"cannot join as standalone machine"

nightmooneagle · 07-08-2008, 07:58 PM

I have read the threads and searched extensively on the web for similar problems. It seems that most people are trying to add a Samba Server/Client to a Windows Domain (i.e. run off a windows machine). I am not.

I have my Linux server (FC9) feeding 2 WinXP machines successfully, my problem is with the FC9 KDE-Live Media workstation.

I have tried the following net join commands to no avail.

[root@xintel ximan]# net join DNS -U Administrator
cannot join as standalone machine
[root@xintel ximan]# net join DNS1-U Administrator
cannot join as standalone machine
[root@xintel ximan]# net join -W NMEINC -S DNS1 -U Administrator
cannot join as standalone machine
[root@xintel ximan]# net join -W NMEINC -S DNS -U root
cannot join as standalone machine
[root@xintel ximan]# net join -W NMEINC -S DNS -U administrator
cannot join as standalone machine
[root@xintel ximan]#

The following smbclient command shows that everything appears to be correct.

[root@xintel ximan]# smbclient -L DNS
Password:
Domain=[NMEINC] OS=[Unix] Server=[Samba 3.2.4-0.21.fc9]

Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Services
Public Disk
Music Disk
IPC$ IPC IPC Service (Main DNS Server)
hpcljet Printer HP Color LaserJet 2600n
sdvriens Disk Home Directories
Domain=[NMEINC] OS=[Unix] Server=[Samba 3.2.4-0.21.fc9]

Server Comment
--------- -------
DNS Main DNS Server
MEL-DNS Main DNS Server
MEL-JSH WinXP Box

Workgroup Master
--------- -------
NMEINC DNS
----------------------------------------------------------

I have been using the netdomjoin-gui to attempt to join the domain graphically (in the hopes of some other message being logged. The response from using the gui is in the next post.

The question: Does anyone know why this is happening?

NmE

nightmooneagle · 07-09-2008, 01:53 AM

libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'DNS'
machine_name : 'MEL-SDV'
domain_name : *
domain_name : 'NMEINC'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x01 (1)
ads : NULL
debug : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine DNS pipe \lsarpc fnum 0x74fd!
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'NMEINC'
dns_domain_name : NULL
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-1201419733-3541185290-985810929
modified_config : 0x00 (0)
error_string : 'Configuration manipulation requested but not supported by backend'
domain_is_ad : 0x00 (0)
result : WERR_NOT_SUPPORTED
callback_do_join: failed to join (Configuration manipulation requested but not supported by backend)

nightmooneagle · 11-15-2008, 04:59 PM

Since this is NOT available anywhere in the Samba documentation, and because I have found the solution. I will post it here for those that need it.

Your Samba Server must be set-up as a PDC, as per the usual documentation:

[global]
workgroup = GROUP
netbios aliases = ALIAS
server string = SERVER Description
interfaces = 192.168.x.x, 127.0.0.1
bind interfaces only = Yes
update encrypted = Yes
password server =
smb passwd file = /etc/samba/smbpasswd
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n*new*password* %n\n *changed*
username map = /etc/samba/smbusers
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/log.%m
acl compatibility = winnt
name resolve order = wins bcast lmhosts
server signing = auto
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd "%u" -n -g users
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
logon script = logon.bat
logon path = \\%L\%u\profile\%m
logon drive = H
logon home = \\%L\%u\profile\%m
domain logons = Yes
os level = 66
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
idmap backend = tdb
admin users = root
cups options = raw

[homes]
comment = Home Directories
read only = No
inherit permissions = Yes
inherit acls = Yes
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba/
printable = Yes
browseable = No

[netlogon]
comment = Network Logon Services
path = /home/netlogon/
guest ok = Yes
share modes = No

nightmooneagle · 11-15-2008, 05:05 PM

Now, setup your machine accounts and users according to the documentation (add your users/machines to both the Unix user database and to Samba):

/usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M MACHINENAME$

smbpasswd -a -M MACHINENAME

you will also need to add your Unix users to the samba server.

smbpasswd -a root
smbpasswd -a user1
etc.

nightmooneagle · 11-15-2008, 05:11 PM

Now comes the addition of your Unix Member Computer.

You will need the Winbind package, but NOT the Samba Server.
samba-clients, samba-common.

this will provide the Client Computer with an smb.conf file. It needs to look something like the one below.

workgroup = WORKGROUP
password server = SERVERNAME or ALIAS
security = domain
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = false
winbind offline logon = false

#--authconfig--end-line--
log file = /var/log/samba/log.%m
security = domain
passdb backend = tdbsam
wins server = 192.168.x.x
; wins proxy = yes

; dns proxy = yes
load printers = yes
cups options = raw
restrict anonymous = no
preferred master = no
max protocol = NT
acl compatibility = winnt
ldap ssl = No
server signing = Auto
name resolve order = wins bcast lmhosts
unix password sync = yes
update encrypted = yes
client ntlmv2 auth = yes

[homes]
comment = Home Directories
browseable = no
read only = no
; valid users = %S
valid users = WORKGROUP\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes

nightmooneagle · 11-15-2008, 05:14 PM

Modify the settings, such as the template shell, [homes] share, etc to reflect your setup.

What I am still trying to piece together is whether the Unix client needs the /home/username directory for each of the domain users, and if so does this directory replicate the user's directory from the server (which would be the ideal scenario.

NmE

lefty.crupps · 02-17-2012, 01:42 PM

Thanks for the info!

But where would I find this?
> according to the documentation