samba - Sep 2009 - Domain Member Server connecting to Samba PDC

Hello:

I'm trying to set up a small domain on my home network. ?The goal is
to have a domain member server connect to my samba PDC using winbind
for authentication against a tdbsam database. ?I've tried reading the
official howto, and a few help sites, but I'm still having difficulty
accomplishing my goal. ?I'm using Samba 3.3.2 on Fedora 11 for both
computers.

On the DMS, connecting to the domain (net rpc join) reports that it
has connected successfully. ?On the server, these errors are logged
(though I suspect most are not actual errors):
[2009/09/10 16:08:06, ?0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
?get_md4pw: Workstation TV$: no account in domain
[2009/09/10 16:08:06, ?0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(528)
?_netr_ServerAuthenticate2: failed to get machine password for
account TV$: NT_STATUS_ACCESS_DENIED
[2009/09/10 16:08:06, ?0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
?get_md4pw: Workstation TV$: no account in domain
[2009/09/10 16:08:06, ?0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(528)
?_netr_ServerAuthenticate2: failed to get machine password for
account TV$: NT_STATUS_ACCESS_DENIED
[2009/09/10 16:08:09, ?2] auth/auth.c:check_ntlm_password(308)
?check_ntlm_password: ?authentication for user [root] -> [root] ->
[root] succeeded
[2009/09/10 16:08:09, ?2] libsmb/credentials.c:netlogon_creds_server_check(223)
?netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:08:09, ?0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
?_netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$
[2009/09/10 16:08:09, ?2] libsmb/credentials.c:netlogon_creds_server_check(223)
?netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:08:09, ?0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
?_netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$

Checking the join on the DMS (net rpc testjoin) produces no local
errors, but this error on the PDC:
[2009/09/10 16:07:22, ?2] libsmb/credentials.c:netlogon_creds_server_check(223)
?netlogon_creds_server_check: credentials check failed.
[2009/09/10 16:07:22, ?0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
?_netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client TV machine account TV$

wbinfo -u and -g produce (maybe) a more meaningful error, but not one
I can find an answer to with google:
[2009/09/10 16:08:29, ?2] auth/auth.c:check_ntlm_password(308)
?check_ntlm_password: ?authentication for user [TV$] -> [TV$] ->
[tv$] succeeded
[2009/09/10 16:08:29, ?2] auth/auth.c:check_ntlm_password(308)
?check_ntlm_password: ?authentication for user [TV$] -> [TV$] ->
[tv$] succeeded
[2009/09/10 16:08:29, ?2]
rpc_server/srv_samr_nt.c:access_check_samr_function(247)
?_samr_OpenDomain: ACCESS DENIED (granted: 0x00020010; ?required: 0x00000020)

Can anyone help? ?I originally thought it was an IDMAP problem, but
the errors are not suggesting that in any comprehensible way to me.

Thanks!
Anthony

On Thu, Sep 10, 2009 at 04:13:55PM -0600, Anthony Powell
wrote:
> Hello:
> 
> I'm trying to set up a small domain on my home network. ?The goal is
> to have a domain member server connect to my samba PDC using winbind
> for authentication against a tdbsam database. ?I've tried reading the
> official howto, and a few help sites, but I'm still having difficulty
> accomplishing my goal. ?I'm using Samba 3.3.2 on Fedora 11 for both
> computers.
There had been some bugs in 3.3.2 preventing that unfortunately. We are
currently preparing an update to 3.4.1 for F11.

Could you please give
https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9443
a try (and leave positive feedback if it works for you) ?

Thanks,
Guenther

-- 
G?nther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20090911/59ac7064/attachment.pgp>

> There had been some bugs in 3.3.2 preventing that unfortunately. We are
> currently preparing an update to 3.4.1 for F11.
>
> Could you please give
> https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9443
> a try (and leave positive feedback if it works for you) ?
This worked for me.

Thanks
Anthony

On Fri, Sep 11, 2009 at 06:40:02AM -0600, Anthony Powell
wrote:
> > There had been some bugs in 3.3.2 preventing that unfortunately. We
are
> > currently preparing an update to 3.4.1 for F11.
> >
> > Could you please give
> > https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9443
> > a try (and leave positive feedback if it works for you) ?
> 
> This worked for me.
Great, thanks for the feedback.

Guenther

-- 
G?nther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20090911/1807e7db/attachment.pgp>