Heinz Allerberger
2009-Nov-07 12:59 UTC
[Samba] XP-machines cannot join Samba PDC with tdbsam
High there ... I cannot join my Samba PDC any longer with my XP-machines, I mean I'm not be able to create new machine accounts. The existing machine-accounts in the tdb-database works properly, all the existing XP-machines are joined without any problems. Only it isn't possible to joint the Samba PCD with new machines... My first Samba PDC-Configuration with this tdbsam as the passwd backend, with the same smb.conf as today (please have a look above) I had run with an early version of Samba 3 on a 32bit Server in 2005 with nearly 50 XP-machines as Domain-members. In 2006 I had the first migration of a newer 64bit hardware, this was uncomplicated, all things worked properly with meanwhile 150 XP-machines. Now I had a new hardware-migration of a new 64bit-Server-hardware two weeks ago and I run into some troubles. I did the migration in the same way as before. I stopped the old Server and I copied the /etc/samba/smb.conf with all the scripts and the /var/lib/samba with the tdb-database to the new Server-hardware. The new Server runs with Debian_version 5.0.3 (Lenny), before the old hardware run with Debian_version 4.0 (Etch). The current Samba-Version is 3.2.5-4lenny7. When I try to join the Domain with a XPSP3-Workstation and get the demand "Enter the name and password of an account with permission to join the domain" and fill in the user of the domainadmin and the password, I get the answer "The following error occurred attempting to join the domain "MYDOMAIN, the specified domain either does not exist or could not be contacted". But the Domain exists, this is a fact, all the old XP-Machines, which are members of the domain MYDOMAIN work properly. The user domadmin and the password are really correct, when I try login on a XP-Workstation, which is an old member of the domain, then it works properly, I can without problems login. Have a look at my Domain-Administator rights: ==============================/etc/passwd: domadmin:x:500:512:Domain Administrator MYDOMAIN:/srv/data1/home1/domadmin:/bin/bash /etc/group domadmins:x:512:admin,domadmin Unix username: domadmin NT username: Account Flags: [U ] User SID: S-1-5-21-1656000120-2433418590-619812953-500 lookup_global_sam_rid: looking up RID 512. pdb_getsampwrid (TDB): error looking up RID 512 by key RID_00000200. lookup_rids: Domain Admins:2 Primary Group SID: S-1-5-21-1656000120-2433418590-619812953-512 Full Name: Domain Administrator MYDOMAIN Home Directory: \\domainserver1\domadmin\win HomeDir Drive: U: Logon Script: logon.cmd Profile Path: \\domainserver1\profiles\domadmin Domain: MYDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fr, 06 Nov 2009 12:41:16 CET Password can change: Fr, 06 Nov 2009 12:41:16 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ---------------------------------------------------------------------------------------- domainserver1:~# net rpc rights list accounts -U domadmin -S 192.168.151.240 Enter domadmin's password: MYDOMAIN\domadmin SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned ------------------------------------------------------------------------------------------------------------------- Here are the globals of my smb.conf: [global] unix charset = ISO8859-1 workgroup = MYDOMAIN netbios aliases = Server2 server string = %h update encrypted = Yes obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add user script = /usr/sbin/adduser.sh -p -u "%u" -n "%u" delete user script = /usr/sbin/userdel "%u" add group script = /usr/local/bin/smbgrpadd.sh "%g" delete group script = /usr/sbin/groupdel "%g" add user to group script = /usr/bin/gpasswd -a "%u" "%g" delete user from group script = /usr/bin/gpasswd -d "%u" "%g" set primary group script = /usr/sbin/usermod -g "%g" "%u" add machine script = /usr/sbin/addmachine.sh -u %u logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = U: logon home = \\%N\%U\win domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root --------------------------------------------------------------------------------------- Here are some debug-information from the samba-log: [2009/11/06 14:34:59, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(644) secrets_fetch failed! [2009/11/06 14:34:59, 5] passdb/pdb_tdb.c:tdbsam_getsampwnam(911) pdb_getsampwnam (TDB): error fetching database. Key: USER_root ------------------------------------------------------------------------------------------- Please help, I'm really desperate. Heinz Allerberger
Reasonably Related Threads
- Problems with tdb-database after migration from Debian-Samba-3.2.5-4lenny6 to Samba-3.2.5-4lenny7
- machine account with w2k
- Automating the Samba Install
- joining to a Domain with a tdbsam backend (smb.conf, testparm and log included)
- Migrate NT4 Dom -> Samba 3.0.2a