PDC: samba-3.0.24-1
Uses ldap with smbldap tools to modify the directory
This is a stable, working platform.
New domain member (mahalo) : samba-3.2.8-0.26 on fedora 10 i386
Symptom: net rpc join fails from the new domain member.
The trust account actually does get created. But the password fields are
not written to the account.
2nd new domain member: samba-client-3.0.24-11
net join works from this client on fedora 6. smb.conf is similar to the
config on mahalo.
Thanks,
Craig Swanson
net join error:
[2009/02/18 08:44:37, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(352)
error setting trust account password: NT code 0x1c010002
Unable to join domain MTD.
Error on the PDC smb log:
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
_net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation MAHALO$: no account in domain
[2009/02/18 08:44:32, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
_net_auth2: failed to get machine password for account MAHALO$:
NT_STATUS_ACCESS_DENIED
[2009/02/18 08:44:37, 0] rpc_parse/parse_prs.c:prs_mem_get(559)
prs_mem_get: reading data of size 2 would overrun buffer by 1 bytes.
[2009/02/18 08:44:37, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(848)
api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2009/02/18 08:44:37, 0] rpc_server/srv_pipe.c:api_rpcTNP(2287)
api_rpcTNP: samr: SAMR_SET_USERINFO failed.
Client smb.conf:
workgroup = MTD
netbios name = MAHALO
server string = Samba Server
security = DOMAIN
dns proxy = No
encrypt passwords = yes
PDC smb.conf
workgroup = MTD
netbios name = PUNCH
#interfaces = eth0 eth0:1 127.0.0.1
interfaces = 192.168.1.225/24 192.168.1.230/24 127.0.0.1
bind interfaces only = yes
username map = /etc/samba/smbusers
#admin users= @"Domain Admins"
server string = Samba Server
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = No
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing UNIX password for*\nNew password*"
%n\n
"*Retype new password*" %n\n"
passwd chat debug = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log
max log size = 100000
time server = Yes
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
time offset = 0
logon script = %U.bat
logon drive = H:
logon home = \\%N\%U\%u
logon path
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://punch.midwest-tool.com/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Directory Manager
ldap suffix = dc=midwest-tool,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap ssl = start_tls
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%
u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
template shell = /bin/false
winbind use default domain = no
Machine trust account for mahalo (pdbedit -Lv mahalo$):
Unix username: mahalo$
NT username: mahalo$
Account Flags: [DW ]
User SID: S-1-5-21-1400792368-3813960858-1703501993-1104
Primary Group SID: S-1-5-21-1400792368-3813960858-1703501993-515
Full Name: Computer
Home Directory: \\punch\mahalo_\%u
HomeDir Drive: H:
Logon Script: mahalo_.bat
Profile Path:
Domain: MTD
Account desc: Computer
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 EST
Kickoff time: Mon, 18 Jan 2038 22:14:07 EST
Password last set: 0
Password can change: 0
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF