Unable to authenticate/ join workstations to working Samba domain with domain in lowercase, need to type domain in uppercase/ capital letters
Posted by rbTech Staff, Last modified by rbTech Staff on 13 March 2014 10:46 AM

Here at rbTech, we have a Samba 3.x (at the time of this writing Samba 3.6.9) domain on CentOS6.x and with tdbsam backend.  The domain has been set up and working for well north of a decade.  We regularly update and upgrade, and the Samba config file gets parsed through with each update.  The domain has been working just fine for years, with regular updates and very occasional config file tweaks.

We ran into an issue recently that still has me scratching my head, as we haven't seen it on any of the (many) other sites that we use Samba on:  In brief, it seems like Samba suddenly got case sensitive about authenticating users with the workgroup/ Domain name that was being sent from client systems, regardless of client platform.

The issue appeared when we tried to (re) join a machine to the domain recently.  After many iterations of checking/ resetting passwords and the like we gave up, thinking it was an issue with the machine that had been perhaps improperly un-joined from the domain.  We scheduled a time to reformat and reload the system and left it alone.  The error it kept throwing was the standard "I don’t know what you’re trying to do, but you’re doing it wrong":

The specified domain either does not exist or could not be contacted

The next symptom was when a raft of new systems came in and we began setting them up on the network.  The new systems were also unable to successfully join the domain, with the same error.

In what I initially thought was an unrelated issue, we noticed that our drive mappings were not working on our Openfiler appliance:  Our domain credentials were no longer accepted on the appliance that is joined to our same domain.  If the mapped drive was disconnected, it prompted for user credentials on reconnect (and the username and password were rejected).

After significant head bashing and going through our smb.conf with a fine toothed comb (again), I tried 'one last' thing:  I typed the domain name into the workstation I was trying to join up all
in capital letters.  And I got the "Welcome to the domain" message.

Wait, what?!

So I went to another system that wouldn’t join the domain and tried the same test.  Same result, joined right up, no problem.

Ok, so I figured there must be a new service pack or hotfix from Microsoft that affected how the workstations send the domain name.

Then I tried an experiment on the Openfiler – I tried to access the share using openfiler as the domain (using my domain login and domain password that I had just changed).  And I got in.  There went my attempt to pin the blame Microsoft – between the Openfiler and Samba box, there’s no opportunity for a Windows update to have any effect whatsoever.  This is a Samba issue.

So then I logged in to the Openfiler admin page, and in the Authentication page, I noticed that the domain under the "Use Windows domain controller and authentication" section was also lowercase. 
So I changed it to uppercase and hit submit (I did NOT check the box to join the domain, as the system had been previously joined to the domain).  When I disconnected my mapped drive, and
reconnected it, I was no longer prompted for user credentials (I was logged in to my machine using a Domain account). 

I hope this overlong missive helps someone save the few hours of bashing around that it took me to figure this one out – I was stumped and I still cannot find any traffic on the Interwebs that describes this behavior.

Good luck and happy hacking!

(0 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).