Using an LDAP backend to Samba when I issue the following command I get the resulting error: $ sudo net rpc join -S TERRAN-PDC -U root%admin -I 10.153.107.212 Creation of workstation account failed Unable to join domain TERRAN. However, when looking within LDAP everything appeared to have worked: cn: terran-member$ uid: terran-member$ uidNumber: 1040 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: account entryUUID: 7ef7cefe-b53f-1030-88d8-5f7d69c1cef7 creatorsName: cn=admin,dc=example,dc=com createTimestamp: 20111207165147Z objectClass: posixAccount objectClass: account objectClass: sambaSamAccount sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaPwdLastSet: 1323276707 sambaAcctFlags: [W ] sambaSID: S-1-5-21-2516236927-2434337245-2722475061-3080 sambaPrimaryGroupSID: S-1-5-21-2516236927-2434337245-2722475061-515 displayName: terran-member$ sambaDomainName: TERRAN entryCSN: 20111207165147.499725Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=com modifyTimestamp: 20111207165147Z The Samba log for this member machine gets the following appended during the operation: [2011/12/07 10:26:10.261520, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2011/12/07 10:26:10.266872, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2011/12/07 10:26:10.280815, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw) get_md4pw: Workstation TERRAN-MEMBER$: no account in domain [2011/12/07 10:26:10.280863, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3) _netr_ServerAuthenticate2: failed to get machine password for account TERRAN-MEMBER$: NT_STATUS_ACCESS_DENIED [2011/12/07 10:26:10.283151, 0] rpc_server/srv_netlog_nt.c:475(get_md4pw) get_md4pw: Workstation TERRAN-MEMBER$: no account in domain [2011/12/07 10:26:10.283170, 0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3) _netr_ServerAuthenticate2: failed to get machine password for account TERRAN-MEMBER$: NT_STATUS_ACCESS_DENIED I've attached the LDAP (slapd) log generated during the operation as well as the server's smb.conf file.
Created attachment 7165 [details] smb.conf
Created attachment 7166 [details] slapd syslog
I neglected to state that the weird thing about this is that *sometimes* the 'net rpc join' command will NOT return an error message. Most of the time however the error message appears.