samba - Jul 2002 - tough problem joining test domain

I've been working on this all night without success...

I'm setting up a HEAD  (from today) test domain and want to join XP
machines to it.
I've applied the signorseal patch to the client
I've set use spnego = no in the smb.conf

I'm using ldapsam talking to a remote machine.
smbldap tools all work to change passwords add/del users etc.
i've set the ldap admin password via smbpasswd -w

I've set the SID to be the same as that in my non-test domain (since I
want to be able to move user profiles from test to the production
domain).  My test domain controller is acting sort of like a BDC for the
production PDC except it is the domain master for a different domain.
rpcclient $> lsaquery
domain LAUELAB_TEST has sid S-1-5-21-1995982474-3671514283-3045899775
rpcclient $> lsaquery
domain LAUELAB has sid S-1-5-21-1995982474-3671514283-3045899775

but I can't join the test XP machine to the test domain.  here is that
bit of the log
[2002/08/01 01:40:23, 2] auth/auth.c:check_ntlm_password(266)
  check_password:  authentication for user [root] -> [root] -> [root]
suceeded
[2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
  Allowed connection from  (132.177.45.13)
[2002/08/01 01:40:23, 2] smbd/service.c:make_connection_snum(377)
  user 'root' (from session setup) not permitted to access this share
(IPC$)Closing connections
[2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
  Allowed connection from  (132.177.45.13)

authentication is fine but no access to IPC$??

i also cannot use rpcclient as root
unheq1:/var/log/samba# rpcclient -U root unheq1
Password:
failed tcon_X with NT code 0xffffffff
Cannot connect to server.  Error was NT_STATUS_ACCESS_DENIED
unheq1:/var/log/samba# rpcclient -U root unheq1
Password:
failed session setup with NT_STATUS_LOGON_FAILURE
Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE

the second try was with a known bad password to see what happens.
all other users can use rpcclient with no trouble.
and rpcclient as root on the production domain works fine.

Tomorrow I'll try replicating the ldap server on the local machine. 
But I don't think that will have any effect.

Any insight appreciated!

thanks!

brad

On Thu, 2002-08-01 at 02:12, Bradley W. Langhorst wrote:
> I've been working on this all night without success...
> 
> I'm setting up a HEAD  (from today) test domain and want to join XP
> machines to it.
> I've applied the signorseal patch to the client
> I've set use spnego = no in the smb.conf
> 
> I'm using ldapsam talking to a remote machine.
> smbldap tools all work to change passwords add/del users etc.
> i've set the ldap admin password via smbpasswd -w
> 
> I've set the SID to be the same as that in my non-test domain (since I
> want to be able to move user profiles from test to the production
> domain).  My test domain controller is acting sort of like a BDC for the
> production PDC except it is the domain master for a different domain.
> rpcclient $> lsaquery
> domain LAUELAB_TEST has sid S-1-5-21-1995982474-3671514283-3045899775
> rpcclient $> lsaquery
> domain LAUELAB has sid S-1-5-21-1995982474-3671514283-3045899775
> 
> but I can't join the test XP machine to the test domain.  here is that
> bit of the log
> [2002/08/01 01:40:23, 2] auth/auth.c:check_ntlm_password(266)
>   check_password:  authentication for user [root] -> [root] -> [root]
> suceeded
> [2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
>   Allowed connection from  (132.177.45.13)
> [2002/08/01 01:40:23, 2] smbd/service.c:make_connection_snum(377)
>   user 'root' (from session setup) not permitted to access this
share
> (IPC$)Closing connections
> [2002/08/01 01:40:23, 2] lib/access.c:check_access(327)
>   Allowed connection from  (132.177.45.13)
> 
> authentication is fine but no access to IPC$??
> 
> i also cannot use rpcclient as root
> unheq1:/var/log/samba# rpcclient -U root unheq1
> Password:
> failed tcon_X with NT code 0xffffffff
> Cannot connect to server.  Error was NT_STATUS_ACCESS_DENIED
> unheq1:/var/log/samba# rpcclient -U root unheq1
> Password:
> failed session setup with NT_STATUS_LOGON_FAILURE
> Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE
> 
> the second try was with a known bad password to see what happens.
> all other users can use rpcclient with no trouble.
> and rpcclient as root on the production domain works fine.
> 
okay - i've resolved the ipc problem 
a stray invalid users = root crept into my conf file.

so that IPC$ stuff was a red herring

brad