Re: [Samba] Authentication failure when accessing Samba server in a NT domain
Hello Ankush, Thanks for taking a look at this. I tried the two suggestions that you put forward. Neither of them seemed to solve this problem...I increased the logging level and found the following when trying to connect to the Samba share from the WINXP machine. [2005/04/27 05:51:16, 5] auth/auth_util.c:make_user_info_map(224) make_user_info_map: Mapping user [DOMAINNAME]\[akamdar] from workstation [ASHUTOSH] [2005/04/27 05:51:16, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain DOMAINNAME found. [2005/04/27 05:51:16, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for akamdar (akamdar) [2005/04/27 05:51:16, 5] auth/auth_util.c:make_user_info(142) making strings for akamdar's user_info struct [2005/04/27 05:51:16, 5] auth/auth_util.c:make_user_info(184) making blobs for akamdar's user_info struct [2005/04/27 05:51:16, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/04/27 05:51:16, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/04/27 05:51:16, 5] lib/util.c:dump_data(1995) [000] 49 59 CB 9A EB 49 C4 0E IY...I.. [2005/04/27 05:51:16, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/04/27 05:51:16, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/04/27 05:51:16, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/04/27 05:51:16, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/04/27 05:51:16, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/04/27 05:51:16, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/04/27 05:51:16, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [akamdar] FAILED with error NT_STATUS_ACCESS_DENIED [2005/04/27 05:51:16, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [akamdar] - [akamdar] FAILED with error NT_STATUS_ACCESS_DENIED [2005/04/27 05:51:16, 5] auth/auth_util.c:free_user_info(1380) attempting to free (and zero) a user_info structure [2005/04/27 05:51:16, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/04/27 05:51:16, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2005/04/27 05:51:16, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2005/04/27 05:51:16, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/04/27 05:51:16, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/04/27 05:51:16, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/04/27 05:51:16, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/04/27 05:51:16, 2] smbd/server.c:exit_server(609) Closing connections [2005/04/27 05:51:16, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/04/27 05:51:16, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2005/04/27 05:51:16, 3] smbd/server.c:exit_server(652) Server exit (normal exit) Any thoughts? Regards, Ash --Original Message- -From: ankush grover [mailto:[EMAIL PROTECTED] -Sent: Wednesday, April 27, 2005 07:38 AM -To: 'Ashutosh Kamdar' -Subject: Re: [Samba] Authentication failure when accessing Samba server in a NT domain - -On 4/26/05, Ashutosh Kamdar [EMAIL PROTECTED] wrote: - Hello Samba Gurus, - - I have configured my Samba install to be a domain member of a NT4-Style domain. The version of samba used is 3.0.13. The domain joining process worked fine (net rpc join). An excerpt of smb.conf is provided at the end for reference. - - The problem is that when users access this server, they are challenged for the username password. I was of the impression that this process would be seamless to the user. On providing the NT username/password, the login process still fails. It just comes back with the same prompt challenging the user. - - These users are added in /etc/passwd but not in smbpasswd, as per the documentation. - - On using smbclient: - # ./smbclient -d 3 -U akamdar -L localhost - - This was the output obtained: - lp_load: refreshing parameters - Initialising global parameters - params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf - Processing section [global] - added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 - Client started (version 3.0.13). - resolve_lmhosts: Attempting lmhosts
[Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED
Hello, Specifications of the environment: Samba 3.0.13 running on Solaris 8. This is configured as a domain member of a NT4 style PDC. The smb.conf file is provided for details. Problem definition: When trying to access the Samba server from a windows machine through network neighborhood, the system challenges the user for their credentials. On providing the username/password the system rejects the combination. The Samba logs suggest that winbind authentication for the user has failed with the error message NT_STATUS_ACCESS_DENIED. A more detailed log follows. The user has an entry in /etc/passwd and the NT PDC. Can someone help me understand what causes the windbind authentication to fail and report NT_STATUS_ACCESS_DENIED? Snippet of the error message in the log (log level = 10): [2005/04/27 06:12:09, 6] param/loadparm.c:lp_file_list_changed(2707) lp_file_list_changed() file /usr/local/samba/lib/smb.conf - /usr/local/samba/lib/smb.conf last mod_time: Wed Apr 27 06:06:29 2005 [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info_map(224) make_user_info_map: Mapping user [DOMAINNAME]\[akamdar] from workstation [ASHUTOSH] [2005/04/27 06:12:09, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain DOMAINNAME found. [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for akamdar (akamdar) [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info(142) making strings for akamdar's user_info struct [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info(184) making blobs for akamdar's user_info struct [2005/04/27 06:12:09, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/04/27 06:12:09, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/04/27 06:12:09, 5] lib/util.c:dump_data(1995) [000] D4 E0 B8 07 5D D1 4B FF ].K. [2005/04/27 06:12:09, 8] lib/util.c:is_myname(1815) is_myname(DOMAINNAME) returns 0 [2005/04/27 06:12:09, 6] auth/auth_sam.c:check_samstrict_security(376) check_samstrict_security: DOMAINNAME is not one of my local names (ROLE_DOMAIN_MEMBER) [2005/04/27 06:12:09, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/04/27 06:12:09, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/04/27 06:12:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/04/27 06:12:09, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/04/27 06:12:09, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/04/27 06:12:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/04/27 06:12:09, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [akamdar] FAILED with error NT_STATUS_ACCESS_DENIED [2005/04/27 06:12:09, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [akamdar] - [akamdar] FAILED with error NT_STATUS_ACCESS_DENIED [2005/04/27 06:12:09, 5] auth/auth_util.c:free_user_info(1380) attempting to free (and zero) a user_info structure [2005/04/27 06:12:09, 6] lib/util_sock.c:write_socket(449) write_socket(25,112) [2005/04/27 06:12:09, 6] lib/util_sock.c:write_socket(452) write_socket(25,112) wrote 112 [2005/04/27 06:12:09, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/04/27 06:12:09, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2005/04/27 06:12:09, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2005/04/27 06:12:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/04/27 06:12:09, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/04/27 06:12:09, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/04/27 06:12:09, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/04/27 06:12:09, 2] smbd/server.c:exit_server(609) Closing connections [2005/04/27 06:12:09, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/04/27 06:12:09, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2005/04/27 06:12:09, 3] smbd/server.c:exit_server(652) Server exit (normal exit) Snippet of the smb.conf file: [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = PASSWORDSERVER idmap uid = 15000-2 security = domain
Re: [Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED
Hi, DOMAINNAME is not the real name of the domain I am joining. I have sanitized the logs for obvious reasons. DOMAINNAME = the real name of the DOMAIN being joined by the server. How do I check if the samba server has joined the domain or not? The net roc join command suggested by the documentation was executed with the smbd,nmbd stopped and it worked just fine. No errors reported. Out of curiousity, what part of the log suggested that the server hasn't joined the domain? Regards, Ash --Original Message- -From: Paul Gienger [mailto:[EMAIL PROTECTED] -Sent: Wednesday, April 27, 2005 05:40 PM -To: 'Ashutosh Kamdar' -Cc: samba@lists.samba.org -Subject: Re: [Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED - - -[2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info_map(224) - make_user_info_map: Mapping user [DOMAINNAME]\[akamdar] from workstation [ASHUTOSH] - - - -Snippet of the smb.conf file: - -[global] -workgroup = DOMAINNAME - - -Is DOMAINNAME really the name of your NT domain? - -Have you joined this machine to the domain at all? The log that I left -above seems to state that you haven't. - --- -Paul GiengerOffice: 701-281-1884 -Applied Engineering Inc. -Systems Architect Fax:701-281-1322 -URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] - - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED
Thank you for pointing this out, Paul. I was assuming this to be some sort of cache for previously accesses to machines in the domain. But, I was wrong. The Samba HOW-TO documentation does not say anything specific about configuring winbind while becoming a part of the NT domain. Are there any tools that the group is aware of to test whether the samba server is indeed a domain member? Any help is appreciated. Thanks, Ash --Original Message- -From: Paul Gienger [mailto:[EMAIL PROTECTED] -Sent: Wednesday, April 27, 2005 06:26 PM -To: 'Ashutosh Kamdar' -Cc: samba@lists.samba.org -Subject: Re: [Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED - - -DOMAINNAME is not the real name of the domain I am joining. I have sanitized the logs for obvious reasons. - -Maybe I'm crazily niave, but I'll never understand why things need to be -santized that much... password hashes, sure; real world IP addresses, -you bet; things that don't matter in the world outside of your network, -who cares? Anyway, back to the issue at hand, since we've gotten this -out of the way. - -How do I check if the samba server has joined the domain or not? The net roc join command suggested by the documentation was executed with the smbd,nmbd stopped and it worked just fine. No errors reported. Out of curiousity, what part of the log suggested that the server hasn't joined the domain? - - -Oh, I see I left the wrong line of the log... it was this one: - -[2005/04/27 06:12:09, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) - no entry for trusted domain DOMAINNAME found. - - -Not being a winbind-runner here, I can't offer much beyond pointing at -the documentation to be sure you've followed all of the steps there to -be sure your setup is sane. - --- -Paul GiengerOffice: 701-281-1884 -Applied Engineering Inc. -Systems Architect Fax:701-281-1322 -URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] - - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication failure when accessing Samba server in a NT domain
Hello Samba Gurus, I have configured my Samba install to be a domain member of a NT4-Style domain. The version of samba used is 3.0.13. The domain joining process worked fine (net rpc join). An excerpt of smb.conf is provided at the end for reference. The problem is that when users access this server, they are challenged for the username password. I was of the impression that this process would be seamless to the user. On providing the NT username/password, the login process still fails. It just comes back with the same prompt challenging the user. These users are added in /etc/passwd but not in smbpasswd, as per the documentation. On using smbclient: # ./smbclient -d 3 -U akamdar -L localhost This was the output obtained: lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf Processing section [global] added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 Client started (version 3.0.13). resolve_lmhosts: Attempting lmhosts lookup for name localhost0x20 resolve_wins: Attempting wins lookup for name localhost0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name localhost0x20 Connecting to 127.0.0.1 at port 445 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Access denied session setup failed: NT_STATUS_ACCESS_DENIED Can someone please help me understand what exactly is causing this problem and of possible solutions? Any help would be greatly appreciated. Regards, Ashutosh ---smb.conf8--- [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = PASSWORDSERVER idmap uid = 15000-2 debug level = 3 security = domain server string = Samba Server workgroup = DOMAINNAME log level = 3 log file = /usr/local/samba/var/log.%m netbios name = appserver7 load printers = yes os level = 33 default = share winbind use default domain = Yes [homes] comment = Home Directories valid users = %S browseable = no writable = yes [share] path = /share comment = Solaris share valid users = @staff guest ok = Yes read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Incorrect password or unknown username error when accessing a share
Hi, I have configured Samba to be a part of a NT style domain. The machine was able to join the group fine (great support from this group. Thanks!). ADS or LDAP are not used and the configuration relies on the Windows PDC to perform user authentication. Promblem 1) When a user tries to access the samba server, a dialog box pops-up saying Incorrect password or unknown username for \\samba-server and prompts me for the user name password. When I put in Domain-name\username it logs me in fine. How can I avoid forcing the users to put in domain name before their username? Problem 2) After accessing the server, when I access a share on the server it prompts me for the user name password again. On putting the same user name password as earlier, this keeps on prompting me again as if it did not like the combination. I have tried adding and removing users from /etc/passwd and smbpasswd but have the same problem over. Can someone help identify what is the right combination it is looking for or if there is anything I need to add to the smb.conf? An extract of the smb.conf file is provided below for reference. Your help on these issues is very much appreciated. Thanks, Ash [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = password server idmap uid = 15000-2 debug level = 3 security = domain server string = Samba Server workgroup = domain-name log level = 3 log file = /usr/local/samba/var/log.%m netbios name = appserver7 load printers = yes os level = 33 default = share winbind use default domain = Yes [homes] comment = Home Directories valid users = %S browseable = no writable = yes [share] path = /share comment = Solaris share valid users = @Accounts guest ok = Yes read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John / Jim, Thanks for the feedback. It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. Any guidance would be appreciated. Regards, Ash --Original Message- -From: John H Terpstra [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 11:27 PM -To: 'Van Sickler, Jim' -Cc: samba@lists.samba.org, '[EMAIL PROTECTED]' -Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback - -Jim / Others, - -I have tried to deal with the issues raised in this email. I agree entirely -with the suggestion. I hope it has been sufficiently dealt with in my latest -update that should become visible on the Samba web servers within 24 hours. - -Please check over the changes to Section 7.3.2 and let me know if it missed -the mark. Thanks for the feedback. - -- John T. - -On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: - John, - - The restrictanonymous setting was the primary culprit - in Ash's issue. I think he's using basically the same - setup as I am; no winbind/LDAP involved. I'm thinking - there's some initial handshaking that requires an - anonymous connection to PDC, and it's being blocked - if the restrictanonymous setting is too high. - - I sent a note to Ash ( the list) asking for the - restrictanonymous settings on his server. They - were 2 (no join) and 0 (successful join). His - admin has changed it back to 2 now that the - Samba server is a member server. The setting - is dynamic; no NT4 server reboot is required. - Can this be added to Chap 7 as a note for section 7.3.2.3? - - In the case of using net rpc join -U administrator%xx - his result was Unable to find a suitable server - which indicate Samba wasn't finding the PDC. - - In the case of using - net rpc join -S NT4SERVER -U administrator - net rpc join -S NT4SERVER -U administrator%'' - net rpc join -W MYWORKGROUP -U administrator - net rpc join -W MYWORKGROUP -U administrator%'' - his results were Unable to join domain domain - which indicate a connection to the PDC. - - He had the PDC entry in smb.conf and /etc/lmhosts, - so I think the syntax for the example in the - Guide should be revised to net join rpc -S PDC -U root%not24get - (which are %not24et on pgs 241/242 in the current Guide) - to aid in first-try success. - - Section 7.3.2 might be broken into 2 sections: - - 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers - Detailing use of the /etc/samba/smbusers file for *nix/Domain users - Incorporate the current Item 3 for joining the domain - Using net rpc info/net rpc testjoin to validate membership - This is for OS that support Samba but don't support Winbind - - 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind - Containing the current 7.3.2 contents - - - That's all for now... - Jim Van Sickler - Network Administrator - Kaman Aerospace Corp - --- -John H Terpstra -Samba-Team Member -Phone: +1 (650) 580-8668 - -Author: -The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 -Samba-3 by Example, ISBN: 0131472216 -Hardening Linux, ISBN: 0072254971 -Other books in production. - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John / Jim, Thanks for the feedback. It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. Any guidance would be appreciated. Regards, Ash --Original Message- -From: John H Terpstra [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 11:27 PM -To: 'Van Sickler, Jim' -Cc: samba@lists.samba.org, '[EMAIL PROTECTED]' -Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback - -Jim / Others, - -I have tried to deal with the issues raised in this email. I agree entirely -with the suggestion. I hope it has been sufficiently dealt with in my latest -update that should become visible on the Samba web servers within 24 hours. - -Please check over the changes to Section 7.3.2 and let me know if it missed -the mark. Thanks for the feedback. - -- John T. - -On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: - John, - - The restrictanonymous setting was the primary culprit - in Ash's issue. I think he's using basically the same - setup as I am; no winbind/LDAP involved. I'm thinking - there's some initial handshaking that requires an - anonymous connection to PDC, and it's being blocked - if the restrictanonymous setting is too high. - - I sent a note to Ash ( the list) asking for the - restrictanonymous settings on his server. They - were 2 (no join) and 0 (successful join). His - admin has changed it back to 2 now that the - Samba server is a member server. The setting - is dynamic; no NT4 server reboot is required. - Can this be added to Chap 7 as a note for section 7.3.2.3? - - In the case of using net rpc join -U administrator%xx - his result was Unable to find a suitable server - which indicate Samba wasn't finding the PDC. - - In the case of using - net rpc join -S NT4SERVER -U administrator - net rpc join -S NT4SERVER -U administrator%'' - net rpc join -W MYWORKGROUP -U administrator - net rpc join -W MYWORKGROUP -U administrator%'' - his results were Unable to join domain domain - which indicate a connection to the PDC. - - He had the PDC entry in smb.conf and /etc/lmhosts, - so I think the syntax for the example in the - Guide should be revised to net join rpc -S PDC -U root%not24get - (which are %not24et on pgs 241/242 in the current Guide) - to aid in first-try success. - - Section 7.3.2 might be broken into 2 sections: - - 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers - Detailing use of the /etc/samba/smbusers file for *nix/Domain users - Incorporate the current Item 3 for joining the domain - Using net rpc info/net rpc testjoin to validate membership - This is for OS that support Samba but don't support Winbind - - 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind - Containing the current 7.3.2 contents - - - That's all for now... - Jim Van Sickler - Network Administrator - Kaman Aerospace Corp - --- -John H Terpstra -Samba-Team Member -Phone: +1 (650) 580-8668 - -Author: -The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 -Samba-3 by Example, ISBN: 0131472216 -Hardening Linux, ISBN: 0072254971 -Other books in production. - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried removing the domain machine account for the Samba server from the PDC and made sure that the smbd, nmbd daemons were down before I execute the net rpc join commands. The result was the same as before, it wasnt able to join the domain and gave the message: Unable to join domain domain-name. The --long option does not seem to give me any additional information on the screen. Would it post any information in logs anywhere else? Any thoughts? Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the server to the domain -without having to create the machine trust -account on the PDC beforehand. - -and is a change from Samba 2.x, which required -the creation of the machine trust account -on the PDC before running smbpasswd -j DOM -r DOMPDC. - -John: if this is true, can Chap 7 be amended to -reflect the change? - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 2:25 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I have Samba shut down while executing the net rpc join - commands, as the HOW-TO says. - - On trying the following, - - # ./net rpc join -S NTSERVER - Password: - - This is the response I get, - - Could not connect to server NTSERVER - The username or password was not correct. - - The password used was that of the administrator authorized to - add machines to the domain. Is there any other - username/password I should be using? - - On trying this, - - net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - This is the response I get, - - Unable to join domain domain-name. - - BTW, what does the switch --long do? - - I have followed the exact steps in the document you have - pointed out and the HOW-TOs. Thanks for pointing that out - this particular chapter. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 08:30 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Do you have Samba shut down while you're - -running net rpc join? The daemons - -shouldn't be running, AFAIK. - - - -Make sure they're down, and try your earlier - -net rpc join commands... - - - -If that doesn't work, try just: - - net rpc join -S NT4SERVER - - - -Maybe try deleting MYSERVER from the domain, - -then - -net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - - -See - -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain - -member.html#id - -2522086 - - - - - -Jim - - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:50 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - - kind of logs on the net join rpc command? - - - - -Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:40 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -Is NT4SERVER the PDC? - - -If not, use -S PDC instead of -S NT4SERVER - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:24 PM - - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - For all of the four commands you have mentioned, I get the - - - same response: - - - - - - Unable to join domain domain-name. - - - - - - There are no error messages or explanation with it, just the - - - plain text. - - - - - - Regards, - - - - - - Ash
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried something as per your suggestion: # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean? Thanks, Ash -8 [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) Processing section [global] [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62890215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED Unable to join domain GLOBALNET. [2005/04/15 12:09:30, 2] utils/net.c:main(897) return code = 1 -8--- --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, It worked! The modification of the registry value on the PDC allowed the samba server to join the domain. Phew! I can get some peace now :) I have also acted upon your suggestions about adding the entry to smb.conf. You were right about the server name, it was the former. Now, what we have done in terms of setting the registryvalue to 0 is a workaround. Does this have to be done everytime a Samba server joins the domain? I am going to ask my NT admin to change the value back to its original setting. Hope this doesnt cause any problems. Is there a patch for this problem that you are aware of? I would think this is a problem which the community knows about (I found a few references to this problem on Google) Thanks for you efforts. Samba and Me both prevail! Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 04:57 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - - Can you check the value of the -restrictanonymous registry key on your -NT4 server - I think if it's set higher -than 0 or 1 you'll be prevented from -joining the Domain. Set it to 0, let the -Samba box join, and set it back to the -previous level. You'll find the -setting in 3 places with regedit; 2 are -editable, and the 3rd is the current -setting. - -Also, I'm using the smbusers file to -map *nix-Windows users, because I'm not -running winbindd (it's an OpenBSD box). -I've got an entry of: -root=administrator - -You might try adding that file/entry -to see if it helps. - -I guess the --long doesn't display -anything, or you have to tell it to -debug in order for it to work... - -If you're not using a WINS server, -I'd add this to your smb.conf: -name resolve order = lmhosts host bcast - -I'm not sure if your lmhosts entry for the -NT4 server is gnsi_server1 or gnsi_server10x20 -I think it should be the former. - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Friday, April 15, 2005 9:20 AM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I tried something as per your suggestion: - - # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' - - This gave me the output listed below. Hopefully, this will - help shed some light on the problem. Do you know what does - status NT_STATUS_ACCESS_DENIED mean? - - Thanks, - - Ash - - -8 - - [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) - lp_load: refreshing parameters - [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) - Initialising global parameters - [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) - params.c:pm_process() - Processing configuration file - /usr/local/samba/lib/smb.conf - [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) - Processing section [global] - [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) - added interface ip=192.168.2.37 bcast=192.168.2.255 - nmask=255.255.255.0 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) - resolve_lmhosts: Attempting lmhosts lookup for name - gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) - resolve_wins: Attempting wins lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) - resolve_wins: WINS server resolution selected and no WINS - servers listed. - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) - resolve_hosts: Attempting host lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) - failed tcon_X with NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) - Cannot connect to server (anonymously). Error was - NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(708) - Doing spnego session setup (blob length=110) - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 48018 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 3 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 3
Re: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED)
Jim, The restrictanonymous value was set to 2, by default and was changed to 0 to allow net rpc join to work. It's back to 2 and there are no problems, yet. Thanks, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 08:33 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED) - -Ash, - - Out of curiosity, what restrictanonymous -setting was the NT4 server set to -originally, and what was it set to when it -allowed the net rpc join command to work? - -Jim - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join samba server to a NT4 style domain
Hello, I have installed Samba version 3.0.13 on a Solaris 9 machine and am trying to add it to an existing NT domain as a member server. I have followed the instructions in Chapter 2 of the Samba HOW-TO collection for adding a samba server as a Domain member. The problem is that when i use the net rpc join command to join the domain, I get the following error: # ./net rpc join -U administrator%'' Unable to find a suitable server Unable to find a suitable server Specifying the domain name with a -w switch or the PDC doesnt seem to help. Is there a way for me to see a detailed version of the error message or some log file where this is dumped to? I am posting the smb.conf for reference. Please help me resolve this error. Thanks, Ash --8-- smb.conf [global] dns proxy = no debug timestamp = yes encrypt passwords = yes idmap gid = 15000-2 socket options = TCP_NODELAY max log size = 1024 password server = * idmap uid = 15000-2 debug level = 3 security = domain server string = Samba Server workgroup = MYWORKGROUP log level = 3 log file = /usr/local/samba/var/log.%m netbios name = MYSERVER load printers = yes os level = 33 default = share [homes] comment = Home Directories valid users = %S browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes [share] path = /share comment = Solaris share valid users = @Accounts guest ok = Yes read only = No --8-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, -Try adding the Samba server to the NT4 Domain first. Response: The samba server has already been added to the NT domain. -Is the NT4 server also a WINS server? -If so, add that info to the smb.conf - -wins server = xxx.xxx.xxx.xxx -name resolve order = wins lmhosts host bcast - -Put the NT4 server info into /etc/lmhosts -and /etc/hosts -xxx.xxx.xxx.xxxNT4SERVER Response: The NT server is not functioning as a WINS server. The /etc/hosts and /etc/lmhosts already have the entry for the NT server. The server can also resolve the NTSERVER_NAME using DNS. I also used rpcclient to see if there any connection problems, and it was able to connect just fine to the NTSERVER. Thorougly confused. Any other ideas? Thanks for your response, Ash - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:58 AM - To: samba@lists.samba.org - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - Hello, - - I have installed Samba version 3.0.13 on a Solaris 9 machine - and am trying to add it to an existing NT domain as a member - server. I have followed the instructions in Chapter 2 of the - Samba HOW-TO collection for adding a samba server as a Domain - member. The problem is that when i use the net rpc join - command to join the domain, I get the following error: - - # ./net rpc join -U administrator%'' - - Unable to find a suitable server - - Unable to find a suitable server - - Specifying the domain name with a -w switch or the PDC doesnt - seem to help. - - Is there a way for me to see a detailed version of the error - message or some log file where this is dumped to? I am - posting the smb.conf for reference. Please help me resolve - this error. - - Thanks, - - Ash - - --8-- - smb.conf - - [global] - dns proxy = no - debug timestamp = yes - encrypt passwords = yes - idmap gid = 15000-2 - socket options = TCP_NODELAY - max log size = 1024 - password server = * - idmap uid = 15000-2 - debug level = 3 - security = domain - server string = Samba Server - workgroup = MYWORKGROUP - log level = 3 - log file = /usr/local/samba/var/log.%m - netbios name = MYSERVER - load printers = yes - os level = 33 - default = share - [homes] -comment = Home Directories -valid users = %S -browseable = no -writable = yes - - [printers] -comment = All Printers -path = /usr/spool/samba -browseable = no -guest ok = no -writable = no -printable = yes - - [share] - path = /share - comment = Solaris share - valid users = @Accounts - guest ok = Yes - read only = No - - --8-- - - - - -- - To unsubscribe from this list go to the following URL and read the - instructions: https://lists.samba.org/mailman/listinfo/samba - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Hello, Is there any way to see the logs of what happens when you issue a net join rpc domain-name command? Any help would be greatly appreciated. Thanks, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 06:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Try adding the Samba server to the NT4 Domain first. - -Is the NT4 server also a WINS server? -If so, add that info to the smb.conf - -wins server = xxx.xxx.xxx.xxx -name resolve order = wins lmhosts host bcast - -Put the NT4 server info into /etc/lmhosts -and /etc/hosts -xxx.xxx.xxx.xxxNT4SERVER - -restart Samba and see if you can join -the domain now. - -Hope this helps, - Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:58 AM - To: samba@lists.samba.org - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - Hello, - - I have installed Samba version 3.0.13 on a Solaris 9 machine - and am trying to add it to an existing NT domain as a member - server. I have followed the instructions in Chapter 2 of the - Samba HOW-TO collection for adding a samba server as a Domain - member. The problem is that when i use the net rpc join - command to join the domain, I get the following error: - - # ./net rpc join -U administrator%'' - - Unable to find a suitable server - - Unable to find a suitable server - - Specifying the domain name with a -w switch or the PDC doesnt - seem to help. - - Is there a way for me to see a detailed version of the error - message or some log file where this is dumped to? I am - posting the smb.conf for reference. Please help me resolve - this error. - - Thanks, - - Ash - - --8-- - smb.conf - - [global] - dns proxy = no - debug timestamp = yes - encrypt passwords = yes - idmap gid = 15000-2 - socket options = TCP_NODELAY - max log size = 1024 - password server = * - idmap uid = 15000-2 - debug level = 3 - security = domain - server string = Samba Server - workgroup = MYWORKGROUP - log level = 3 - log file = /usr/local/samba/var/log.%m - netbios name = MYSERVER - load printers = yes - os level = 33 - default = share - [homes] -comment = Home Directories -valid users = %S -browseable = no -writable = yes - - [printers] -comment = All Printers -path = /usr/spool/samba -browseable = no -guest ok = no -writable = no -printable = yes - - [share] - path = /share - comment = Solaris share - valid users = @Accounts - guest ok = Yes - read only = No - - --8-- - - - - -- - To unsubscribe from this list go to the following URL and read the - instructions: https://lists.samba.org/mailman/listinfo/samba - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, For all of the four commands you have mentioned, I get the same response: Unable to join domain domain-name. There are no error messages or explanation with it, just the plain text. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:15 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -try one of the following: - -./net rpc join -S NT4SERVER -U administrator - -./net rpc join -S NT4SERVER -U administrator%'' - -./net rpc join -W MYWORKGROUP -U administrator - -./net rpc join -W MYWORKGROUP -U administrator%'' - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 11:48 AM - To: Van Sickler, Jim; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - -Try adding the Samba server to the NT4 Domain first. - Response: The samba server has already been added to the NT domain. - - -Is the NT4 server also a WINS server? - -If so, add that info to the smb.conf - - - -wins server = xxx.xxx.xxx.xxx - -name resolve order = wins lmhosts host bcast - - - -Put the NT4 server info into /etc/lmhosts - -and /etc/hosts - -xxx.xxx.xxx.xxx NT4SERVER - - Response: The NT server is not functioning as a WINS server. - The /etc/hosts and /etc/lmhosts already have the entry for - the NT server. The server can also resolve the NTSERVER_NAME - using DNS. - - I also used rpcclient to see if there any connection - problems, and it was able to connect just fine to the - NTSERVER. Thorougly confused. - - Any other ideas? - - Thanks for your response, - - Ash - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:58 AM - - To: samba@lists.samba.org - - Subject: [Samba] Unable to join samba server to a NT4 style domain - - - - - - Hello, - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - and am trying to add it to an existing NT domain as a member - - server. I have followed the instructions in Chapter 2 of the - - Samba HOW-TO collection for adding a samba server as a Domain - - member. The problem is that when i use the net rpc join - - command to join the domain, I get the following error: - - - - # ./net rpc join -U administrator%'' - - - - Unable to find a suitable server - - - - Unable to find a suitable server - - - - Specifying the domain name with a -w switch or the PDC doesnt - - seem to help. - - - - Is there a way for me to see a detailed version of the error - - message or some log file where this is dumped to? I am - - posting the smb.conf for reference. Please help me resolve - - this error. - - - - Thanks, - - - - Ash - - - - - --8-- - - smb.conf - - - - [global] - - dns proxy = no - - debug timestamp = yes - - encrypt passwords = yes - - idmap gid = 15000-2 - - socket options = TCP_NODELAY - - max log size = 1024 - - password server = * - - idmap uid = 15000-2 - - debug level = 3 - - security = domain - - server string = Samba Server - - workgroup = MYWORKGROUP - - log level = 3 - - log file = /usr/local/samba/var/log.%m - - netbios name = MYSERVER - - load printers = yes - - os level = 33 - - default = share - - [homes] - -comment = Home Directories - -valid users = %S - -browseable = no - -writable = yes - - - - [printers] - -comment = All Printers - -path = /usr/spool/samba - -browseable = no - -guest ok = no - -writable = no - -printable = yes - - - - [share] - - path = /share - - comment = Solaris share - - valid users = @Accounts - - guest ok = Yes - - read only = No - - - - - --8-- - - - - - - - - -- - - To unsubscribe from this list go to the following URL and read the - - instructions: https://lists.samba.org/mailman/listinfo/samba - - - - - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, Yes, the NTSERVER is a PDC. Do you know of a way to see any kind of logs on the net join rpc command? -Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 07:40 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Is NT4SERVER the PDC? -If not, use -S PDC instead of -S NT4SERVER - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:24 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - For all of the four commands you have mentioned, I get the - same response: - - Unable to join domain domain-name. - - There are no error messages or explanation with it, just the - plain text. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:15 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -try one of the following: - - - -./net rpc join -S NT4SERVER -U administrator - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - -./net rpc join -W MYWORKGROUP -U administrator - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 11:48 AM - - To: Van Sickler, Jim; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - -Try adding the Samba server to the NT4 Domain first. - - Response: The samba server has already been added to the NT domain. - - - - -Is the NT4 server also a WINS server? - - -If so, add that info to the smb.conf - - - - - -wins server = xxx.xxx.xxx.xxx - - -name resolve order = wins lmhosts host bcast - - - - - -Put the NT4 server info into /etc/lmhosts - - -and /etc/hosts - - -xxx.xxx.xxx.xxx NT4SERVER - - - - Response: The NT server is not functioning as a WINS server. - - The /etc/hosts and /etc/lmhosts already have the entry for - - the NT server. The server can also resolve the NTSERVER_NAME - - using DNS. - - - - I also used rpcclient to see if there any connection - - problems, and it was able to connect just fine to the - - NTSERVER. Thorougly confused. - - - - Any other ideas? - - - - Thanks for your response, - - - - Ash - - - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:58 AM - - - To: samba@lists.samba.org - - - Subject: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - - - - Hello, - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine - - - and am trying to add it to an existing NT domain as a member - - - server. I have followed the instructions in Chapter 2 of the - - - Samba HOW-TO collection for adding a samba server as a Domain - - - member. The problem is that when i use the net rpc join - - - command to join the domain, I get the following error: - - - - - - # ./net rpc join -U administrator%'' - - - - - - Unable to find a suitable server - - - - - - Unable to find a suitable server - - - - - - Specifying the domain name with a -w switch or the PDC doesnt - - - seem to help. - - - - - - Is there a way for me to see a detailed version of the error - - - message or some log file where this is dumped to? I am - - - posting the smb.conf for reference. Please help me resolve - - - this error. - - - - - - Thanks, - - - - - - Ash - - - - - - - - - --8-- - - - smb.conf - - - - - - [global] - - - dns proxy = no - - - debug timestamp = yes - - - encrypt passwords = yes - - - idmap gid = 15000-2 - - - socket options = TCP_NODELAY - - - max log size = 1024 - - - password server = * - - - idmap uid = 15000-2 - - - debug level = 3 - - - security = domain - - - server string = Samba Server - - - workgroup = MYWORKGROUP - - - log level = 3 - - - log file = /usr/local/samba/var/log.%m - - - netbios name = MYSERVER - - - load printers = yes - - - os level = 33 - - - default = share - - - [homes] - - -comment = Home Directories - - -valid users = %S - - -browseable = no - - -writable = yes - - - - - - [printers] - - -comment = All Printers - - -path = /usr/spool/samba - - -browseable = no - - -guest ok = no - - -writable = no - - -printable = yes - - - - - - [share] - - - path = /share - - - comment = Solaris share - - - valid users
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I have Samba shut down while executing the net rpc join commands, as the HOW-TO says. On trying the following, # ./net rpc join -S NTSERVER Password: This is the response I get, Could not connect to server NTSERVER The username or password was not correct. The password used was that of the administrator authorized to add machines to the domain. Is there any other username/password I should be using? On trying this, net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long This is the response I get, Unable to join domain domain-name. BTW, what does the switch --long do? I have followed the exact steps in the document you have pointed out and the HOW-TOs. Thanks for pointing that out this particular chapter. Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 08:30 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -Do you have Samba shut down while you're -running net rpc join? The daemons -shouldn't be running, AFAIK. - -Make sure they're down, and try your earlier -net rpc join commands... - -If that doesn't work, try just: - net rpc join -S NT4SERVER - -Maybe try deleting MYSERVER from the domain, -then -net join -S NT4SERVER -U administrator%'' -W MYWORKGROUP --long - -See -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain-member.html#id -2522086 - - -Jim - - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 12:50 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - kind of logs on the net join rpc command? - - -Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 07:40 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Is NT4SERVER the PDC? - -If not, use -S PDC instead of -S NT4SERVER - - - -Jim - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:24 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - For all of the four commands you have mentioned, I get the - - same response: - - - - Unable to join domain domain-name. - - - - There are no error messages or explanation with it, just the - - plain text. - - - - Regards, - - - - Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:15 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -try one of the following: - - - - - -./net rpc join -S NT4SERVER -U administrator - - - - - -./net rpc join -S NT4SERVER -U administrator%'' - - - - - -./net rpc join -W MYWORKGROUP -U administrator - - - - - -./net rpc join -W MYWORKGROUP -U administrator%'' - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 11:48 AM - - - To: Van Sickler, Jim; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - -Try adding the Samba server to the NT4 Domain first. - - - Response: The samba server has already been added to - the NT domain. - - - - - - -Is the NT4 server also a WINS server? - - - -If so, add that info to the smb.conf - - - - - - - -wins server = xxx.xxx.xxx.xxx - - - -name resolve order = wins lmhosts host bcast - - - - - - - -Put the NT4 server info into /etc/lmhosts - - - -and /etc/hosts - - - -xxx.xxx.xxx.xxx NT4SERVER - - - - - - Response: The NT server is not functioning as a WINS server. - - - The /etc/hosts and /etc/lmhosts already have the entry for - - - the NT server. The server can also resolve the NTSERVER_NAME - - - using DNS. - - - - - - I also used rpcclient to see if there any connection - - - problems, and it was able to connect just fine to the - - - NTSERVER. Thorougly confused. - - - - - - Any other ideas? - - - - - - Thanks for your response, - - - - - - Ash - - - - - - - - - - - -Original Message- - - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - - Sent: Thursday, April 14, 2005 12:58 AM - - - - To: samba@lists.samba.org - - - - Subject: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - - - - Hello, - - - - - - - - I have installed Samba version 3.0.13 on a Solaris 9 machine