[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems adding Win clients to domain

Subject: Re: Problems adding Win clients to domain
From: Lars-Gunnar Persson <email@hidden>
Date: Wed, 23 Aug 2006 10:17:31 +0200
Delivered-to: email@hidden
Delivered-to: email@hidden

I've now tried a couple of other things without success:

I run this command to try to add the server which is the PDC to the domain:

   net rpc join -S [SERVER] -Uroot%[password]

Today that command gave me the following output:

[2006/08/23 09:23:07, 0] /SourceCache/samba/samba-92.9/samba/source/ utils/net_rpc_join.c:net_rpc_join_newstyle(279) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain [DOMAIN].

Yesterday I got a bit more interesting error message including

decode_pw_buffer: incorrect password length (945999123).

After searching the web I found two references regarding mac is x server and samba about this:

At AFP548:
http://www.afp548.com/forum/viewtopic.php?showtopic=11873

There were a couple of suggestions:

1. Change the server from PDC to Single Server and back again. In a way I've tried that by removing the /etc/smb.conf and /var/samba.

2. Set the password of the directory administrator a couple of times and then it should work. Tried that but it didn't work for me.

At this mailing list in August 2005:

3. A tip from Michael Bartosh: /usr/bin/opendirectorypdbconfig -c set_authenticator -r admin-name -p xxxxx -n /LDAPv3/127.0.0.1 Tried it, but didn't work.

At the moment I believe it may be the file

    /var/db/samba/secrets.tdb

since I didn't delete it when I reconfigured Samba. I was also surprised that the SID of the Samba domain didn't change when I reconfigured Samba.

My question is then: Is it safe to rename this file and and then start Samba again? Or will the domain loose it SID and I have to add all the Win clients again? But if I run the command:

   sudo net getlocalsid [DOMAIN]

before the renaming and then run the command:

   net setlocalsid SID

after. Will this procedure do it?

Regards,

Lars-Gunnar Persson


On 22. aug. 2006, at 14.24, Lars-Gunnar Persson wrote:

I tried now to create a new user [winadmin] with all privileges and tried to add a Win 2k computer but I got the same error.

I also tried to create a group "Domain Admins" and add the new admin account to this group. Checked that the user was a member of the group with the command:
   net user info |winadmin]
and got back the result
   Domain Admins
I also updated the group mapping for "Domain Admins", to be sure that the group is a Domain group and not a local group, with the command

net groupmap modify ntgroup="Domain Admins" unixgroup=domainadmins type=domain
Tested the Win client again, but it still didn't work.
Thank you for your reply!
Lars-Gunnar Persson
On 22. aug. 2006, at 13.51, email@hidden wrote:
I would create a new domain admin account that will allow you to add machines to the domain. Experience tells me this is a privilege issue with the admin account.

On Tuesday, August 22, 2006, at 06:07AM, Lars-Gunnar Persson <lars- email@hidden> wrote:
I'm not able to add Win clients to my domain anymore. I receive an
error on the PC (2000 or XP):
"The following error occurred attempting to join the domain "[DOMAIN]": Logon failure: unknown user name or password."
But I am able to log on to the server when accessing shares and
printers. This error message only appears when joining the domain.
And on the Mac OS X 10.4.7 server I get the following in my log.smbd:

[2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/ source/ auth/auth.c:check_ntlm_password(360) check_ntlm_password: authentication for user [tmpadmin] -> [tmpadmin] -> [tmpadmin] succeeded [2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/ source/ lib/module.c:do_smb_load_module(63) Module '/usr/lib/samba/vfs/darwin_acls.so' loaded [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ rpc_server/srv_samr_nt.c:_samr_lookup_domain(2531) Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477 [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ rpc_server/srv_samr_nt.c:_samr_lookup_domain(2531) Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477 [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_user: ACCESS DENIED (requested: 0x000000b0) [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_user: ACCESS DENIED (requested: 0x00000090) [2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/ source/ smbd/server.c:exit_server(595) Closing connections
where DOMAIN is my domain name and tmpadmin is a user account with
all privileges.
I've been googling (oops, I'm not sure I can say that :-)) and
reading all the documentation I could find, but without any luck.
What's strange is that when the server was installed I was able to add a lot of clients. Then I've probably done something wrong and now I'm getting into trouble. So, what have I been doing?
Editing /etc/smb.conf
   * Adding the line:  logon home = \\[FILESERVER]\%U
   * Removing the line: #logon path = \\%N\profiles\%u
Adding a group mapping with the command net
   net groupmap add ntgroup="Domain Admins" unixgroup="admin"
type=domain
   net groupmap cleanup
but also reverted back to default group mappings.
Reconfigured the Windows service by removing /var/samba and /etc/
smb.conf. Didn't help.
Editing /etc/openldap/slapd.conf:
  * Adding a schema from ldapuserdata ( a Squirrelmail plug-in) but
has removed this schema now.
Are there other services/configuration files I have to look at?
Do you have ANY tips? This is starting to get urgent for me now!
Regards,
Lars-Gunnar Persson
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/groveton% 40mac.com
This email sent to email@hidden
Lars-Gunnar Persson
Nansen Environmental and Remote Sensing Center
Thormøhlensgt. 47, N-5006 BERGEN, NORWAY
Phone  : + 47 55 20 58 31, Fax: + 47 55 20 58 01
Mobile : + 47 932 23 560, E-mail : email@hidden
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/lars- email@hidden
This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Problems adding Win clients to domain [SOLVED]
  - From: Lars-Gunnar Persson <email@hidden>

References:
	>Problems adding Win clients to domain (From: Lars-Gunnar Persson <email@hidden>)
	>Re: Problems adding Win clients to domain (From: email@hidden)
	>Re: Problems adding Win clients to domain (From: Lars-Gunnar Persson <email@hidden>)

Prev by Date: Re: Dock preferences for new logins
Next by Date: Re: SigTerm on windows services
Previous by thread: Re: Problems adding Win clients to domain
Next by thread: Re: Problems adding Win clients to domain [SOLVED]
Index(es):
- Date
- Thread

Home