459304 – Cannot join Windows 2003 domain with RHEL 4.7 Samba

Bug 459304 - Cannot join Windows 2003 domain with RHEL 4.7 Samba

Summary: Cannot join Windows 2003 domain with RHEL 4.7 Samba

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	4.7
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Simo Sorce
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	459718
TreeView+	depends on / blocked

Reported:	2008-08-15 21:41 UTC by Ray Van Dolson
Modified:	2018-10-20 02:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-05-18 20:11:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:0969	0	normal	SHIPPED_LIVE	samba bug fix and enhancement update	2009-05-18 13:40:41 UTC

Description Ray Van Dolson 2008-08-15 21:41:01 UTC

Description of problem:
Using Samba included with RHEL 4.7, I cannot join any machines to our domain using net rpc join.

Version-Release number of selected component (if applicable):
samba-3.0.28-0.el4.9

How reproducible:
Always

Steps to Reproduce:
1. Set up RHEL 4.7
2. Set up smb.conf to use DOMAIN authentication (see attached config file)
3. Attempt to join domain with 'net rpc join -U Administrator -w DOMAINNAME'
  
Actual results:
Failure -- NT_STATUS_UNSUCCESSFUL.  -d 4 output shows:

2008/08/15 11:42:37, 3] libsmb/trusts_util.c:just_change_the_password(57)
  just_change_the_password: unable to setup creds (NT_STATUS_NO_TRUST_SAM_ACCOUNT)!
[2008/08/15 11:42:37, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
Connection failed: NT_STATUS_UNSUCCESSFUL

Expected results:
A successful join.

Additional info:
If I downgrade to samba-3.0.25b-1.el4_6.5 (included with RHEL 4.6), everything works perfectly.  I will attach a -d 4 dump of the join attempt.  In addition, see this thread:

  http://lists.samba.org/archive/samba/2008-August/142921.html

I have verified that there were no other objects in AD that might have conflicting names.

I am currently sticking with the older version of Samba to retain functionality.

Comment 1 Ray Van Dolson 2008-08-15 21:41:40 UTC

smb.conf:

[global]
  workgroup = DOMAIN
  netbios name = RHEL47TEST
  security = DOMAIN
  log file = /var/log/samba/%m.log
  max log size = 500
  wins server = 10.1.1.1
  dns proxy = no
  log level = 10
  password server = *
  #username map = /etc/samba/username.map
  #log level = 0
  socket options = TCP_NODELAY

Comment 2 Ray Van Dolson 2008-08-15 21:46:57 UTC

I have opened SR #1850772 for this issue as well.

Comment 3 Guenther Deschner 2008-08-21 15:10:13 UTC

This issue has already been fixed upstream (http://git.samba.org/?p=samba.git;a=commitdiff;h=d29db976dcffef772044b1e5246ec6715d6afbbb), if that is an option for you, you can workaround it if you call:

net rpc join -U Administrator%password -w DOMAINNAME

Comment 5 Ray Van Dolson 2008-09-03 19:31:29 UTC

Thanks.  Support provided me with some scratch RPM's including the patch and these work fine.  Hopefully will see this in an errata release shortly.

Comment 17 errata-xmlrpc 2009-05-18 20:11:30 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0969.html

Note You need to log in before you can comment on or make changes to this bug.