Having a strange issue with my 10.4.5 XServe. I upgraded it from 10.3.9 around two months ago. The articles and comments here at AFP548 were extremely helpful in getting my OD users/passwords and Samba PDC identification exported and imported into my 10.4.5 clean install. Much more helpful than Apple's own enterprise tech support; in fact, I sent the Apple techie the AFP548 links so he could learn something!!!
But, I'm having a new issue. All of the sudden, I am unable to add new PCs into the domain for which the XServe is PDC (and OD Master). When I try and add a PC to the domain, I get this error message on the PC:
"The following error occurred when attempting to join the domain "UAB-CELLBIO": Access is denied."
This happens no matter which account I use to authenticate: diradmin, root, administrator. It's not a password issue necessarily, for if I mistype the password, I get a different error to that effect.
Previously-bound PCs in this domain continue to function normally.
Each time I attempt to add a PC to the domain, I get entries in log.smbd that look like this:
[2006/03/16 10:25:44, 0] /SourceCache/samba/samba-92.15/samba/ source/rpc_server/srv_samr.c:api_samr_set_userinfo(786) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2006/03/16 10:25:44, 0] /SourceCache/samba/samba-92.15/samba/ source/libsmb/smbencrypt.c:decode_pw_buffer(539) decode_pw_buffer: incorrect password length (-578941159). [2006/03/16 10:25:44, 0] /SourceCache/samba/samba-92.15/samba/ source/libsmb/smbencrypt.c:decode_pw_buffer(540) decode_pw_buffer: check that 'encrypt passwords = yes'
I'm good at following instructions, and so I have already verified that encrypt passwords = yes is an entry in smb.conf.
I'm not sure what to do with the "incorrect password length" error, but that may be the heart of the problem. I have tried resetting the password on the diradmin and root accounts, hoping that would correct things. No joy.
Strangely, a computer account is created and is visible in WGM for the PC I attempt to bind. So the process may be partially working.
Not surprisingly, I get similar errors when I try and set my G4 OD Replica as a BDC for this domain. The OD Replica reports that it is "unable to join the domain." The ability to have a BDC was really the main reason I upgraded to 10.4.
Apple tech support is unable to provide much help. They're giving me circular suggestions such as "demote/promote from OD Master to Standalone and back," and demote/promote from PDC to Standalone and back. Neither one of these made any difference.
I will provide many, many beers (or other preferred beverage/reward) to any Samba expert(s) who can help me navigate my way through this one.
Thanks, and happy Monday.
Eric