Bug 3224 - net rpc join fails with LDAP backend
net rpc join fails with LDAP backend
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: net utility
3.0.21
All Linux
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-28 17:34 UTC by John H Terpstra
Modified: 2005-11-04 18:24 UTC (History)
0 users

See Also:


Attachments
Level 10 smbd log on attempted "net rpc join -S MERLIN -Uroot%password" (539.29 KB, text/plain)
2005-10-28 17:38 UTC, John H Terpstra
no flags Details
interactive debug 10 (98.58 KB, text/plain)
2005-10-28 17:44 UTC, John H Terpstra
no flags Details
smbd level 10 log - SVN 11479 (54.11 KB, application/octet-stream)
2005-11-03 11:54 UTC, John H Terpstra
no flags Details
net command level 10 log - SVN 11479 (29.43 KB, application/octet-stream)
2005-11-03 11:55 UTC, John H Terpstra
no flags Details
Patch I've applied to 3.0 (5.40 KB, patch)
2005-11-03 17:04 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra 2005-10-28 17:34:59 UTC
net rpc join -S MERLIN -Uroot%password
[2005/10/28 18:12:39, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2625)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server
MERLIN for domain MIDEARTH.
[2005/10/28 18:12:39, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
  Error connecting to NETLOGON pipe. Error was NT_STATUS_ACCESS_DENIED
Unable to join domain MIDEARTH.

Level 10 smbd logs are attached.

PS: Why are we now checking for an account for the domain itself?
Comment 1 John H Terpstra 2005-10-28 17:38:49 UTC
Created attachment 1552 [details]
Level 10 smbd log on attempted "net rpc join -S MERLIN -Uroot%password"
Comment 2 John H Terpstra 2005-10-28 17:44:31 UTC
Created attachment 1553 [details]
interactive debug 10

net rpc info -d10 -S MERLIN -Uroot%password - Output in file.
Comment 3 John H Terpstra 2005-11-03 11:54:59 UTC
Created attachment 1561 [details]
smbd level 10 log - SVN 11479
Comment 4 John H Terpstra 2005-11-03 11:55:27 UTC
Created attachment 1562 [details]
net command level 10 log - SVN 11479
Comment 5 Jeremy Allison 2005-11-03 13:05:23 UTC
What do you have in your smb.conf ?

This code is returning the domain name :

        if ( IS_DC ) {
                fstrcpy( machine_account, lp_workgroup() );
        } else {
                /* Hmmm. Is this correct for trusted domains when we're a member
server ? JRA. */
                if (strequal(domain, lp_workgroup())) {
                        fstrcpy(machine_account, global_myname());
                } else {
                        fstrcpy(machine_account, domain);
                }
        }
Comment 6 John H Terpstra 2005-11-03 16:23:20 UTC
(In reply to comment #5)
> What do you have in your smb.conf ?
> 
> This code is returning the domain name :
> 
>         if ( IS_DC ) {
>                 fstrcpy( machine_account, lp_workgroup() );
>         } else {

The "net rpc join" was executed on the PDC to join it to its own domain.
Comment 7 Jeremy Allison 2005-11-03 17:04:13 UTC
Created attachment 1563 [details]
Patch I've applied to 3.0

This should fix it (it's in HEAD and 3.0 SVN so just update to test).
Jeremy.
Comment 8 John H Terpstra 2005-11-04 18:24:14 UTC
Thank-you Jeremy.

- John T.