Okay, I have been a lurker for some time, so it is time to show my ignorance. I thought that you could only have one (1) PDC in a Windows Domain. If you are trying to join a Samba PDC to a domain that implies that the other domain has a PDC already. Of course I could be full of it also.
mallapadi niranjan wrote: > Hi all > > I have installed Samba 3.0.23d and Fedora Directory Server version ( > fedora-ds-1.0.4-1) > and created a primary domain controller with LDAP backed. > on a 64bit AMD System . My kernel Version is 2.6.9-34.EL > > The problem i am facing is i am able to join windows clients to the > domain, > the computer names are automatically > getting added in to OU=Computers in Fedora Directory server. > but i am unable to join my PDC (ie my samba server) to the domain . > when i > use the > command > [EMAIL PROTECTED] ~]#/usr/local/samba-3d/bin/net rpc info -U root%<root > password> > Domain Name: EXAMPLE.COM > Domain SID: S-1-5-21-275967576-2527112200-1211998457 > Sequence number: 1167279952 > Num users: 3 > Num domain groups: 4 > Num local groups: 0 > > [EMAIL PROTECTED] ~]#/usr/local/samba-3d/bin/net rpc join -U root%<root > password> > Creation of workstation account failed > Unable to join domain EXAMPLE.COM. > > The following is the output when i increase the debug level of the net > command > > [EMAIL PROTECTED] ~]# /usr/local/samba-3d/bin/net rpc join -d 3 -U > root%admin1234 > [2006/12/28 09:59:29, 3] param/loadparm.c:lp_load(4945) > lp_load: refreshing parameters > [2006/12/28 09:59:29, 3] param/loadparm.c:init_globals(1410) > Initialising global parameters > [2006/12/28 09:59:29, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file > "/usr/local/samba-3d/lib/smb.conf" > [2006/12/28 09:59:29, 3] param/loadparm.c:do_section(3687) > Processing section "[global]" > [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81) > added interface ip=10.129.149.250 bcast=10.129.149.255 > nmask=255.255.255.0 > [2006/12/28 09:59:29, 2] lib/interface.c:add_interface(81) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=PDC > [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 10.129.149.250 at port 445 > [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request > returned ok. > [2006/12/28 09:59:29, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine PDC pipe \NETLOGON fnum 0x764d bind > request > returned ok. > [2006/12/28 09:59:29, 3] > libsmb/trusts_util.c:just_change_the_password(57) > just_change_the_password: unable to setup creds > (NT_STATUS_ACCESS_DENIED)! > [2006/12/28 09:59:29, 1] utils/net_rpc.c:run_rpc_command(170) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > [2006/12/28 09:59:29, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=PDC > [2006/12/28 09:59:29, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 10.129.149.250 at port 445 > [2006/12/28 09:59:29, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(721) > Doing spnego session setup (blob length=58) > [2006/12/28 09:59:29, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 3 6 1 4 1 311 2 2 10 > [2006/12/28 09:59:29, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(754) > got principal=NONE > [2006/12/28 09:59:29, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950) > Got challenge flags: > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60890215 > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972) > NTLMSSP: Set final flags: > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/12/28 09:59:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/12/28 09:59:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine PDC pipe \lsarpc fnum 0x764c bind request > returned ok. > [2006/12/28 09:59:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 > [2006/12/28 09:59:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine PDC pipe \samr fnum 0x764d bind request > returned ok. > Creation of workstation account failed > Unable to join domain EXAMPLE.COM. > [2006/12/28 09:59:30, 2] utils/net.c:main(988) > return code = 1 > > The following is my smb.conf > #######################################smb.conf#################################### > > [global] > > workgroup = example.com > netbios name = pdc > passdb backend = ldapsam:ldap://example.com > server string = Domain Controller > security = user > encrypt passwords = yes > hosts allow = 10.129.149. 127.0.0. > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > interfaces = eth0,lo > printing = cups > disable spoolss = Yes > printcap name = cups > max print jobs = 100 > log level = 5 > #password level = 8 > #username level = 8 > bind interfaces only = yes > local master = Yes > os level = 33 > domain master = yes > preferred master = yes > null passwords = no > hide unreadable = yes > hide dot files = yes > domain logons = yes > logon script = %u.bat > logon path = > logon drive = X: > logon home = \\pdc\%U > wins support = yes > name resolve order = wins lmhosts host bcast > #dns proxy = no > time server = yes > log file = /var/log/samba/%m.log > max log size = 50 > nt acl support = yes > ldap passwd sync = yes > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > delete user script = /usr/local/sbin/smbldap-userdel "%u" > add machine script = /usr/local/sbin/smbldap-useradd -w "%m" > #add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' > ldap delete dn = Yes > ldap ssl = no > ldap suffix = dc=example,dc=com > ldap admin dn = cn=Directory Manager > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=Computers > ldap timeout = 50 > map acl inherit = yes > winbind use default domain = yes > template shell = /bin/false > ######################################################[Share > Definations]########################################### > [homes] > comment = Home Directories > valid users = %S, root > browseable = no > read only = no > nt acl support = Yes > [profiles] > comment = Roaming Profiles > path = /profiles > browseable = no > writeable = yes > > [wpkg] > comment = Windows Packager > path = /wpkg > read only = yes > browseable = no > > # Un-comment the following and create the netlogon directory for Domain > Logons > [netlogon] > comment = Network Logon Service > path = /netlogon/scripts > guest ok = yes > browseable = yes > write list = root > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0600 > printable = yes > use client driver = Yes > browseable = Yes > ######################################################################################### > > > Regards > Niranjan -- Scott B. Ackerman 1212 Baker Street Fort Collins, Colorado 80524 970-231-9035 www.scott-ackerman.com "Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba