samba - Oct 2011 - Adding a machine acount

Hi,

I migrated from an MS NT Domain to a samba3 domain some time back. I
forgot about a couple of machines and am trying to add them. These are
Buffalo NAS workstations so are basically *nix machines with a web
interface. I have not had to add any machines to the domain from the
samba PDC before. This is what I've done. I tried to add the machine
using it's web interface but it failed and I noticed these errors in
the sambaPDC logs:

[2011/10/12 10:28:49.106714,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation FOOBAR$: no account in domain
[2011/10/12 10:28:49.106886,  0]
rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for
account FOOBAR$: NT_STATUS_ACCESS_DENIED
[2011/10/12 10:28:49.118230,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation FOOBAR$: no account in domain
[2011/10/12 10:28:49.118312,  0]
rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for
account FOOBAR$: NT_STATUS_ACCESS_DENIED

The machine didn't seem to be in the ldap backend. So I added it with
`smbldpa-useradd -w foobar`. I then went back to the user interface
and tried again. I got the same error. I tried `pdbedit -Lv | grep -i
foobar` and got "Username not found!".

I'm not sure if smbldap tool is not working but I did pdbedit -a -m
FOOBAR$. I tried to get FOOBAR (not real name) to join again and this
time got this error:

[2011/10/12 11:06:20.745128,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client LEDA machine account LEDA$
[2011/10/12 11:06:20.753498,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client LEDA machine account LEDA$

I'm a little lost now. I wouldn't mind if someone can explain or
confirm if I should do smbldap-useradd and pdbedit to add an account
(machine or otherwise) but I'd really appreciate some help resoling
this authentication problem.

Thanks in advance,
Dermot.

Al 12/10/2011 13:33, En/na Dermot ha escrit:
> Hi,
>
> I migrated from an MS NT Domain to a samba3 domain some time back. I
> forgot about a couple of machines and am trying to add them. These are
> Buffalo NAS workstations so are basically *nix machines with a web
> interface.
Most probably the web interface only allows to join an AD domain (at 
least that's what happens to a Lacie network drive, I suppose Buffalo 
does the same).
Even obtaining shell access and manually configuring samba to join the 
domain wouldn't work (the stock firmware would rewrite the configuration 
at every boot), so the only option is to replace the stock firmware with 
a normal Linux distribution (usually debian), provided there's one 
available for your model and you can find instruction on how to do it 
(e.g. at nas-central.org).
If you don't know what you're doing, don't do it, not only will you
void
your warranty, you can also lose all of the data in it.

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004 (Ext.133)  Fax +34 935883007