Samba PDC LDAP NSS prob.

["Jeffrey B. Green" <computers@karmecholing.org>]

Hi,

I'm having a problem getting my PDC to join a domain as per the Samba By 
Example chap. 5 instructions. In particular, I get

root@dana:/root[5887] net rpc join -S DANA -U admin
Connection failed: NT_STATUS_LOGON_FAILURE
Password:
Connection failed: NT_STATUS_LOGON_FAILURE
Unable to join domain KCN.
root@dana:/root[5888] smbclient -U admin //DANA/admin
Password:
Domain=[KCN] OS=[Unix] Server=[Samba 3.0.24]
smb: \> quit
root@dana:/root[5889]


It seems to be an authentication/account problem as opposed to a 
connection problem, i.e. that the admin doesn't have the capabilites to
add the server to the domain. I have this slice of the trace from the 
net command from the logs. It covers the complete time span of the 
command although it does not contain everything produced. (A line starts 
with the date, e.g. Mar 28 06:11:09 ... and then wraps.)

Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 dn=""
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Admins,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="sambaSID=S-1-5-32-545,ou=Groups,dc=kcn,dc=kikisoso,dc=o
 rg"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="sambaSID=S-1-5-32-545,ou=Groups,dc=kcn,dc=kikisoso,dc=o
 rg"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Admins,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=root,ou=Users,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=admin,ou=Users,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="cn=Domain Users,ou=Groups,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org"
Mar 28 06:11:09 dana slapd[20952]: => send_search_entry: conn 35 
dn="uid=dana$,ou=Computers,dc=kcn,dc=kikisoso,dc=org"

...and the trace ends not too long after that search.

In an earlier (and therefore different) incarnation of this setup I was 
able to get as far as joining a workstation (not the PDC) to the domain 
but could not connect, i.e. sign in with a user. Haven't tested that 
part yet with this version...want to get the above going first.

Anyway, the processing associated with the net command does connect with 
the LDAP server but at some point fails, so for me it looks to be a 
credentials problem but I'm a bit mystified as to what. Also note that 
smbclient does connect okay. However, there is a nt logon failure msg 
before the password is even requested on the net cmd.

I'll keep on it, but I am wondering if anyone has any pointers that 
might shorten the task at hand.

thanks,
-jeff


pls cc me on replies since I'm not subscribing to the list at the 
moment...thanks.