LinuxQuestions.org - cant connect to PDC Samba-W2k LDAP

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - cant connect to PDC Samba-W2k LDAP - connect_to_domain_password_server (https://www.linuxquestions.org/questions/linux-networking-3/cant-connect-to-pdc-samba-w2k-ldap-connect_to_domain_password_server-304987/)

cant connect to PDC Samba-W2k LDAP - connect_to_domain_password_server

got a server that has suddenly lost its trust relationship with pdc.

The smb.conf file on the rogue machine looks like:

passdb backend = ldapsam:ldap://pdc

ldap user suffix = ou=Users,dc=network,dc=och

ldap suffix = dc=medphy,dc=och
ldap admin dn = "cn=Manager,dc=network,dc=och"
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=network,dc=och

tailing the logs on the rogue machine gives:
Mar 23 09:55:51 rogue smbd[18717]: [2005/03/23 09:55:51, 0] auth/auth_domain.c:domain_client_validate(170)
Mar 23 09:55:51 rogue smbd[18717]: domain_client_validate: Domain password server not available.
Mar 23 09:55:58 rogue smbd[18717]: [2005/03/23 09:55:58, 0] auth/auth_domain.c:connect_to_domain_password_server(118)
Mar 23 09:55:58 rogue smbd[18717]: connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine PDC. Error was : NT_STATUS_ACCESS_DENIED.

I have checked to ensure that there is only one entry in the passwd file with the id that the rogue machine has, and that the name doesn't appear twice either.

my smb.conf file also says that "If the "ldap admin dn" values
change, this password will need to be reset." - but this doesn't look to be the case.

Anybody got any ideas on how to sort this? I dont know much about LDAP - my boss set it up and he is on holiday! Any help or suggestions would be ever so greatly appreciated!

smbpasswd -w mysecretpwd

Where my secret password is your ldap pass.

Now, if I remember this will create additional entries, so you may want to backup your /etc/samba/secrets.tdb and then clear it before updating the pass.

if you net getlocalsid
it should attempt to contact the ldap backend... might fall back and show its sid. If it gives a different one even after establishing contact you may want to update the sid entry on your ldap backend.

Unfortunately, I haven't set up trust accounts (which I think that's what you are refering too... unless you are just talking about your samba ldap pass)

samba.idealx.org has some good info (select the howto on the right) and of course samba.org has a wealth of information which looks like its getting an update as of late.

Thanks for your help!

In the end I ended up killing samba and doing a net join then restarting samba and hey presto is worked.

Next time I will follow the advice at the end of your posts - dont look too deep into a problem.

Thanks again