Hi all, I have been working on this for days to no avail. I am unable to join any machine to my domain. I think the server's machine password got corrupted but don't know how to change it. From the PDC, I try: oink:/usr/local/src/samba-3.0.12/source # net join PDC Password: Could not connect to server CORPSRV The username or password was not correct. From a member server, I try: furnsrv:~ # net join MEMBER Password: [2005/04/04 18:13:56, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(27 error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain CORP. Or: (as another privileged account) furnsrv:~ # net join MEMBER -U misty Password: [2005/04/04 18:17:25, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(279) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain CORP. From a Windows workstation I get a similar thing. From member servers I am able to use smbclient to authenticate to the PDC, except as 'root' user which doesn't work. On the PDC I cannot auth with smbclient as any user at all. My users are all able to log in just fine. Samba 3.0.12 and 3.0.13 have produced the same results. I have even tried deleting all non-printing TDB files and starting over again. No help! I don't have anything weird in LDAP ACLs and I've verified with ldapsearch that the entries are able to be seen. I can see no obvious errors in a log level 10. I'm sorry because I've already basically sent this email before, but got no answers at all. My domain was working fine before Thursday when I updated to 3.0.13. Misty :(
More info: Here is my smb.conf on my PDC:
[global]
workgroup = CORP
netbios name = CORPSRV
server string = Corp File Server
security = user
password server = *
domain logons = yes
username map = /usr/local/samba/lib/smbusers
log file = /data/samba/log/%m.log
log level = 5
#max log size = 50
debug timestamp = yes
logon script = logon.bat
logon path = \\%L\profiles\%U\%a
logon drive = H:
logon home = \\%L\%U
time server = yes
printing = cups
printcap = cups
printcap cache time = 60
load printers = yes
show add printer wizard = no
force printername = yes
wins support = yes
os level = 100
preferred master = yes
domain master = yes
local master = yes
remote announce = 192.168.2.255/CORP
remote browse sync = 192.168.2.255
name resolve order = wins bcast lmhosts host
wins proxy = yes
dns proxy = yes
passdb backend = ldapsam:ldap://127.0.0.1/
#ldapsam:trusted = yes
ldap suffix = dc=borkholder,dc=com
ldap admin dn = cn=Manager,dc=borkholder,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap ssl = no
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w "
%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupm
od -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
admin users = root @"Domain Admins"
printer admin = root @"Domain Admins"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
deadtime = 60
encrypt passwords = yes
#use spnego = no
Here is the smb.conf of a member server:
[global]
workgroup = CORP
netbios name = FURNSRV
server string = Furniture File Server
security = domain
password server = 192.168.1.101
wins server = 192.168.1.101
wins support = no
wins proxy = yes
dns proxy = yes
os level = 99
local master = yes
domain master = no
preferred master = yes
log file = /usr/local/samba/var/userlog/%m.log
log level = 2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_BROADCAST
printing = cups
printcap = cups
remote browse sync = 192.168.1.255
interfaces = 127.0.0.1 192.168.2.3
bind interfaces only = yes
name resolve order = wins bcast lmhosts host
hide dot files = Yes
inherit permissions = Yes
inherit acls = Yes
Here is the error I get when I try to use smbclient on the PDC itself:
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
Here is the same thing on the member server:
furnsrv:~ # smbclient -L CORPSRV -W CORP -U CORP/root
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.2.3 bcast=192.168.2.255 nmask=255.255.255.0
Got a positive name query response from 192.168.1.101 ( 192.168.1.101 )
Password:
Domain=[CORP] OS=[Unix] Server=[Samba 3.0.12]
Sharename Type Comment
--------- ---- -------
acct_hp8500 Printer Accounting Color Laser Printer
plotter Printer Engineering Plotter
netlogon Disk Network logon service
software Disk Software for Samba computers
public Disk Public Files
PDF Disk Location of documents printed to PDFCreator
printer
EVERYTHING Disk All shares
APPS Disk
ACCT Disk
HR_PR Disk
ENGR Disk
DATA Disk
X Disk
NETWORK Disk
UTILS Disk
CDROM Disk CD-ROM on CORPSRV
IPC$ IPC IPC Service (Corp File Server)
ADMIN$ IPC IPC Service (Corp File Server)
truss_hp5n Printer HP Laserjet 5n
truss_hp4050 Printer HP Laserjet 4050
truss_hp4 Printer HP Laserjet 4
PDFcreator Printer Create PDF files
furnlaser Printer
FAX Printer Create FAX Files
engr_hp1300 Printer
root Disk Home Directories
Domain=[CORP] OS=[Unix] Server=[Samba 3.0.12]
Server Comment
--------- -------
CORPSRV Corp File Server
FURNSRV Furniture File Server
LNXMISTY Samba 3.0.13
NTENGRECEPT
NTFURNOFFICE
NTJEREMY
NTJOHNK
NTLISA
NTMIKE
NTRECEPTIONIST
NTTIM
NTTRUSS
SQW
TRUSSRV Samba Server
W2KGENE
W2KGREG
W2KHANK
W2KTOMMY
XPDWAYNE2 Dwayne's New Laptop
XPJONATHAN
XPKRIS
XPNORTON
XPPAT
XPSCOTT
Workgroup Master
--------- -------
BORKHOLDER IFSS
CORP CORPSRV
Maybe someone can spot my stupid mistake.
Misty