[Samba] Adding to Samba domain requires super-user password
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Mar 15 06:42:50 MDT 2012
What version of samba?
Do you have the same problems with an XP machine?
Are you able to login as domain administrator on machines already in the
domain? If you delete the local profile for domain administrator on a
domain client, are you still able to login. By deleteing the local
profile you make sure you are not logging in with cached credentials.
Can you use the smbclient command on the server to validate that your
Administrator account and password is valid?
Do you have a samba account defined for your root user? that normally
isn't needed, and wouldn't be in the LDAP backened.
Does pdbedit show your Administrator account?
Did this work prior to a samba upgrade. I upgrade samba versions at
some point and had problems adding machines. Since I don't add new
machines very often it took a while to detect and resolve this problem.
Samba had trouble properly creating the LDAP attributes for the samba
machine accounts.
If, when joining a domain, you get an error that the "the specified
network password is not correct." Assuming the unix account for the
machine exists, you may need to recreating a samba account with
smbpasswd command.
#smbpasswd -x -m machinename
#smbpasswd -a -m machinename
Samba 3.5.x has trouble creating the LDAP attributes correctly. It
appears to incorrectly set sambaAccountFlags as "[U]" (user) instead of
"[W]" (workstation). When attempting to join a machine to the domain
you may get an error that the account already exists. Use an LDAP
editor to make sure sambaAccountFlags is set to "[W]." (You can used
pbedit to verify the setting but not to change it to "[W].") Your PC
account should have the following entries.
type: sambaPrimaryGroupSID
value: S-1-x-xx-xxxxx-xxxxx-xxxxx-515
type: sambaAccountFlags
value: [W ]
On 03/15/12 06:03, Dermot wrote:
> Hi,
>
> Suddenly when I add a new workstation to out Samba3 (LDAP backend)
> domain, I have to give the root username and password. When I set-up
> the samba3 domain initially, I could use domain\admin user and their
> password but that has started to give me "unknown user or bad
> password". This last error is from a Windows7 machine I am currently
> trying to add. I have merged the registry fix from
> https://bugzilla.samba.org/attachment.cgi?id=4988&action=view.
>
> Can someone offer me any pointers on how I can use a domain\admin
> username and password to add workstations to the domain?
> Thanks in advance.
> Dermot.
More information about the samba
mailing list