Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty. I have a samba, openldap question. I am trying to setup a FC-4 box to be a PDC for a small network of about 150 users. I was following the HOWTO on the SAMBA site. Everything seems to be fine however I cannot join the domain. I get the error "User name could not be found." The error logs show that the login/password used to join the domain was accpeted and correct. I decided to step back a bit to see if the PDC could join the domain but also no luck. I got the following when I ran the command [root@anansi ~]# net rpc join -d 3 -l -S PDC -U root [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) lp_load: refreshing parameters [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) Processing section "[global]" [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) WARNING: The "min passwd length" option is deprecated [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name PDC<0x20> [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20> [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:04, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2006/02/21 10:57:04, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=58) [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=NONE [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60890215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 Creation of workstation account failed Unable to join domain CDCGA. [2006/02/21 10:57:12, 2] utils/net.c:main(897) return code = 1 I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. Have any of you samba sensei seen anything like this or have an suggestions as to how to kick this trouble ticket out. Thanks In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT
On Wed, 2006-02-22 at 09:12 -0400, Bevan Agard wrote:> Guys and dolls, > Greetings, I hope you all are in good health, great spirits and your glasses > never empty. > > I have a samba, openldap question. > > I am trying to setup a FC-4 box to be a PDC for a small network of about 150 > users. I was following the HOWTO on the SAMBA site. Everything seems to be > fine however I cannot join the domain. I get the error "User name could not > be found." The error logs show that the login/password used to join the > domain was accpeted and correct. I decided to step back a bit to see if the > PDC could join the domain but also no luck. I got the following when I ran > the command > > [root@anansi ~]# net rpc join -d 3 -l -S PDC -U root > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) > lp_load: refreshing parameters > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) > Initialising global parameters > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) > Processing section "[global]" > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) > WARNING: The "min passwd length" option is deprecated > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name PDC<0x20> > [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) > name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20> > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) > Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) > [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=PDC > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 10.50.0.20 at port 445 > [2006/02/21 10:57:04, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) > cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED > [2006/02/21 10:57:04, 3] libsmb/trusts_util.c:just_change_the_password(43) > just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > Password: > [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=PDC > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 10.50.0.20 at port 445 > [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) > Doing spnego session setup (blob length=58) > [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 3 6 1 4 1 311 2 2 10 > [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) > got principal=NONE > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) > Got challenge flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60890215 > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) > NTLMSSP: Set final flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 > Creation of workstation account failed > Unable to join domain CDCGA. > [2006/02/21 10:57:12, 2] utils/net.c:main(897) > return code = 1 > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. > > Have any of you samba sensei seen anything like this or have an suggestions > as to how to kick this trouble ticket out.---- The PDC is the domain and doesn't join it. Craig
On Wed, 2006-02-22 at 11:53 -0400, Bevan Agard wrote:> > In the World one must be able to > Adapt, and Evolve > Or run the risk of becoming EXTINCT > > > ---- > > The PDC is the domain and doesn't join it. > > > > Craig > > > [Bevan Agard] > This may be so but I can't join any pc to the domain---- Let's keep this on list as I am leaving and won't be of much help throughout the day. Are you tracking the 'Samba By Example' documentation on samba.org website? Can you add workstation account via command line? Craig
What do your Add Machine Scripts look like in Samba? Also, are you using the smbldap-tools from idealx? JT -----Original Message----- From: samba-bounces+jtaylor=laszlosystems.com@lists.samba.org [mailto:samba-bounces+jtaylor=laszlosystems.com@lists.samba.org] On Behalf Of Bevan Agard Sent: Wednesday, February 22, 2006 5:12 AM To: samba@lists.samba.org Subject: [Samba] Can't join my domain Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty. I have a samba, openldap question. I am trying to setup a FC-4 box to be a PDC for a small network of about 150 users. I was following the HOWTO on the SAMBA site. Everything seems to be fine however I cannot join the domain. I get the error "User name could not be found." The error logs show that the login/password used to join the domain was accpeted and correct. I decided to step back a bit to see if the PDC could join the domain but also no luck. I got the following when I ran the command [root@anansi ~]# net rpc join -d 3 -l -S PDC -U root [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) lp_load: refreshing parameters [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) Processing section "[global]" [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) WARNING: The "min passwd length" option is deprecated [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name PDC<0x20> [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20> [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:04, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2006/02/21 10:57:04, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=58) [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=NONE [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60890215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 Creation of workstation account failed Unable to join domain CDCGA. [2006/02/21 10:57:12, 2] utils/net.c:main(897) return code = 1 I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. Have any of you samba sensei seen anything like this or have an suggestions as to how to kick this trouble ticket out. Thanks In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Then that would be your problem... change your Add Machine Script... smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' Then try adding a new machine. JT -----Original Message----- From: Bevan Agard [mailto:bevan@cdcga.gov.tt] Sent: Wednesday, February 22, 2006 12:04 PM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT> -----Original Message----- > From: James Taylor [mailto:jtaylor@laszlosystems.com] > Sent: Wednesday, February 22, 2006 3:59 PM > To: 'Bevan Agard' > Subject: RE: [Samba] Can't join my domain > > Does the LDAP Machine account include: > objectClass: sambaSAMAccount > sambaSID: "domain sid"-xxxx > > JT[Bevan Agard] Actually it does not. strange> > -----Original Message----- > From: Bevan Agard [mailto:bevan@cdcga.gov.tt] > Sent: Wednesday, February 22, 2006 11:53 AM > To: 'James Taylor' > Subject: RE: [Samba] Can't join my domain > > > > In the World one must be able to > Adapt, and Evolve > Or run the risk of becoming EXTINCT > > > -----Original Message----- > > From: James Taylor [mailto:jtaylor@laszlosystems.com] > > Sent: Wednesday, February 22, 2006 3:04 PM > > To: 'Bevan Agard' > > Subject: RE: [Samba] Can't join my domain > > > > When you are trying to join a system to your Domain are the computer > > accounts created in your LDAP Database as "machinename$" also with the > > sambaSAMAccount information? > > > [Bevan Agard] > Yes the machine name gets added to the LDAP Database and I get an error on > the windows box stating > "Cannot join Domain" > "User name not found" > > > > > What does your SAMBA "Add Machine Script" look like in your smb.conf > file? > > > > JT > [Bevan Agard] > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > > > > > -----Original Message----- > > From: Bevan Agard [mailto:bevan@cdcga.gov.tt] > > Sent: Wednesday, February 22, 2006 11:00 AM > > To: 'James Taylor'; samba@lists.samba.org > > Subject: RE: [Samba] Can't join my domain > > > > > > > > In the World one must be able to > > Adapt, and Evolve > > Or run the risk of becoming EXTINCT > > > > > -----Original Message----- > > > From: James Taylor [mailto:jtaylor@laszlosystems.com] > > > Sent: Wednesday, February 22, 2006 2:39 PM > > > To: 'Bevan Agard'; samba@lists.samba.org > > > Subject: RE: [Samba] Can't join my domain > > > > > > What do your Add Machine Scripts look like in Samba? Also, are you > > using > > > the smbldap-tools from idealx? > > > > > [Bevan Agard] > > > > I am using the scripts from idealx. > > > > I followed the HOWTO on samba.org (Happy Users Ch 5) > > > > > > > JT > > > > > > -----Original Message----- > > > From: samba-bounces+jtaylor=laszlosystems.com@lists.samba.org > > > [mailto:samba-bounces+jtaylor=laszlosystems.com@lists.samba.org] On > > Behalf > > > Of Bevan Agard > > > Sent: Wednesday, February 22, 2006 5:12 AM > > > To: samba@lists.samba.org > > > Subject: [Samba] Can't join my domain > > > > > > Guys and dolls, > > > Greetings, I hope you all are in good health, great spirits and your > > > glasses > > > never empty. > > > > > > I have a samba, openldap question. > > > > > > I am trying to setup a FC-4 box to be a PDC for a small network of > about > > > 150 > > > users. I was following the HOWTO on the SAMBA site. Everything seems > > to > > > be > > > fine however I cannot join the domain. I get the error "User name > could > > > not > > > be found." The error logs show that the login/password used to join > the > > > domain was accpeted and correct. I decided to step back a bit to see > if > > > the > > > PDC could join the domain but also no luck. I got the following when > I > > > ran > > > the command > > > > > > [root@anansi ~]# net rpc join -d 3 -l -S PDC -U root > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) > > > lp_load: refreshing parameters > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) > > > Initialising global parameters > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) > > > params.c:pm_process() - Processing configuration file > > > "/etc/samba/smb.conf" > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) > > > Processing section "[global]" > > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) > > > WARNING: The "min passwd length" option is deprecated > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > > > added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > > > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) > > > resolve_wins: Attempting wins lookup for name PDC<0x20> > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) > > > name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20> > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) > > > Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) > > > [2006/02/21 10:57:03, 3] > libsmb/cliconnect.c:cli_start_connection(1406) > > > Connecting to host=PDC > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) > > > Connecting to 10.50.0.20 at port 445 > > > [2006/02/21 10:57:04, 3] > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) > > > cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED > > > [2006/02/21 10:57:04, 3] > > libsmb/trusts_util.c:just_change_the_password(43) > > > just_change_the_password: unable to setup creds > > > (NT_STATUS_ACCESS_DENIED)! > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) > > > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > > > Password: > > > [2006/02/21 10:57:10, 3] > libsmb/cliconnect.c:cli_start_connection(1406) > > > Connecting to host=PDC > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) > > > Connecting to 10.50.0.20 at port 445 > > > [2006/02/21 10:57:10, 3] > > libsmb/cliconnect.c:cli_session_setup_spnego(708) > > > Doing spnego session setup (blob length=58) > > > [2006/02/21 10:57:10, 3] > > libsmb/cliconnect.c:cli_session_setup_spnego(733) > > > got OID=1 3 6 1 4 1 311 2 2 10 > > > [2006/02/21 10:57:10, 3] > > libsmb/cliconnect.c:cli_session_setup_spnego(740) > > > got principal=NONE > > > [2006/02/21 10:57:10, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(869) > > > Got challenge flags: > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > Got NTLMSSP neg_flags=0x60890215 > > > [2006/02/21 10:57:10, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(891) > > > NTLMSSP: Set final flags: > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > Got NTLMSSP neg_flags=0x60080215 > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > > > NTLMSSP Sign/Seal - Initialising with flags: > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > Got NTLMSSP neg_flags=0x60080215 > > > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > > > lsa_io_sec_qos: length c does not match size 8 > > > Creation of workstation account failed > > > Unable to join domain CDCGA. > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897) > > > return code = 1 > > > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. > > > > > > Have any of you samba sensei seen anything like this or have an > > > suggestions > > > as to how to kick this trouble ticket out. > > > > > > Thanks > > > > > > > > > > > > In the World one must be able to > > > > > > Adapt, and Evolve > > > > > > Or run the risk of becoming EXTINCT > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba >
Hi, Having the same problem two days ago, i've decide to use 3.0.21b samba version. During the net rpc join i've encountered the same NT_STATUS_ACCESS_DENIED error. This appears all the time even when migration goes well, I don't know why but it's a fact. Which samba version are you using ? When using net rpc join you need to switch off samba daemons of course. Have you done it, i've not done it first time ? Tell me why don't you use administrator account in the command ? Have you create root account on the windows server ? Have you made : smbpasswd -w <rootpassword> on linux box ? Is the net rpc getsid goes well ? have you put domain logon = yes in smb.conf ? Anyway stop samba remove linux machine on windows mngt server and try it again. So much questions hope this help you ! Vincent try it again with net rpc join -S <PDC-NT4_name> -UAdministrator%adminpassword On Wed, 2006-02-22 at 09:12 -0400, Bevan Agard wrote:> Guys and dolls, > Greetings, I hope you all are in good health, great spirits and your > glasses > never empty. > > I have a samba, openldap question. > > I am trying to setup a FC-4 box to be a PDC for a small network of > about 150 > users. I was following the HOWTO on the SAMBA site. Everything seems > to be > fine however I cannot join the domain. I get the error "User name > could not > be found." The error logs show that the login/password used to join the > domain was accpeted and correct. I decided to step back a bit to see > if the > PDC could join the domain but also no luck. I got the following when > I ran > the command > > [root@anansi ~]# net rpc join -d 3 -l -S PDC -U root > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) > lp_load: refreshing parameters > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) > Initialising global parameters > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) > Processing section "[global]" > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) > WARNING: The "min passwd length" option is deprecated > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name PDC<0x20> > [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) > name_resolve_bcast: Attempting broadcast lookup for name PDC<0x20> > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) > Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) > [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=PDC > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 10.50.0.20 at port 445 > [2006/02/21 10:57:04, 3] > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) > cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED > [2006/02/21 10:57:04, 3] > libsmb/trusts_util.c:just_change_the_password(43) > just_change_the_password: unable to setup creds > (NT_STATUS_ACCESS_DENIED)! > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > Password: > [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=PDC > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 10.50.0.20 at port 445 > [2006/02/21 10:57:10, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(708) > Doing spnego session setup (blob length=58) > [2006/02/21 10:57:10, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 3 6 1 4 1 311 2 2 10 > [2006/02/21 10:57:10, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(740) > got principal=NONE > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) > Got challenge flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60890215 > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) > NTLMSSP: Set final flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 > Creation of workstation account failed > Unable to join domain CDCGA. > [2006/02/21 10:57:12, 2] utils/net.c:main(897) > return code = 1 > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. > > Have any of you samba sensei seen anything like this or have an > suggestions > as to how to kick this trouble ticket out. >---- The PDC is the domain and doesn't join it. Craig