While trying to join a Windows workstation to a Samba domain on OES, the following error is encountered on the Windows client:
The following error occurred attempting to join the domain"YOURDOMAIN":
The workstation does find the Primary Domain Controller (PDC) as the user is prompted for the username and password; however, the error is then encountered after a short delay.
The /var/log/samba/log.WorkstationName contains the following information:
|pdb_set_username: setting username MyMachineName$, was|
[2010/02/03 14:56:06, 10] passdb/pdb_get_set.c:pdb_set_fullname(650)
pdb_set_full_name: setting full name Samba Machine Account, was
[2010/02/03 14:56:06, 10] passdb/pdb_get_set.c:pdb_set_domain(604)
pdb_set_domain: setting domain MyDOMAIN, was
[2010/02/03 14:56:06, 0] passdb/pdb_interface.c:pdb_new_rid(1072)
'algorithmic rid base' is set but a passdb backend without algorithmic RIDs is chosen.
Please map all used groups using 'net groupmap add', set the maximum used RID using
'net setmaxrid' and remove the parameter
[2010/02/03 14:56:06, 3] passdb/passdb.c:samu_set_unix_internal(217)
Could not allocate a new RID
[2010/02/03 14:56:06, 3] passdb/pdb_interface.c:pdb_default_create_user(354)
pdb_default_create_user: failed to create a new user structure: NT_STATUS_ACCESS_DENIED
Running a ndstrace while monitoring ldap, nmas, time, tags, and authentication will provide the following errors (see manpage 'man ndstrace' for more information):
|13:16:52 4F9A6940 NMAS: ERROR: -1697 Failed get password for CN=Admin.O=MyContext|
13:16:52 527D4940 NMAS: ERROR: -16049 Failed to retrieve data in login config with tag: PASSWORD HASH
While it appears there may be a rights issue, this is not the case. The issue is, in fact, an invalid parameter being utilized in the smb.conf and various eDirectory objects called "algorithmic rid base = ####".
/etc/samba/smb.conf ([global] section)
netbios object in eDirectory (typically called hostname-W)
workgroup or domain object in eDirectory (name is specified under the "workgroup" line under the [global] section of the smb.conf)