[Samba] Adding to Samba domain requires super-user password

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Mar 15 06:42:50 MDT 2012 

What version of samba?

Do you have the same problems with an XP machine?
Are you able to login as domain administrator on machines already in the 
domain?  If you delete the local profile for domain administrator on a 
domain client, are you still able to login.  By deleteing the local 
profile you make sure you are not logging in with cached credentials.

Can you use the smbclient command on the server to validate that your 
Administrator account and password is valid?

Do you have a samba account defined for your root user?   that normally 
isn't needed, and wouldn't be in the LDAP backened.

Does pdbedit show your Administrator account?

Did this work prior to a samba upgrade.  I upgrade samba versions at 
some point and had problems adding machines.   Since I don't add new 
machines very often it took a while to detect and resolve this problem.  
Samba had trouble properly creating the LDAP attributes for the samba 
machine accounts.


If, when joining a domain,  you get an error that the "the specified 
network password is not correct."    Assuming the unix account for the 
machine exists, you may need to  recreating a samba account with 
smbpasswd  command.

#smbpasswd -x -m machinename
#smbpasswd -a -m machinename


Samba 3.5.x has trouble creating the LDAP attributes correctly.   It 
appears to incorrectly set sambaAccountFlags as "[U]" (user) instead of  
"[W]" (workstation).   When attempting to join a machine to the domain 
you may get an error that the account already exists.  Use an LDAP 
editor to make sure  sambaAccountFlags is set to  "[W]."   (You can used 
pbedit to verify the setting but not to change it to "[W].")   Your PC 
account should have the following entries.


         type:      sambaPrimaryGroupSID
         value:    S-1-x-xx-xxxxx-xxxxx-xxxxx-515
         type:      sambaAccountFlags
         value:     [W         ]






On 03/15/12 06:03, Dermot wrote:
> Hi,
>
> Suddenly when I add a new workstation to out Samba3 (LDAP backend)
> domain, I have to give the root username and password. When I set-up
> the samba3 domain initially, I could use domain\admin user and their
> password but that has started to give me "unknown user or bad
> password". This last error is from a Windows7 machine I am currently
> trying to add. I have merged the registry fix from
> https://bugzilla.samba.org/attachment.cgi?id=4988&action=view.
>
> Can someone offer me any pointers on how I can use a domain\admin
> username and password to add workstations to the domain?
> Thanks in advance.
> Dermot.

More information about the samba mailing list