Windows Workstation Fails To Join Samba Domain. ERROR: The Specified Domain Either Does Not Exist Or Could Not Be Contacted

  • Document ID:7005361
  • Creation Date:18-Feb-2010
  • Modified Date:06-Jun-2013
    • Micro Focus Products:
      Open Enterprise Server

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2

Situation

While trying to join a Windows workstation to a Samba domain on OES, the following error is encountered on the Windows client:

The following error occurred attempting to join the domain"YOURDOMAIN":
The specified domain either does not exist or could not be contacted.

The workstation does find the Primary Domain Controller (PDC) as the user is prompted for the username and password; however, the error is then encountered after a short delay.
The /var/log/samba/log.WorkstationName contains the following information:

pdb_set_username: setting username MyMachineName$, was
[2010/02/03 14:56:06, 10] passdb/pdb_get_set.c:pdb_set_fullname(650)
pdb_set_full_name: setting full name Samba Machine Account, was
[2010/02/03 14:56:06, 10] passdb/pdb_get_set.c:pdb_set_domain(604)
pdb_set_domain: setting domain MyDOMAIN, was
[2010/02/03 14:56:06, 0] passdb/pdb_interface.c:pdb_new_rid(1072)
'algorithmic rid base' is set but a passdb backend without algorithmic RIDs is chosen.
Please map all used groups using 'net groupmap add', set the maximum used RID using
'net setmaxrid' and remove the parameter
[2010/02/03 14:56:06, 3] passdb/passdb.c:samu_set_unix_internal(217)
Could not allocate a new RID
[2010/02/03 14:56:06, 3] passdb/pdb_interface.c:pdb_default_create_user(354)
pdb_default_create_user: failed to create a new user structure: NT_STATUS_ACCESS_DENIED

Running a ndstrace while monitoring ldap, nmas, time, tags, and authentication will provide the following errors (see manpage 'man ndstrace' for more information):

13:16:52 4F9A6940 NMAS: ERROR: -1697 Failed get password for CN=Admin.O=MyContext
13:16:52 527D4940 NMAS: ERROR: -16049 Failed to retrieve data in login config with tag: PASSWORD HASH

While it appears there may be a rights issue, this is not the case. The issue is, in fact, an invalid parameter being utilized in the smb.conf and various eDirectory objects called "algorithmic rid base = ####".

Resolution

As the "algorithmic rid base = ####" parameter is not valid to use with and LDAP backend, such as the one utilized under OES, remove this parameter from the following locations (if they exist):
  1. /etc/samba/smb.conf ([global] section)
  2. netbios object in eDirectory (typically called hostname-W)
  3. workgroup or domain object in eDirectory (name is specified under the "workgroup" line under the [global] section of the smb.conf)
In the case of the conf file, remove the parameter.  In the case of the objects, find the object under eDirectory, go into the properties of the object, find the "other" tab, and remove the attribute. 
Restart smb and nmb services and join the domain.