Error while join to domain (Unable to create machine account)

Bug #164544 reported by Fernando Ribeiro on 2007-11-22
Affects Status Importance Assigned to Milestone
smbldap-tools (Ubuntu)

Bug Description

# net rpc join -S dfbsa106 -U Administrator
Creation of workstation account failed

On PDC log return this:

dfbsa106:/var/log/samba# tail -f log.dfbsafernando
[2007/11/22 10:57:20, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 513
[2007/11/22 10:57:20, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 512
[2007/11/22 10:57:20, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
failed to perform search; Unexpected EOF at /usr/share/perl5/
line 374.
Error looking for next uid at /usr/share/perl5/ line 1046.
[2007/11/22 10:57:20, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"dfbsafernando$"' gave 1

And running the command manually it work.

dfbsa106:~# /usr/sbin/smbldap-useradd -w "dfbsafernando$"

dfbsa106:~# ldapsearch -x uid=dfbsafernando$ -LLL
dn: uid=dfbsafernando$,ou=maquinas,dc=matriz,dc=xxx,dc=gov,dc=br
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: dfbsafernando$
sn: dfbsafernando$
uid: dfbsafernando$
uidNumber: 13571
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

My smb.conf:
        workgroup = XXX
        netbios name = dfbsafernando
        obey pam restrictions = yes
        security = domain
        encrypt passwords = true
        wins server =
        template shell = /bin/bash
        template homedir = /home/%U
        printing = cups
        invalid users = root

        winbind use default domain = yes
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind offline logon = true
        winbind separator = \

On 3.0.24 it work fine, after upgrade it fail.

smbldap-tools Version: 0.9.2-3

Greek Ordono (grexk) wrote :

I'm also having problems joining Ubuntu Gutsy BDC to our existing PDC. We also tried to setup a Gutsy PDC but windows client are unable to join. The machine accounts are added to the LDAP server but it fails to join the domain.

$ net join -S PDC -Uroot%password
[2007/11/23 16:41:54, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(304)
  error setting trust account password: NT code 0x1c010002
Unable to join domain PDC.

$ tail -f /var/log/syslog
Nov 23 17:19:57 ubuntu smbd[5390]: [2007/11/23 17:19:57, 0] lib/util_sock.c:read_data(534)
Nov 23 17:19:57 ubuntu smbd[5390]: read_data: read failure for 4 bytes to client Error = Connection reset by peer
Nov 23 17:20:14 ubuntu smbd[5391]: [2007/11/23 17:20:14, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
Nov 23 17:20:14 ubuntu smbd[5391]: _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "vmxp$"' gave 9

Changed in samba:
status: Unknown → Confirmed
Chuck Short (zulcss) wrote :

Information has been sent upstream. Changing status.


Changed in samba:
status: New → Triaged

The problem resides in /usr/share/perl5/

I have made a small patch that corrects this issue.

The problem is the object class "account" is incompatible with the attributes to be added.

Gunnar Thielebein (lorem-ipsum) wrote :

@Julien Desfossez

this fix does not work for me.
This is a revert of recent changes in the tools script. Somewhere I found another bug which introduced this changes, don't know where atm.
Can you confirm your smbldap-tools version is hardy and that machine creation works with original ubuntu packages?

Changed in samba:
status: Confirmed → Invalid
Chuck Short (zulcss) on 2010-03-10
affects: samba (Ubuntu) → smbldap-tools (Ubuntu)
Changed in samba:
importance: Unknown → Critical
Changed in samba:
importance: Critical → Unknown
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.