Hi there,

I know there are tons of stuff written about this (SMB+LDAP), but I have tried most of it, and still get quite weird results.

We have a samba with LDAP acting as PDC. Basically, all auth is done on this systems for shares, accessing internal web sites etc, etc... I must say it is working config, as we were using it for last ~3 years.

Now we had to add W2K8 server for running M$ SQL 2K5 and here all problems started. All our XP machines are in domain, I tried adding one last day, and it went OK, no problems, all shares are accessible on XP.

When I try to add W2K8 server to domain I get the infamous NT_STATUS_NO_SUCH_USER error:
Code:
 [2008/12/05 08:24:17, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER 
<snip>
[2008/12/05 08:24:18, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
  pdb_get_group_sid: Failed to find Unix account for TERMINALAS$
To get over this, I create local account on W2K8 server with my username and password, that I use on my XP machine and try to add server to domain once again:

Code:
[2008/12/05 08:58:49, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [*usernameremoved*] -> [*usernameremoved*] -> [*usernameremoved*] succeeded
<snip>
[2008/12/05 08:58:49, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
  pdb_get_group_sid: Failed to find Unix account for MSSQL2005$
Don't mind the MSSQL2005 and TERMINALAS changes in logs - these are two identical machines.

So when I'm loged in as Administrator to Win machine I can't add it to domain and I can't reach shares. When I'm loged in with my username, I *CAN* reach shares on fileserver, but I still can't add system to domain. W2K8 returns most uninformative error message ever:

The following error ocured when joining domain:
The parameter is incorect.

Anyone had similar experience? We use Samba 3.0.24 and when trying to add system to domain I use my credentials, because in cn=Domain Admins I have my username included.