On Sun Jan 20 21:18:16 GMT 2008, Marcin Giedz wrote:> Hello, > > I've been trying to join w2k3 machine to samba 3 domain for a last few > hours. This is strange but all I get from joining process is: The > Specified User Already Exists. More than 100 machines running XP are > already added to the same domain as well as Linux machines. The only > problem I've got is 2003 server.Hi, I believe I'm having the same problem as Marcin Giedz. This is my case: I've been running Samba 3.0.28a on Ubuntu for a few months. One of my machines is running Windows Server 2008 SP2. This machine joined my Samba domain just fine months ago, however last week I reinstalled the PDC with Ubuntu and Samba. Now I'm unable to rejoin my Windows Server 2008 machine to Samba. When I try to join the domain I get this error: "The following error occurred attempting to join the domain DEVNET: The specified account already exists." The Samba PDC seems to be working OK, since I'm able to successfully join other machines running both Windows XP, Vista and Debian. Changing the server name has no effect. These lines are written to the Samba log during the joining process: (DEVNET = My domain name, devadm = My samba admin user) [2009/09/08 16:14:10, 2] smbd/sesssetup.c:setup_new_vc_session(1209) ? setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/08 16:14:10, 2] smbd/sesssetup.c:setup_new_vc_session(1209) ? setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/08 16:14:10, 2] auth/auth.c:check_ntlm_password(309) ? check_ntlm_password:? authentication for user [devadm] -> [devadm] -> [devadm] succeeded [2009/09/08 16:14:10, 2] auth/auth.c:check_ntlm_password(319) ? check_ntlm_password:? Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2009/09/08 16:14:10, 2] auth/auth.c:check_ntlm_password(319) ? check_ntlm_password:? Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2009/09/08 16:14:10, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2916) ? Returning domain sid for domain DEVNET -> S-1-5-21-563736628-2164854700-341989548 Any help would be much appreciated. Thanks, Emil Konow
> I've been running Samba 3.0.28a on Ubuntu for a few months. > One of my machines is running Windows Server 2008 SP2. > This machine joined my Samba domain just fine months ago, > however last week I reinstalled the PDC with Ubuntu and Samba. > > Now I'm unable to rejoin my Windows Server 2008 machine to Samba. > When I try to join the domain I get this error: > > "The following error occurred attempting to join the domain DEVNET: > The specified account already exists."Just a guess, but have you deleted the computer object from AD before re-adding it? Or are you using an account with write access to the object? If the PC already exists in AD you will need certain privileges to overwrite it. Cheers, Adam.
>> 09/09/2009 00:51:59:650 NetpManageMachineAccountWithSid: NetUserAdd on >> '\\PDC' for 'DEVSRV01$' failed: 0x8b0 >> 09/09/2009 00:51:59:655 NetpSetMachineAccountPasswordAndTypeEx: Broken >> account type 0x11 -- error out >> 09/09/2009 00:51:59:657 NetpManageMachineAccountWithSid: status of >> attempting to set password on '\\PDC' for 'DEVSRV01$': 0x524 >> 09/09/2009 00:51:59:657 NetpJoinDomain: status of creating account: 0x524 >> 09/09/2009 00:51:59:657 NetpJoinDomain: initiaing a rollback due to >> earlier errors > > It definitely looks like it can't set the machine password. > ... > When you add the Windows machine to the domain it should ask you for > a username and password, so use one that has lots of access :-) > > Cheers, > Adam.Hi, my user is a domain admin, ie. a member of group RID 512. When I try to join the domain, I'm prompted for username and password. This means that the Windows server has successfully located the Samba PDC using Wins resolution. So far so good, but when I enter my credentials I get the error message after 3-5 secs. Could it be that my Samba users is badly setup? I'm using tdbsam password backend. I performed the following procedure when I created my Samba users: ## Add essential Samba groups sudo groupadd --gid 512 smb-domain-admins sudo groupadd --gid 513 smb-domain-users sudo groupadd --gid 514 smb-domain-guests sudo groupadd --gid 515 smb-domain-computers ## Add Samba group mapping sudo net groupmap add ntgroup="Domain Admins" unixgroup=smb-domain-admins rid=512 sudo net groupmap add ntgroup="Domain Users" unixgroup=smb-domain-users rid=513 sudo net groupmap add ntgroup="Domain Guests" unixgroup=smb-domain-guests rid=514 sudo net groupmap add ntgroup="Domain Computers" unixgroup=smb-domain-computers rid=515 ## Add Samba domain admin sudo useradd -g 512 -d /dev/null -s /bin/false devadm sudo passwd devadm sudo pdbedit -a -u devadm ## Add Samba machine account sudo useradd -g 515 -d /dev/null -s /bin/false devsrv01$ sudo pdbedit -a -u devsrv01$ Here is a dump of smb.conf, using testparm: Load smb config files from /etc/samba/smb.conf Processing section "[netlogon]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] ? ? ? ?workgroup = DEVNET ? ? ? ?netbios name = PDC ? ? ? ?passdb backend = tdbsam:/etc/samba/passdb.tdb ? ? ? ?log level = 2 ? ? ? ?log file = /var/log/samba/samba.log ? ? ? ?name resolve order = wins ? ? ? ?load printers = No ? ? ? ?disable spoolss = Yes ? ? ? ?logon path ? ? ? ?logon home ? ? ? ?domain logons = Yes ? ? ? ?os level = 33 ? ? ? ?preferred master = Yes ? ? ? ?domain master = Yes ? ? ? ?dns proxy = No ? ? ? ?wins support = Yes [netlogon] ? ? ? ?path = /var/lib/samba/netlogon
> Emil, could you please open a bug about this on > > bugzilla.samba.org and include your C:\windows\debug\netsetup.log file ? > > I would like to reproduce that and see what is going wrong. > > Thanks, > Guenther > > -- > G?nther Deschner GPG-ID: 8EE11688 > Red Hat gdeschner at redhat.com > Samba Team gd at samba.org >Hello G?nther, I'll be glad to do that! However, I do realise that my Samba version 3.0.28a is very old. Please let me know on which product I should post my bug report. Thank you, Emil Konow