OK Ladies and Gentlemen I could use a hand on this one. I'm new to the list, so please excuse me if I violate a protocol which is as yet unknown to me. However I am having some problems that seem to be beyond my abilities to find a solution to. Any help would be greatly appreciated. Technical Info: LINUX Box is a Red Hat 7.1 Kernel version is 2.4.9-34. Samba version(S) that I am working with are 2.2.5-1 (Red Hat Binary RPM downloaded from samba.org) and 2.0.10-2 (from Red Hat's site). Windows 2000 Advanced Server SP2 (SP3 was applied, and then removed). Since the application of SP3, and the subsequent removal I've restored from tape returning to PRE SP3 operations completely with no change in results. PDC - Native mode. Course of events: I had Samba 2.0.10-2 up and running perfectly fine as a domain member (security=domain) and all was well. I read up on the latest Samba release, and decided I wanted to give it a try, utilizing the new winbind appliance. I researched briefly on the Red Hat site, and determined that they did not have anything above 2.0.10-2 available "packaged" for my version of Red Hat. A quick trip to Samba.org produced a ready to roll rpm, and all was well. I've made complete backups of my /etc/samba directory, and the Windows 2000 server before any changes were made. After performing a complete un install of the existing Samba version, and installing the new package, I found that I was unable to get the Samba re-joined to the domain. Items checked and verified: I've verified more then once that the "Pre-windows 2000" box is checked when adding the machine account on the PDC. I've double and tipple checked the account credentials used with the smbpasswd join command. I've verified my syntax is correct lmhosts and hosts files have proper entries W2K wins server is up and has correct records smb.conf has Samba pointed in the correct direction for the WINS server on the W2K box. nmblookup is able to resolve the server, and domain correctly and as expected. When I run the smbpasswd -j DOM -R SERVER -A user I am prompted for the password. With Version 2.2.5-1 I receive the expected message that the domain was joined, and a quick check reveals that the secrets.tdb is created and in the proper location. Ownership and group are both root, with only root having rw access. I am able to enumerate groups and users from the domain using wbinfo -u or -g, and getent does reveal domain users and groups as well. However, no users or groups are able to authenticate into the Samba server, despite what I believe to be correct pam.d settings. Message examples will appear below from logs. With Version 2.0.10-2 I run the same command, however I receive an error message, and am told that it was unable to join the domain. The MACHINE.SID is created, and matches the record in the W2K registry, however the DOM.MACH.mac is not created. The most common message that I see in the log.smdb is: smbd/password.c:connect_to_domain_password_server(1328) connect_to_domain_password_server: machine SERVER rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. This is the message I receive with 2.0.10 when I try to join the domain: modify_trust_password: machine SERVER rejected the tconX on the IPC$ share. Error was : ERRDOS - ERRnoaccess. 2002/09/09 10:45:34 : change_trust_account_password: Failed to change password for domain DOMAIN. Unable to join domain DOMAIN. Of course, the machine account is fresh and new on each attempt. It's deleted, and the server rebooted before it is re-added. I've also tried never before used machine account names with the same result. I've read on a couple of different sites that M$ added some new RPC calls via W2K SP2 which were not supported by pre 2.2 Samba. However what is it that I am running into with the 2.2.x versions? Any thoughts, suggestions or questions are welcome and appreciated. Obviously I could roll back to a working configuration from my tape backups, however I am not one who's mind lends it's self well to going backwards and "just getting it working." Thank you all for your time and suggestions. Aaron
muhindra@yahoo.com
2002-Sep-09 19:20 UTC
[Samba] Samba 2.2.5-1 problems joining domain - W2K PDC
try: smbpasswd -j DOM -r SERVER -U <W2K administrator> and press enter and type administrator password. --- "Aaron D." <lists@aaronsplace.org> wrote:> OK Ladies and Gentlemen I could use a hand on this > one. I'm new to the > list, so please excuse me if I violate a protocol > which is as yet unknown > to me. However I am having some problems that seem > to be beyond my > abilities to find a solution to. Any help would be > greatly appreciated. > > Technical Info: > LINUX Box is a Red Hat 7.1 Kernel version is > 2.4.9-34. Samba version(S) > that I am working with are 2.2.5-1 (Red Hat Binary > RPM downloaded from > samba.org) and 2.0.10-2 (from Red Hat's site). > > Windows 2000 Advanced Server SP2 (SP3 was applied, > and then > removed). Since the application of SP3, and the > subsequent removal I've > restored from tape returning to PRE SP3 operations > completely with no > change in results. PDC - Native mode. > > Course of events: > I had Samba 2.0.10-2 up and running perfectly fine > as a domain member > (security=domain) and all was well. I read up on > the latest Samba release, > and decided I wanted to give it a try, utilizing the > new winbind appliance. > > I researched briefly on the Red Hat site, and > determined that they did not > have anything above 2.0.10-2 available "packaged" > for my version of Red > Hat. A quick trip to Samba.org produced a ready to > roll rpm, and all was > well. I've made complete backups of my /etc/samba > directory, and the > Windows 2000 server before any changes were made. > > After performing a complete un install of the > existing Samba version, and > installing the new package, I found that I was > unable to get the Samba > re-joined to the domain. Items checked and > verified: > I've verified more then once that the "Pre-windows > 2000" box is checked > when adding the machine account on the PDC. > I've double and tipple checked the account > credentials used with the > smbpasswd join command. > I've verified my syntax is correct > lmhosts and hosts files have proper entries > W2K wins server is up and has correct records > smb.conf has Samba pointed in the correct direction > for the WINS server on > the W2K box. > nmblookup is able to resolve the server, and domain > correctly and as expected. > > When I run the smbpasswd -j DOM -R SERVER -A user I > am prompted for the > password. With Version 2.2.5-1 I receive the > expected message that the > domain was joined, and a quick check reveals that > the secrets.tdb is > created and in the proper location. Ownership and > group are both root, with > only root having rw access. I am able to enumerate > groups and users from > the domain using wbinfo -u or -g, and getent does > reveal domain users and > groups as well. However, no users or groups are > able to authenticate into > the Samba server, despite what I believe to be > correct pam.d settings. > Message examples will appear below from logs. > > With Version 2.0.10-2 I run the same command, > however I receive an error > message, and am told that it was unable to join the > domain. The > MACHINE.SID is created, and matches the record in > the W2K registry, however > the DOM.MACH.mac is not created. > > > The most common message that I see in the log.smdb > is: > >smbd/password.c:connect_to_domain_password_server(1328)> connect_to_domain_password_server: machine SERVER > rejected the tconX on > the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. > > This is the message I receive with 2.0.10 when I try > to join the domain: > > modify_trust_password: machine SERVER rejected the > tconX on the IPC$ share. > Error was : ERRDOS - ERRnoaccess. > 2002/09/09 10:45:34 : change_trust_account_password: > Failed to change > password for domain DOMAIN. > Unable to join domain DOMAIN. > > Of course, the machine account is fresh and new on > each attempt. It's > deleted, and the server rebooted before it is > re-added. I've also tried > never before used machine account names with the > same result. I've read on > a couple of different sites that M$ added some new > RPC calls via W2K SP2 > which were not supported by pre 2.2 Samba. However > what is it that I am > running into with the 2.2.x versions? > > Any thoughts, suggestions or questions are welcome > and > appreciated. Obviously I could roll back to a > working configuration from > my tape backups, however I am not one who's mind > lends it's self well to > going backwards and "just getting it working." > > Thank you all for your time and suggestions. > > Aaron > > > -- > To unsubscribe from this list go to the following > URL and read the > instructions:http://lists.samba.org/mailman/listinfo/samba __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
I've used both the w2k\administrator and an account with membership in the administrators group, both with the same result. Additionally, encrypt passwords is set to Yes in the smb.conf. At 02:19 PM 9/9/2002, you wrote:>try: >smbpasswd -j DOM -r SERVER -U <W2K administrator> >and press enter and type administrator password. > > >--- "Aaron D." <lists@aaronsplace.org> wrote: > > OK Ladies and Gentlemen I could use a hand on this > > one. I'm new to the > > list, so please excuse me if I violate a protocol > > which is as yet unknown > > to me. However I am having some problems that seem > > to be beyond my > > abilities to find a solution to. Any help would be > > greatly appreciated. > > > > Technical Info: > > LINUX Box is a Red Hat 7.1 Kernel version is > > 2.4.9-34. Samba version(S) > > that I am working with are 2.2.5-1 (Red Hat Binary > > RPM downloaded from > > samba.org) and 2.0.10-2 (from Red Hat's site). > > > > Windows 2000 Advanced Server SP2 (SP3 was applied, > > and then > > removed). Since the application of SP3, and the > > subsequent removal I've > > restored from tape returning to PRE SP3 operations > > completely with no > > change in results. PDC - Native mode. > > > > Course of events: > > I had Samba 2.0.10-2 up and running perfectly fine > > as a domain member > > (security=domain) and all was well. I read up on > > the latest Samba release, > > and decided I wanted to give it a try, utilizing the > > new winbind appliance. > > > > I researched briefly on the Red Hat site, and > > determined that they did not > > have anything above 2.0.10-2 available "packaged" > > for my version of Red > > Hat. A quick trip to Samba.org produced a ready to > > roll rpm, and all was > > well. I've made complete backups of my /etc/samba > > directory, and the > > Windows 2000 server before any changes were made. > > > > After performing a complete un install of the > > existing Samba version, and > > installing the new package, I found that I was > > unable to get the Samba > > re-joined to the domain. Items checked and > > verified: > > I've verified more then once that the "Pre-windows > > 2000" box is checked > > when adding the machine account on the PDC. > > I've double and tipple checked the account > > credentials used with the > > smbpasswd join command. > > I've verified my syntax is correct > > lmhosts and hosts files have proper entries > > W2K wins server is up and has correct records > > smb.conf has Samba pointed in the correct direction > > for the WINS server on > > the W2K box. > > nmblookup is able to resolve the server, and domain > > correctly and as expected. > > > > When I run the smbpasswd -j DOM -R SERVER -A user I > > am prompted for the > > password. With Version 2.2.5-1 I receive the > > expected message that the > > domain was joined, and a quick check reveals that > > the secrets.tdb is > > created and in the proper location. Ownership and > > group are both root, with > > only root having rw access. I am able to enumerate > > groups and users from > > the domain using wbinfo -u or -g, and getent does > > reveal domain users and > > groups as well. However, no users or groups are > > able to authenticate into > > the Samba server, despite what I believe to be > > correct pam.d settings. > > Message examples will appear below from logs. > > > > With Version 2.0.10-2 I run the same command, > > however I receive an error > > message, and am told that it was unable to join the > > domain. The > > MACHINE.SID is created, and matches the record in > > the W2K registry, however > > the DOM.MACH.mac is not created. > > > > > > The most common message that I see in the log.smdb > > is: > > > > >smbd/password.c:connect_to_domain_password_server(1328) > > connect_to_domain_password_server: machine SERVER > > rejected the tconX on > > the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. > > > > This is the message I receive with 2.0.10 when I try > > to join the domain: > > > > modify_trust_password: machine SERVER rejected the > > tconX on the IPC$ share. > > Error was : ERRDOS - ERRnoaccess. > > 2002/09/09 10:45:34 : change_trust_account_password: > > Failed to change > > password for domain DOMAIN. > > Unable to join domain DOMAIN. > > > > Of course, the machine account is fresh and new on > > each attempt. It's > > deleted, and the server rebooted before it is > > re-added. I've also tried > > never before used machine account names with the > > same result. I've read on > > a couple of different sites that M$ added some new > > RPC calls via W2K SP2 > > which were not supported by pre 2.2 Samba. However > > what is it that I am > > running into with the 2.2.x versions? > > > > Any thoughts, suggestions or questions are welcome > > and > > appreciated. Obviously I could roll back to a > > working configuration from > > my tape backups, however I am not one who's mind > > lends it's self well to > > going backwards and "just getting it working." > > > > Thank you all for your time and suggestions. > > > > Aaron > > > > > > -- > > To unsubscribe from this list go to the following > > URL and read the > > instructions: >http://lists.samba.org/mailman/listinfo/samba > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Finance - Get real-time stock quotes >http://finance.yahoo.com >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba
Possibly Parallel Threads
- Unable to join W2K Active Directory Domain
- Samba, NT4 and W2K trust/authentication problem.
- Samba 2.2.5-10, W2K PDC and Winbind - Authentication issues
- Does 3.0 work with w2k sp3 and/or win 2003? Anybody had success?
- Win2k DC no longer authenticates for Samba shares