Ash, Can you check the value of the restrictanonymous registry key on your NT4 server - I think if it's set higher than 0 or 1 you'll be prevented from joining the Domain. Set it to 0, let the Samba box join, and set it back to the previous level. You'll find the setting in 3 places with regedit; 2 are editable, and the 3rd is the current setting.
Also, I'm using the smbusers file to map *nix-Windows users, because I'm not running winbindd (it's an OpenBSD box). I've got an entry of: root=administrator You might try adding that file/entry to see if it helps. I guess the --long doesn't display anything, or you have to tell it to debug in order for it to work... If you're not using a WINS server, I'd add this to your smb.conf: name resolve order = lmhosts host bcast I'm not sure if your lmhosts entry for the NT4 server is gnsi_server1 or gnsi_server1<0x20> I think it should be the former. Jim > -----Original Message----- > From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > Sent: Friday, April 15, 2005 9:20 AM > To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org > Subject: Re: [Samba] Unable to join samba server to a NT4 style domain > > > Jim, > > I tried something as per your suggestion: > > # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'xxxxx' > > This gave me the output listed below. Hopefully, this will > help shed some light on the problem. Do you know what does > status NT_STATUS_ACCESS_DENIED mean? > > Thanks, > > Ash > > ---------------------8<-------------------- > > [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) > lp_load: refreshing parameters > [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) > Initialising global parameters > [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) > params.c:pm_process() - Processing configuration file > "/usr/local/samba/lib/smb.conf" > [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) > Processing section "[global]" > [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.2.37 bcast=192.168.2.255 > nmask=255.255.255.0 > [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) > resolve_lmhosts: Attempting lmhosts lookup for name > gnsi_server1<0x20> > [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name gnsi_server1<0x20> > [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) > resolve_wins: WINS server resolution selected and no WINS > servers listed. > [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) > resolve_hosts: Attempting host lookup for name gnsi_server1<0x20> > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=gnsi_server1 > [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 192.168.2.11 at port 445 > [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) > failed tcon_X with NT_STATUS_ACCESS_DENIED > [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) > Cannot connect to server (anonymously). Error was > NT_STATUS_ACCESS_DENIED > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=gnsi_server1 > [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 192.168.2.11 at port 445 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(708) > Doing spnego session setup (blob length=110) > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 2 840 48018 1 2 2 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 2 840 113554 1 2 2 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 2 840 113554 1 2 2 3 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(733) > got OID=1 3 6 1 4 1 311 2 2 10 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(740) > got [EMAIL PROTECTED] > [2005/04/15 12:09:30, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(869) > Got challenge flags: > [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x62890215 > [2005/04/15 12:09:30, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(891) > NTLMSSP: Set final flags: > [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > NTLMSSP Sign/Seal - Initialising with flags: > [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60080215 > [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 > [2005/04/15 12:09:30, 3] > libsmb/cliconnect.c:cli_start_connection(1406) > Connecting to host=gnsi_server1 > [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 192.168.2.11 at port 445 > [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) > failed tcon_X with NT_STATUS_ACCESS_DENIED > [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) > Cannot connect to server (anonymously). Error was > NT_STATUS_ACCESS_DENIED > Unable to join domain GLOBALNET. > [2005/04/15 12:09:30, 2] utils/net.c:main(897) > return code = 1 > > > -----------------------------8<------------------- > > > > ------Original Message----- > -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] > -Sent: Thursday, April 14, 2005 09:42 PM > -To: ''Ashutosh Kamdar'', samba@lists.samba.org > -Subject: RE: [Samba] Unable to join samba server to a NT4 > style domain > - > -Ash, > - > -net help rpc shows the following for the --long option: > - > --l or --long Display full information > - > -In what I've found from googling and > -the Samba-Guide (thanks, John!), > -it looks like net rpc join will create the > -Domain machine account when you run it; if > -MYSERVER already exists, you'll be prevented > -from creating a duplicate entry. > - > -Try deleting MYSERVER from the Domain. > - > -then run your original command... > - > -./net rpc join -U administrator%'xxxxxxxx' > - > -or ./net rpc join -S NT4SERVER -U administrator%'xxxxxxxx' > - > -and see what happens. > - > -If this works, it reinforces this comment from my earlier link: > - > -This process joins the server to the domain > -without having to create the machine trust > -account on the PDC beforehand. > - > -and is a change from Samba 2.x, which required > -the creation of the machine trust account > -on the PDC before running "smbpasswd -j DOM -r DOMPDC". > - > -John: if this is true, can Chap 7 be amended to > -reflect the change? > - > -Jim > - > -> -----Original Message----- > -> From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > -> Sent: Thursday, April 14, 2005 2:25 PM > -> To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org > -> Subject: Re: [Samba] Unable to join samba server to a NT4 > style domain > -> > -> > -> Jim, > -> > -> I have Samba shut down while executing the net rpc join > -> commands, as the HOW-TO says. > -> > -> On trying the following, > -> > -> # ./net rpc join -S NTSERVER > -> Password: > -> > -> This is the response I get, > -> > -> Could not connect to server NTSERVER > -> The username or password was not correct. > -> > -> The password used was that of the administrator authorized to > -> add machines to the domain. Is there any other > -> username/password I should be using? > -> > -> On trying this, > -> > -> net join -S NT4SERVER -U administrator%'xxxxxxxx' -W > -> MYWORKGROUP --long > -> > -> This is the response I get, > -> > -> Unable to join domain <domain-name>. > -> > -> BTW, what does the switch --long do? > -> > -> I have followed the exact steps in the document you have > -> pointed out and the HOW-TOs. Thanks for pointing that out > -> this particular chapter. > -> > -> Regards, > -> > -> Ash > -> > -> ------Original Message----- > -> -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] > -> -Sent: Thursday, April 14, 2005 08:30 PM > -> -To: ''Ashutosh Kamdar'', samba@lists.samba.org > -> -Subject: RE: [Samba] Unable to join samba server to a NT4 > -> style domain > -> - > -> -Ash, > -> - > -> -Do you have Samba shut down while you're > -> -running net rpc join? The daemons > -> -shouldn't be running, AFAIK. > -> - > -> -Make sure they're down, and try your earlier > -> -net rpc join commands... > -> - > -> -If that doesn't work, try just: > -> - net rpc join -S NT4SERVER > -> - > -> -Maybe try deleting MYSERVER from the domain, > -> -then > -> -net join -S NT4SERVER -U administrator%'xxxxxxxx' -W > -> MYWORKGROUP --long > -> - > -> -See > -> -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain > -> -member.html#id > -> -2522086 > -> - > -> - > -> -Jim > -> - > -> - > -> -> -----Original Message----- > -> -> From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > -> -> Sent: Thursday, April 14, 2005 12:50 PM > -> -> To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org > -> -> Subject: Re: [Samba] Unable to join samba server to a NT4 > -> style domain > -> -> > -> -> > -> -> Jim, > -> -> > -> -> Yes, the NTSERVER is a PDC. Do you know of a way to see any > -> -> kind of logs on the net join rpc command? > -> -> > -> -> -Ash > -> -> > -> -> ------Original Message----- > -> -> -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] > -> -> -Sent: Thursday, April 14, 2005 07:40 PM > -> -> -To: ''Ashutosh Kamdar'', samba@lists.samba.org > -> -> -Subject: RE: [Samba] Unable to join samba server to a NT4 > -> -> style domain > -> -> - > -> -> -Ash, > -> -> - > -> -> -Is NT4SERVER the PDC? > -> -> -If not, use -S PDC instead of -S NT4SERVER > -> -> - > -> -> -Jim > -> -> - > -> -> -> -----Original Message----- > -> -> -> From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > -> -> -> Sent: Thursday, April 14, 2005 12:24 PM > -> -> -> To: Van Sickler, Jim; 'Ashutosh Kamdar'; > samba@lists.samba.org > -> -> -> Subject: Re: [Samba] Unable to join samba server to a NT4 > -> -> style domain > -> -> -> > -> -> -> > -> -> -> Jim, > -> -> -> > -> -> -> For all of the four commands you have mentioned, I get the > -> -> -> same response: > -> -> -> > -> -> -> Unable to join domain <domain-name>. > -> -> -> > -> -> -> There are no error messages or explanation with it, just the > -> -> -> plain text. > -> -> -> > -> -> -> Regards, > -> -> -> > -> -> -> Ash > -> -> -> > -> -> -> ------Original Message----- > -> -> -> -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] > -> -> -> -Sent: Thursday, April 14, 2005 07:15 PM > -> -> -> -To: ''Ashutosh Kamdar'', samba@lists.samba.org > -> -> -> -Subject: RE: [Samba] Unable to join samba server to a NT4 > -> -> -> style domain > -> -> -> - > -> -> -> -Ash, > -> -> -> - > -> -> -> -try one of the following: > -> -> -> - > -> -> -> -./net rpc join -S NT4SERVER -U administrator > -> -> -> - > -> -> -> -./net rpc join -S NT4SERVER -U administrator%'xxxxxxxx' > -> -> -> - > -> -> -> -./net rpc join -W MYWORKGROUP -U administrator > -> -> -> - > -> -> -> -./net rpc join -W MYWORKGROUP -U administrator%'xxxxxxxx' > -> -> -> - > -> -> -> -Jim > -> -> -> - > -> -> -> -> -----Original Message----- > -> -> -> -> From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > -> -> -> -> Sent: Thursday, April 14, 2005 11:48 AM > -> -> -> -> To: Van Sickler, Jim; samba@lists.samba.org > -> -> -> -> Subject: Re: [Samba] Unable to join samba server to a NT4 > -> -> -> style domain > -> -> -> -> > -> -> -> -> > -> -> -> -> Jim, > -> -> -> -> > -> -> -> -> -Try adding the Samba server to the NT4 Domain first. > -> -> -> -> Response: The samba server has already been added to > -> -> the NT domain. > -> -> -> -> > -> -> -> -> -Is the NT4 server also a WINS server? > -> -> -> -> -If so, add that info to the smb.conf > -> -> -> -> - > -> -> -> -> -wins server = xxx.xxx.xxx.xxx > -> -> -> -> -name resolve order = wins lmhosts host bcast > -> -> -> -> - > -> -> -> -> -Put the NT4 server info into /etc/lmhosts > -> -> -> -> -and /etc/hosts > -> -> -> -> -xxx.xxx.xxx.xxx NT4SERVER > -> -> -> -> > -> -> -> -> Response: The NT server is not functioning as a > WINS server. > -> -> -> -> The /etc/hosts and /etc/lmhosts already have the > entry for > -> -> -> -> the NT server. The server can also resolve the > NTSERVER_NAME > -> -> -> -> using DNS. > -> -> -> -> > -> -> -> -> I also used rpcclient to see if there any connection > -> -> -> -> problems, and it was able to connect just fine to the > -> -> -> -> NTSERVER. Thorougly confused. > -> -> -> -> > -> -> -> -> Any other ideas? > -> -> -> -> > -> -> -> -> Thanks for your response, > -> -> -> -> > -> -> -> -> Ash > -> -> -> -> > -> -> -> -> - > -> -> -> -> -> -----Original Message----- > -> -> -> -> -> From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] > -> -> -> -> -> Sent: Thursday, April 14, 2005 12:58 AM > -> -> -> -> -> To: samba@lists.samba.org > -> -> -> -> -> Subject: [Samba] Unable to join samba server to a NT4 > -> -> -> style domain > -> -> -> -> -> > -> -> -> -> -> > -> -> -> -> -> Hello, > -> -> -> -> -> > -> -> -> -> -> I have installed Samba version 3.0.13 on a > -> Solaris 9 machine > -> -> -> -> -> and am trying to add it to an existing NT domain > -> as a member > -> -> -> -> -> server. I have followed the instructions in > -> Chapter 2 of the > -> -> -> -> -> Samba HOW-TO collection for adding a samba server as > -> -> a Domain > -> -> -> -> -> member. The problem is that when i use the net > rpc join > -> -> -> -> -> command to join the domain, I get the following error: > -> -> -> -> -> > -> -> -> -> -> # ./net rpc join -U administrator%'xxxxxxxx' > -> -> -> -> -> > -> -> -> -> -> Unable to find a suitable server > -> -> -> -> -> > -> -> -> -> -> Unable to find a suitable server > -> -> -> -> -> > -> -> -> -> -> Specifying the domain name with a -w switch or the > -> -> PDC doesnt > -> -> -> -> -> seem to help. > -> -> -> -> -> > -> -> -> -> -> Is there a way for me to see a detailed version > -> of the error > -> -> -> -> -> message or some log file where this is dumped to? I am > -> -> -> -> -> posting the smb.conf for reference. Please help > -> me resolve > -> -> -> -> -> this error. > -> -> -> -> -> > -> -> -> -> -> Thanks, > -> -> -> -> -> > -> -> -> -> -> Ash > -> -> -> -> -> > -> -> -> -> -> > -> -> -> -> > -> -> -> > -> -> > -> > ----------------------------------8<---------------------------------- > -> -> -> -> -> smb.conf > -> -> -> -> -> > -> -> -> -> -> [global] > -> -> -> -> -> dns proxy = no > -> -> -> -> -> debug timestamp = yes > -> -> -> -> -> encrypt passwords = yes > -> -> -> -> -> idmap gid = 15000-20000 > -> -> -> -> -> socket options = TCP_NODELAY > -> -> -> -> -> max log size = 1024 > -> -> -> -> -> password server = * > -> -> -> -> -> idmap uid = 15000-20000 > -> -> -> -> -> debug level = 3 > -> -> -> -> -> security = domain > -> -> -> -> -> server string = Samba Server > -> -> -> -> -> workgroup = MYWORKGROUP > -> -> -> -> -> log level = 3 > -> -> -> -> -> log file = /usr/local/samba/var/log.%m > -> -> -> -> -> netbios name = MYSERVER > -> -> -> -> -> load printers = yes > -> -> -> -> -> os level = 33 > -> -> -> -> -> default = share > -> -> -> -> -> [homes] > -> -> -> -> -> comment = Home Directories > -> -> -> -> -> valid users = %S > -> -> -> -> -> browseable = no > -> -> -> -> -> writable = yes > -> -> -> -> -> > -> -> -> -> -> [printers] > -> -> -> -> -> comment = All Printers > -> -> -> -> -> path = /usr/spool/samba > -> -> -> -> -> browseable = no > -> -> -> -> -> guest ok = no > -> -> -> -> -> writable = no > -> -> -> -> -> printable = yes > -> -> -> -> -> > -> -> -> -> -> [share] > -> -> -> -> -> path = /share > -> -> -> -> -> comment = Solaris share > -> -> -> -> -> valid users = @Accounts > -> -> -> -> -> guest ok = Yes > -> -> -> -> -> read only = No > -> -> -> -> -> > -> -> -> -> -> > -> -> -> -> > -> -> -> > -> -> > -> > ----------------------------------8<---------------------------------- > -> -> -> -> -> > -> -> -> -> -> > -> -> -> -> -> > -> -> -> -> -> -- > -> -> -> -> -> To unsubscribe from this list go to the following URL > -> -> -> and read the > -> -> -> -> -> instructions: > -https://lists.samba.org/mailman/listinfo/samba > --> -> -> -> > --> -> -> - > --> -> -> > --> -> -> > --> -> - > --> -> > --> -> > --> - > --> > --> > -- > - > - > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba