Bug 8651 - Error emitted when joining domain when using LDAP backend
Error emitted when joining domain when using LDAP backend
Status: NEW
Product: Samba 3.5
Classification: Unclassified
Component: Domain Control
3.5.11
x64 Linux
: P5 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-07 17:45 UTC by Peter Matulis
Modified: 2011-12-21 16:06 UTC (History)
0 users

See Also:


Attachments
smb.conf (936 bytes, application/octet-stream)
2011-12-07 17:47 UTC, Peter Matulis
no flags Details
slapd syslog (16.55 KB, application/octet-stream)
2011-12-07 17:48 UTC, Peter Matulis
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Matulis 2011-12-07 17:45:57 UTC
Using an LDAP backend to Samba when I issue the following command I get the resulting error:

$ sudo net rpc join -S TERRAN-PDC -U root%admin -I 10.153.107.212

Creation of workstation account failed
Unable to join domain TERRAN.

However, when looking within LDAP everything appeared to have worked:

cn: terran-member$
uid: terran-member$
uidNumber: 1040
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
entryUUID: 7ef7cefe-b53f-1030-88d8-5f7d69c1cef7
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20111207165147Z
objectClass: posixAccount
objectClass: account
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1323276707
sambaAcctFlags: [W          ]
sambaSID: S-1-5-21-2516236927-2434337245-2722475061-3080
sambaPrimaryGroupSID: S-1-5-21-2516236927-2434337245-2722475061-515
displayName: terran-member$
sambaDomainName: TERRAN
entryCSN: 20111207165147.499725Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20111207165147Z

The Samba log for this member machine gets the following appended during the operation:

[2011/12/07 10:26:10.261520,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2011/12/07 10:26:10.266872,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 513
[2011/12/07 10:26:10.280815,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation TERRAN-MEMBER$: no account in domain
[2011/12/07 10:26:10.280863,  0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for account TERRAN-MEMBER$: NT_STATUS_ACCESS_DENIED
[2011/12/07 10:26:10.283151,  0] rpc_server/srv_netlog_nt.c:475(get_md4pw)
  get_md4pw: Workstation TERRAN-MEMBER$: no account in domain
[2011/12/07 10:26:10.283170,  0] rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for account TERRAN-MEMBER$: NT_STATUS_ACCESS_DENIED

I've attached the LDAP (slapd) log generated during the operation as well as the server's smb.conf file.
Comment 1 Peter Matulis 2011-12-07 17:47:10 UTC
Created attachment 7165 [details]
smb.conf
Comment 2 Peter Matulis 2011-12-07 17:48:17 UTC
Created attachment 7166 [details]
slapd syslog
Comment 3 Peter Matulis 2011-12-21 16:06:28 UTC
I neglected to state that the weird thing about this is that *sometimes* the 'net rpc join' command will NOT return an error message.  Most of the time however the error message appears.