Richard Gellman
2009-Apr-09 17:59 UTC
[Samba] Can't join to domain, Google-fu has failed me
Hi, I've been using Samba for years as a domain controller without issue, but this has stumped me. I've set up Windows Vista Enterprise SP1 on a Virtual PC. Samba is running on a Gentoo Linux box as version 3.3.3. I can access shares without issue, but I can't get the machine to join the domain. When it tries it shows "The parameter is incorrect". Delving into C:\Windows\Debug\NetSetup.LOG shows that it creates the machine account successfully, sets a password for it, then gets to the point of configuring itself to be a domain member, and then fails with error code 0x57. At this point it disables the machine account for itself. The relevant section of NetSetup.LOG is shown below. Everything I read on t'internet suggests that this should work without problems. I've tried setting the security option to NTLM, changing the compatibility mode value, almost everything I can find, but still no joy. I'd post the smbd -d 10 log, but from what I can see nothing errors on the Samba side, Windows just gives up. I'm hoping that there's something I can configure, patch that can be applied etc that causes some kind of different response that Windows will accept. Does anyone have any ideas? Let me know if there's anything useful I can give you from the -d 10 log. There's a lot of stuff there (mostly routine stuff) so let me know what sort of thing you're looking for and I'll gladly post it. I should point out the password backend is OpenLDAP. As stated, no other machine I've joined to this domain has ever had issues. Regards Richard Gellman -- NetSetup.LOG -- 04/09/2009 18:32:34:458 NetpValidateName: checking to see if 'STARFLEET' is valid as type 3 name 04/09/2009 18:32:34:559 NetpCheckDomainNameIsValid [ Exists ] for 'STARFLEET' returned 0x0 04/09/2009 18:32:34:559 NetpValidateName: name 'STARFLEET' is valid for type 3 04/09/2009 18:32:34:559 NetpDsGetDcName: trying to find DC in domain 'STARFLEET', flags: 0x40001010 04/09/2009 18:32:34:559 NetpDsGetDcName: found DC '\\RELIANT' in the specified domain 04/09/2009 18:32:34:559 NetpJoinDomain: status of connecting to dc '\\RELIANT': 0x0 04/09/2009 18:32:34:709 NetpGetLsaPrimaryDomain: status: 0x0 04/09/2009 18:32:34:709 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\RELIANT' 04/09/2009 18:32:35:039 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034 04/09/2009 18:32:35:099 NetpGetLsaPrimaryDomain: status: 0x0 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034 04/09/2009 18:32:35:530 NetpManageMachineAccountWithSid: NetUserAdd on '\\RELIANT' for 'VOYAGER$' failed: 0x8b0 04/09/2009 18:32:36:171 NetpManageMachineAccountWithSid: status of attempting to set password on '\\RELIANT' for 'VOYAGER$': 0x0 04/09/2009 18:32:36:171 NetpJoinDomain: status of creating account: 0x0 04/09/2009 18:32:36:171 NetpGetLsaPrimaryDomain: status: 0x0 04/09/2009 18:32:36:181 NetpSetLsaPrimaryDomain: for 'STARFLEET' status: 0xc000000d 04/09/2009 18:32:36:181 NetpJoinDomain: status of setting LSA pri. domain: 0x57 04/09/2009 18:32:36:181 NetpJoinDomain: initiaing a rollback due to earlier errors 04/09/2009 18:32:36:281 NetpGetLsaPrimaryDomain: status: 0x0 04/09/2009 18:32:36:652 NetpManageMachineAccountWithSid: status of disabling account 'VOYAGER$' on '\\RELIANT': 0x0 04/09/2009 18:32:36:652 NetpJoinDomain: rollback: status of deleting computer account: 0x0 04/09/2009 18:32:36:652 NetpLsaOpenSecret: status: 0x0 04/09/2009 18:32:36:672 NetpJoinDomain: rollback: status of deleting secret: 0x0 04/09/2009 18:32:36:692 NetpJoinDomain: status of disconnecting from '\\RELIANT': 0x0 04/09/2009 18:32:36:692 NetpDoDomainJoin: status: 0x57
Maybe Matching Threads
Wisdom of the Ancients
