[Samba] net rpc join fails the first time but succeeds the second
Hi. I'm having some trouble when trying to join a SAMBA machine, acting as a member server, to a NT-style domain server managed by a SAMBA PDC using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6 on Red Hat Enterprise Linux 4.1 Update 3 for AMD64. When trying to add the member server to the domain, it fails with an error message. However, if I try to add it again, the operation succeeds. The first try to add the member server fails with this error message: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password [2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319) Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED Unable to join domain CENTRAL. I can see the SAMBA machine account has been created: [EMAIL PROTECTED] ~]# pdbedit -L Administrator:0:Domain Administrator member$:10001:Machine Then, immediately, I try to add the member server, once again: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password Joined domain CENTRAL. Both, the member server and PDC are using nss_ldap. Thus: [EMAIL PROTECTED] ~]# id Administrator uid=0(root) gid=0(root) groups=0(root) The smb.conf for the PDC is: [global] # Store SAMBA data into an LDAP backend passdb backend = ldapsam:ldap://ldap/ ldap admin dn = cn=Directory Manager ldap suffix = dc=central ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # Scripts for managing users and computers add user script = /usr/sbin/luseradd -g Domain Users %u delete user script = /usr/sbin/luserdel -r %u add group script = /usr/sbin/lgroupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/lgroupmod -A %u %g delete user from group script = /usr/sbin/lgroupmod -R %u %g add machine script = /usr/sbin/luseradd -g Domain Computers -c Machine -s /bin/false -d /dev/null -n -M %u workgroup = CENTRAL netbios name = NDS1 server string = CENTRAL Samba Domain Controller load printers = no log file = /var/log/samba/%m.log security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 35 local master = yes domain master = yes preferred master = yes domain logons = yes logon path = wins support = yes The smb.conf for the member server is: [global] workgroup = CENTRAL server string = CENTRAL File Server netbios name = FS1 log file = /var/log/samba/%m.log max log size = 50 security = domain encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Any ideas? Thank you very much. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc join fails the first time but succeeds the second
Hi, if you create a new user with luseradd, is this new user immediately available? Or do you have to wait some time between the following two commands: /usr/sbin/luseradd -g Domain Computers -c Machine -s /bin/false -d /dev/null -n -M testuser id testuser Mark On Fri, May 19, 2006 at 01:13:21PM +0200, Felipe Alfaro Solana wrote: Hi. I'm having some trouble when trying to join a SAMBA machine, acting as a member server, to a NT-style domain server managed by a SAMBA PDC using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6 on Red Hat Enterprise Linux 4.1 Update 3 for AMD64. When trying to add the member server to the domain, it fails with an error message. However, if I try to add it again, the operation succeeds. The first try to add the member server fails with this error message: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password [2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319) Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED Unable to join domain CENTRAL. I can see the SAMBA machine account has been created: [EMAIL PROTECTED] ~]# pdbedit -L Administrator:0:Domain Administrator member$:10001:Machine Then, immediately, I try to add the member server, once again: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password Joined domain CENTRAL. Both, the member server and PDC are using nss_ldap. Thus: [EMAIL PROTECTED] ~]# id Administrator uid=0(root) gid=0(root) groups=0(root) The smb.conf for the PDC is: [global] # Store SAMBA data into an LDAP backend passdb backend = ldapsam:ldap://ldap/ ldap admin dn = cn=Directory Manager ldap suffix = dc=central ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # Scripts for managing users and computers add user script = /usr/sbin/luseradd -g Domain Users %u delete user script = /usr/sbin/luserdel -r %u add group script = /usr/sbin/lgroupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/lgroupmod -A %u %g delete user from group script = /usr/sbin/lgroupmod -R %u %g add machine script = /usr/sbin/luseradd -g Domain Computers -c Machine -s /bin/false -d /dev/null -n -M %u workgroup = CENTRAL netbios name = NDS1 server string = CENTRAL Samba Domain Controller load printers = no log file = /var/log/samba/%m.log security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 35 local master = yes domain master = yes preferred master = yes domain logons = yes logon path = wins support = yes The smb.conf for the member server is: [global] workgroup = CENTRAL server string = CENTRAL File Server netbios name = FS1 log file = /var/log/samba/%m.log max log size = 50 security = domain encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Any ideas? Thank you very much. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net rpc join fails the first time but succeeds the second
Your domain member is not configured correctly, you need it to be able to authenticate with ldap. Should look something like this as per Chapter 7 Samba 3 by Example.. http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#sdcsdmldap Example 7.1. Samba Domain Member in Samba Domain Using LDAP smb.conf File # Global parameters [global] unix charset = LOCALE workgroup = MEGANET2 security = DOMAIN username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 name resolve order = wins bcast hosts printcap name = CUPS wins server = 192.168.2.1 ldap suffix = dc=abmas,dc=biz ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=abmas,dc=biz idmap backend = ldap:ldap://lapdc.abmas.biz idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = Yes printer admin = root printing = cups Stick to the official docs, will save you days/years of time. Adrian Sender. From: Felipe Alfaro Solana [EMAIL PROTECTED] To: Samba Mailing List samba@lists.samba.org Subject: [Samba] net rpc join fails the first time but succeeds the second Sent: Friday, 19 May 2006 9:13:21 PM Hi. I'm having some trouble when trying to join a SAMBA machine, acting as a member server, to a NT-style domain server managed by a SAMBA PDC using an LDAP back-end. Both machines are running samba-3.0.10-1.4E.6 on Red Hat Enterprise Linux 4.1 Update 3 for AMD64. When trying to add the member server to the domain, it fails with an error message. However, if I try to add it again, the operation succeeds. The first try to add the member server fails with this error message: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password [2006/05/19 13:01:08, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319) Error domain join verification (reused connection): NT_STATUS_ACCESS_DENIED Unable to join domain CENTRAL. I can see the SAMBA machine account has been created: [EMAIL PROTECTED] ~]# pdbedit -L Administrator:0:Domain Administrator member$:10001:Machine Then, immediately, I try to add the member server, once again: [EMAIL PROTECTED] ~]# net rpc join CENTRAL -U Administrator%password Joined domain CENTRAL. Both, the member server and PDC are using nss_ldap. Thus: [EMAIL PROTECTED] ~]# id Administrator uid=0(root) gid=0(root) groups=0(root) The smb.conf for the PDC is: [global] # Store SAMBA data into an LDAP backend passdb backend = ldapsam:ldap://ldap/ ldap admin dn = cn=Directory Manager ldap suffix = dc=central ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # Scripts for managing users and computers add user script = /usr/sbin/luseradd -g Domain Users %u delete user script = /usr/sbin/luserdel -r %u add group script = /usr/sbin/lgroupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/lgroupmod -A %u %g delete user from group script = /usr/sbin/lgroupmod -R %u %g add machine script = /usr/sbin/luseradd -g Domain Computers -c Machine -s /bin/false -d /dev/null -n -M %u workgroup = CENTRAL netbios name = NDS1 server string = CENTRAL Samba Domain Controller load printers = no log file = /var/log/samba/%m.log security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 35 local master = yes domain master = yes preferred master = yes domain logons = yes logon path = wins support = yes The smb.conf for the member server is: [global] workgroup = CENTRAL server string = CENTRAL File Server netbios name = FS1 log file = /var/log/samba/%m.log max log size = 50 security = domain encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Any ideas? Thank you very much. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba