Try this one... JT
-----Original Message----- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 11:39 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Here you go In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT > -----Original Message----- > From: James Taylor [mailto:[EMAIL PROTECTED] > Sent: Friday, March 03, 2006 3:02 PM > To: 'Bevan Agard' > Cc: samba@lists.samba.org > Subject: RE: [Samba] Can't join my domain > > Sorry I wasn't able to reply earlier. > > Can you send me a copy of your smbldap-useradd script? What is happening > is > that the script is not adding the sambaSAMAccount information to the > machine > account it is creating. The -w switch should add this information. It > could > be this script needs to be modified to make appropriate changes. > > JT > > -----Original Message----- > From: Bevan Agard [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 02, 2006 6:44 AM > To: 'James Taylor' > Cc: samba@lists.samba.org > Subject: RE: [Samba] Can't join my domain > > I have tried running smbldap-useradd with various switches however > objectClass: sambaSAMAccount > sambaSID: "domain sid"-xxx > > and any other sambaxxxx info only gets added if it is run with the -a > options which makes it a user not a machine. > I am using smbldap 0.9.1 with samba 3.0.14a-2 > > I don't if anyone has experienced this before but any help would be > appreciated. > > I would really like to get this box set up as our PDC that would be able > to > do single sign-on and manage windows user accounts. > > > In the World one must be able to > Adapt, and Evolve > Or run the risk of becoming EXTINCT > > > -----Original Message----- > > From: James Taylor [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 22, 2006 4:06 PM > > To: 'Bevan Agard' > > Cc: samba@lists.samba.org > > Subject: RE: [Samba] Can't join my domain > > > > Then that would be your problem... change your Add Machine Script... > > > > smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' > > > > Then try adding a new machine. > > > > JT > > > > -----Original Message----- > > From: Bevan Agard [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 22, 2006 12:04 PM > > To: 'James Taylor' > > Subject: RE: [Samba] Can't join my domain > > > > > > > > In the World one must be able to > > Adapt, and Evolve > > Or run the risk of becoming EXTINCT > > > > > -----Original Message----- > > > From: James Taylor [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, February 22, 2006 3:59 PM > > > To: 'Bevan Agard' > > > Subject: RE: [Samba] Can't join my domain > > > > > > Does the LDAP Machine account include: > > > objectClass: sambaSAMAccount > > > sambaSID: "domain sid"-xxxx > > > > > > JT > > [Bevan Agard] > > > > Actually it does not. strange > > > > > > -----Original Message----- > > > From: Bevan Agard [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, February 22, 2006 11:53 AM > > > To: 'James Taylor' > > > Subject: RE: [Samba] Can't join my domain > > > > > > > > > > > > In the World one must be able to > > > Adapt, and Evolve > > > Or run the risk of becoming EXTINCT > > > > > > > -----Original Message----- > > > > From: James Taylor [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, February 22, 2006 3:04 PM > > > > To: 'Bevan Agard' > > > > Subject: RE: [Samba] Can't join my domain > > > > > > > > When you are trying to join a system to your Domain are the computer > > > > accounts created in your LDAP Database as "machinename$" also with > the > > > > sambaSAMAccount information? > > > > > > > [Bevan Agard] > > > Yes the machine name gets added to the LDAP Database and I get an > error > > on > > > the windows box stating > > > "Cannot join Domain" > > > "User name not found" > > > > > > > > > > > > > What does your SAMBA "Add Machine Script" look like in your smb.conf > > > file? > > > > > > > > JT > > > [Bevan Agard] > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > > > > > > > > > > > > > -----Original Message----- > > > > From: Bevan Agard [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, February 22, 2006 11:00 AM > > > > To: 'James Taylor'; samba@lists.samba.org > > > > Subject: RE: [Samba] Can't join my domain > > > > > > > > > > > > > > > > In the World one must be able to > > > > Adapt, and Evolve > > > > Or run the risk of becoming EXTINCT > > > > > > > > > -----Original Message----- > > > > > From: James Taylor [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, February 22, 2006 2:39 PM > > > > > To: 'Bevan Agard'; samba@lists.samba.org > > > > > Subject: RE: [Samba] Can't join my domain > > > > > > > > > > What do your Add Machine Scripts look like in Samba? Also, are > you > > > > using > > > > > the smbldap-tools from idealx? > > > > > > > > > [Bevan Agard] > > > > > > > > I am using the scripts from idealx. > > > > > > > > I followed the HOWTO on samba.org (Happy Users Ch 5) > > > > > > > > > > > > > JT > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] > On > > > > Behalf > > > > > Of Bevan Agard > > > > > Sent: Wednesday, February 22, 2006 5:12 AM > > > > > To: samba@lists.samba.org > > > > > Subject: [Samba] Can't join my domain > > > > > > > > > > Guys and dolls, > > > > > Greetings, I hope you all are in good health, great spirits and > your > > > > > glasses > > > > > never empty. > > > > > > > > > > I have a samba, openldap question. > > > > > > > > > > I am trying to setup a FC-4 box to be a PDC for a small network of > > > about > > > > > 150 > > > > > users. I was following the HOWTO on the SAMBA site. Everything > > seems > > > > to > > > > > be > > > > > fine however I cannot join the domain. I get the error "User name > > > could > > > > > not > > > > > be found." The error logs show that the login/password used to > join > > > the > > > > > domain was accpeted and correct. I decided to step back a bit to > > see > > > if > > > > > the > > > > > PDC could join the domain but also no luck. I got the following > > when > > > I > > > > > ran > > > > > the command > > > > > > > > > > [EMAIL PROTECTED] ~]# net rpc join -d 3 -l -S PDC -U root > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) > > > > > lp_load: refreshing parameters > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) > > > > > Initialising global parameters > > > > > [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) > > > > > params.c:pm_process() - Processing configuration file > > > > > "/etc/samba/smb.conf" > > > > > [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) > > > > > Processing section "[global]" > > > > > [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) > > > > > WARNING: The "min passwd length" option is deprecated > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > > > > > added interface ip=10.50.0.20 bcast=10.50.255.255 > > nmask=255.255.0.0 > > > > > [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) > > > > > added interface ip=127.0.0.1 bcast=127.255.255.255 > nmask=255.0.0.0 > > > > > [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) > > > > > resolve_wins: Attempting wins lookup for name PDC<0x20> > > > > > [2006/02/21 10:57:03, 3] > libsmb/namequery.c:name_resolve_bcast(694) > > > > > name_resolve_bcast: Attempting broadcast lookup for name > PDC<0x20> > > > > > [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) > > > > > Got a positive name query response from 10.50.0.20 ( 10.50.0.20 > ) > > > > > [2006/02/21 10:57:03, 3] > > > libsmb/cliconnect.c:cli_start_connection(1406) > > > > > Connecting to host=PDC > > > > > [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) > > > > > Connecting to 10.50.0.20 at port 445 > > > > > [2006/02/21 10:57:04, 3] > > > > rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) > > > > > cli_nt_setup_creds: auth2 challenge failed > NT_STATUS_ACCESS_DENIED > > > > > [2006/02/21 10:57:04, 3] > > > > libsmb/trusts_util.c:just_change_the_password(43) > > > > > just_change_the_password: unable to setup creds > > > > > (NT_STATUS_ACCESS_DENIED)! > > > > > [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) > > > > > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > > > > > Password: > > > > > [2006/02/21 10:57:10, 3] > > > libsmb/cliconnect.c:cli_start_connection(1406) > > > > > Connecting to host=PDC > > > > > [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) > > > > > Connecting to 10.50.0.20 at port 445 > > > > > [2006/02/21 10:57:10, 3] > > > > libsmb/cliconnect.c:cli_session_setup_spnego(708) > > > > > Doing spnego session setup (blob length=58) > > > > > [2006/02/21 10:57:10, 3] > > > > libsmb/cliconnect.c:cli_session_setup_spnego(733) > > > > > got OID=1 3 6 1 4 1 311 2 2 10 > > > > > [2006/02/21 10:57:10, 3] > > > > libsmb/cliconnect.c:cli_session_setup_spnego(740) > > > > > got principal=NONE > > > > > [2006/02/21 10:57:10, 3] > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(869) > > > > > Got challenge flags: > > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > > > Got NTLMSSP neg_flags=0x60890215 > > > > > [2006/02/21 10:57:10, 3] > > > libsmb/ntlmssp.c:ntlmssp_client_challenge(891) > > > > > NTLMSSP: Set final flags: > > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > > > Got NTLMSSP neg_flags=0x60080215 > > > > > [2006/02/21 10:57:10, 3] > > libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) > > > > > NTLMSSP Sign/Seal - Initialising with flags: > > > > > [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > > > > Got NTLMSSP neg_flags=0x60080215 > > > > > [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > > > > > lsa_io_sec_qos: length c does not match size 8 > > > > > Creation of workstation account failed > > > > > Unable to join domain CDCGA. > > > > > [2006/02/21 10:57:12, 2] utils/net.c:main(897) > > > > > return code = 1 > > > > > > > > > > I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of > > yet. > > > > > > > > > > Have any of you samba sensei seen anything like this or have an > > > > > suggestions > > > > > as to how to kick this trouble ticket out. > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > In the World one must be able to > > > > > > > > > > Adapt, and Evolve > > > > > > > > > > Or run the risk of becoming EXTINCT > > > > > > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read the > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > >
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
