samba - Apr 2011 - problem with linux server as domain member in samba pdc

Hello,

My problem is the following : I've a domain controller under linux Samba 
3.5.5 with LDAP.
I want to include a Linux Samba as domain member but I've the following 
error :

_netr_ServerAuthenticate2: failed to get machine password for account 
SSCFICHIERS$: NT_STATUS_ACCESS_DENIED

I've put the following in smb.conf :

workgroup = <mydomain>
wins server = <ip of my samba PDC>
password server = <ip of my samba PDC>
security = domain

I've too configured nsswitch.conf / libnss and pam so getent 
passwd/group/shadow  so is connected too the underlying ldap : this is ok.

net rpc join is successful and I can see the entry in my ldap tree and 
the secrets.tdb file is created in /var/lib/samba.

So i've don't understand where is the problem ...

Help appreciate

-- 
Herv? H?noch
Responsable informatique
Institut Sainte Catherine
1750, chemin du Lavarin, 84000 Avignon
T?l?phone : 04.90.27.57.44
Messagerie : h.henoch at isc84.org

Herv? H?noch wrote:
> Hello,
>
> My problem is the following : I've a domain controller under linux 
> Samba 3.5.5 with LDAP.
> I want to include a Linux Samba as domain member but I've the 
> following error :
>
> _netr_ServerAuthenticate2: failed to get machine password for account 
> SSCFICHIERS$: NT_STATUS_ACCESS_DENIED
>
> I've put the following in smb.conf :
>
> workgroup = <mydomain>
> wins server = <ip of my samba PDC>
> password server = <ip of my samba PDC>
> security = domain
>
> I've too configured nsswitch.conf / libnss and pam so getent 
> passwd/group/shadow  so is connected too the underlying ldap : this is 
> ok.
>
> net rpc join is successful and I can see the entry in my ldap tree and 
> the secrets.tdb file is created in /var/lib/samba.
>
> So i've don't understand where is the problem ...
I have a similar installation, but works fine.
PDC: samba 3.4.5 ( use source) and ldap
member server: samba-3.0.28 (comes with RHEL 5.2)
On member server, I did this:
# /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass
# service smb start

Can you make sure
1. there is no ldap config in smb.conf on the member server;
2. getent passwd / getent group show you the same results on PDC and 
member server.

Allen