[Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback

[Van Sickler, Jim]

John,

  The restrictanonymous setting was the primary culprit
in Ash's issue.  I think he's using basically the same
setup as I am;  no winbind/LDAP involved.  I'm thinking
there's some initial handshaking that requires an
anonymous connection to PDC, and it's being blocked
if the restrictanonymous setting is too high.

I sent a note to Ash (& the list) asking for the
restrictanonymous settings on his server.  They
were 2 (no join) and 0 (successful join).  His
admin has changed it back to 2 now that the
Samba server is a member server.  The setting
is dynamic;  no NT4 server reboot is required.
Can this be added to Chap 7 as a note for section 7.3.2.3?

In the case of using "net rpc join -U administrator%xxxxxx"
his result was "Unable to find a suitable server"
which indicate Samba wasn't finding the PDC.

In the case of using 
net rpc join -S NT4SERVER -U administrator
net rpc join -S NT4SERVER -U administrator%'xxxxxxxx'
net rpc join -W MYWORKGROUP -U administrator
net rpc join -W MYWORKGROUP -U administrator%'xxxxxxxx'
his results were "Unable to join domain <domain>"
which indicate a connection to the PDC.

He had the PDC entry in smb.conf and /etc/lmhosts,
so I think the syntax for the example in the
Guide should be revised to "net join rpc -S PDC -U root%not24get"
(which are %not24et on pgs 241/242 in the current Guide)
to aid in first-try success.

Section 7.3.2 might be broken into 2 sections:

7.3.2.1	NT4/Samba Domain with Samba Domain Member Server - Using smbusers
Detailing use of the /etc/samba/smbusers file for *nix/Domain users
Incorporate the current Item 3 for joining the domain
Using net rpc info/net rpc testjoin to validate membership
This is for OS that support Samba but don't support Winbind

7.3.2.2	NT4/Samba Domain with Samba Domain Member Server - Using Winbind
Containing the current 7.3.2 contents


That's all for now...
Jim Van Sickler
Network Administrator
Kaman Aerospace Corp