Bug 3397 - MS SMS cannot verify account in Samba domain
Summary: MS SMS cannot verify account in Samba domain
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.21a
Hardware: Other All
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-12 04:00 UTC by Alex Deiter
Modified: 2006-01-14 05:55 UTC (History)
0 users

See Also:

Attachments
Samba log (log level=10) (15.48 KB, application/octet-stream)
2006-01-12 04:02 UTC, Alex Deiter 		no flags Details
Ethereal capture (22.88 KB, application/octet-stream)
2006-01-13 04:22 UTC, Alex Deiter 		no flags Details
Patch for samba-3.0.21a (4.96 KB, patch)
2006-01-14 02:01 UTC, Alex Deiter 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Deiter 2006-01-12 04:00:38 UTC 
I am trying to install MS Systems Management Server on Windows server 2003 and getting error mesage:

Setup cannot verify the service account in domain WORKGROUP.  Either your current Windows logon ID does not have user rights to domain WORKGROUP or the primary domain controller in domain WORKGROUP is down.

smssetup.log:

<01-12-2006 13:50:00> Starting evaluation process.
<01-12-2006 13:50:00> Enough free disk space.
<01-12-2006 13:50:09> The domain and PDC checked out OK.
<01-12-2006 13:50:09> Registering connects for SMSSERVER, , master
<01-12-2006 13:50:09> Registered the types
<01-12-2006 13:50:09> Running test query.
<01-12-2006 13:50:09> Sql version is 8.0, 8.00.2039.
<01-12-2006 13:50:09> Checking disk space for SQL devices (SMS database).
<01-12-2006 13:50:11> SmsLsaAccount returns 1  Flags = 0h
<01-12-2006 13:50:11> Cannot check account in domain WORKGROUP

in samba log (log level=10, attached) i see only one error:

[2006/01/12 13:36:17, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2610)
  Returning domain sid for domain BUILTIN -> S-0-0
[2006/01/12 13:36:17, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136)
  init_samr_r_lookup_domain
[2006/01/12 13:36:17, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 samr_io_r_lookup_domain 
[2006/01/12 13:36:17, 5] rpc_parse/parse_prs.c:prs_uint32(703)
      0000 ptr: 00000000
[2006/01/12 13:36:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(733)
      0004 status: NT_STATUS_NO_SUCH_DOMAIN
[2006/01/12 13:36:17, 5] rpc_server/srv_pipe.c:api_rpcTNP(2254)
  api_rpcTNP: called samr successfully

Thanks!
Comment 1 Alex Deiter 2006-01-12 04:02:56 UTC 
Created attachment 1669 [details]
Samba log (log level=10)
Comment 2 Alex Deiter 2006-01-12 04:10:51 UTC 
smb.conf:
[global]
        dos charset = 866
        unix charset = UTF8
        display charset = UTF8
        null passwords = Yes
        passdb backend = tdbsam:/usr/local/etc/samba/passdb.tdb
        guest account = guest
        log level = 10
        log file = /var/log/samba/%m.log
        max log size = 50000
        time server = Yes
        logon path =
        logon home =
        domain logons = Yes
        os level = 255
        wins server = 10.50.8.1
        admin users = @admins

[homes]
        valid users = %S
        read only = No
        browseable = No

[netlogon]
        path = /home/samba/netlogon
        write list = @admins
        browseable = No

# id smssrv
uid=1996(smssrv) gid=2513(users) groups=2513(users), 2512(admins)

# pdbedit -v smssrv
Unix username:        smssrv
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-493673666-3865861243-703312239-4992
Primary Group SID:    S-1-5-21-493673666-3865861243-703312239-513
Full Name:            Microsoft Systems Management Server
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Sun, 07 Feb 2106 09:28:15 MSK
Kickoff time:         Sun, 07 Feb 2106 09:28:15 MSK
Password last set:    Thu, 12 Jan 2006 11:27:13 MSK
Password can change:  Thu, 12 Jan 2006 11:27:13 MSK
Password must change: Sun, 07 Feb 2106 09:28:15 MSK
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

# net rpc user INFO smssrv -U smssrv
Password:
Domain Users
Domain Admins

# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-493673666-3865861243-703312239-512) -> admins
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-493673666-3865861243-703312239-513) -> users
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-493673666-3865861243-703312239-514) -> guests
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

usrmgr.exe also work fine.

Thanks!
Comment 3 Alex Deiter 2006-01-12 04:21:51 UTC 
I got same error with samba 3.0.12,3.0.13 and 3.0.21a on i386 and sparc64.
Comment 4 Alex Deiter 2006-01-13 04:22:15 UTC 
Created attachment 1679 [details]
Ethereal capture

Ethereal capture between Samba DC and Windows server on MS SMS during install error.
Comment 5 Alex Deiter 2006-01-14 02:01:06 UTC 
Created attachment 1681 [details]
Patch for samba-3.0.21a

Proposed patch for samba-3.0.21a. The patch is tested by successful installation MS SMS 2003 SP1 on Windows 2000SP4/2003 with MS SQL 2000sp4.

Please review it.
Comment 6 Alexander Bokovoy 2006-01-14 04:51:13 UTC 
After checking with Volker we decided to include this patch in SAMBA_3_0. It needs some rework due to a bit different code between release and SAMBA_3_0 but I'll do the changes.
Comment 7 Alexander Bokovoy 2006-01-14 05:38:04 UTC 
Committed a variant of the patch to SAMBA_3_0, adding support of infolevel 9 to rpcclient.
Comment 8 Alex Deiter 2006-01-14 05:55:36 UTC 
Thanks a lot!