? I'm planning to use winbind, when and if I can get this system to join the domain, and so I've already altered the PAM files according to the HOWTO documents. It doesn't appear to be a network communication issue - ping and nmblookup both return positive results. The DNS names for both the samba server and the PDC are the same as their NetBIOS names. Any help or suggestions for troubleshooting this problem would be appreciated. Michael Sloan Network Administrator The Printing House, Ltd. email: michael@theprintinghouse.com voice: (850) 875-1500x155 fax: (850) 875-4080
Have you tried creating the trust account manually and have you made sure that root is a samba user? It seems that the only user who can add machines to a Samba based domain is root. There are also a couple of settings for smb.conf that you should check ... just get the combined samba howtos from samba.org for a complete description of what to do (minus the "root must be a samba user" bit :-) ). I'm having no problems with using samba as a pdc on either rh7.2 or rh7.3. I'm using samba 2.2.4-2. Neil Quoting Michael Sloan <michael@theprintinghouse.com>:> I'm still fighting with getting a Samba server (RH Linux 7.2, kernel > 2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything > I've > read in the documentation indicates that this works well and readily, > but I > cannot get it to work. > > The error message received when attempting to join a domain is: > > ./smbpasswd -j TESTDOMAIN -r SMBTEST > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > SMBTEST. > Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2002/06/17 10:54:21 : change_trust_account_password: Failed to change > password > for domain TESTDOMAIN. > Unable to join domain TESTDOMAIN. > > This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports: > 'Secret > is bad'. The samba server has been added to the NT server using Server > Manager. The PDC is the only server in this domain, and was set up > exclusively for getting the quirks worked out with attempting to add > the > server to our production NT domain. > > I have the following in the [Global] section of my smb.conf file: > > workgroup = testdomain > encrypt passwords = yes > security = server > password server = smbtest > obey pam restrictions = yes > > The NT server has, in its logs, that no trust account exists for the > system, > despite appearing in Server Manager, with the 'show only domain > members' > option checked. Can someone suggest some troubleshooting methodology > for > this problem? Is there a way to peruse the list of trust accounts other > than > using Server Manager? Are there other issues that can cause this same > error > message? I'm planning to use winbind, when and if I can get this system > to > join the domain, and so I've already altered the PAM files according to > the > HOWTO documents. > > It doesn't appear to be a network communication issue - ping and > nmblookup > both return positive results. The DNS names for both the samba server > and > the PDC are the same as their NetBIOS names. > > Any help or suggestions for troubleshooting this problem would be > appreciated. > > Michael Sloan > Network Administrator > The Printing House, Ltd. > email: michael@theprintinghouse.com > voice: (850) 875-1500x155 > fax: (850) 875-4080 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On Mon, 17 Jun 2002, Michael Sloan wrote:> I'm still fighting with getting a Samba server (RH Linux 7.2, kernel > 2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything I've > read in the documentation indicates that this works well and readily, but I > cannot get it to work. > > The error message received when attempting to join a domain is: > > ./smbpasswd -j TESTDOMAIN -r SMBTEST > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > SMBTEST. > Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2002/06/17 10:54:21 : change_trust_account_password: Failed to change > password > for domain TESTDOMAIN. > Unable to join domain TESTDOMAIN.Is SMBTEST the PDC for TESTDOMAIN? Did you manually create the trust account in Server Manager on the PDC ? if not you will need to the -U optiont o smbpasswd (see man page for details).> This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports: 'Secret > is bad'. The samba server has been added to the NT server using Server > Manager. The PDC is the only server in this domain, and was set up > exclusively for getting the quirks worked out with attempting to add the > server to our production NT domain. > > I have the following in the [Global] section of my smb.conf file: > > workgroup = testdomain > encrypt passwords = yes > security = serverDon't you mean "security = domain" ? cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--