Joining a Domain With NT4 PDC Instructions Don't Work

[Harvey Wamboldt]

Keywords: samba, NT4, PDC, smbpasswd, problem, "join domain"
NT_STATUS_NO_TRUST_SAM_ACCOUNT,
"unable to setup the PDC credentials to machine"

Version: samba-2.2.3a, built on SPARC/Solaris 5.7 with gcc.

The Samba 2.2 instructions/web page titled:

   "security = domain in Samba 2.x"

section

   "Joining an NT Domain with Samba 2.2"

does not work with my NT4 PDC.

I just wasted two days tracking down the procedure which does work.  A
little bit of documentation would have saved me a lot of grief.
Perhaps the above document could be changed?  Also the document
DOMAIN_MEMBER.html should be changed to match.

What finally worked for me was this:

(1) delete the samba server from the NT4 PDC's list of servers,

(2) reboot the NT4 PDC,

(3) add the samba server back to the NT4 PDC using the server manager,

(4) run: smbpasswd -j <DOM> -r <PDC>

    Note: in step 4 above *do not* use -U to assign a username or
          password.

This procedure, with emphasis on step (4) should definitely be listed
as a procedure to try when the problem is failure to authenticate
using an NT4 PDC.

I eventually figured this out from smbpasswd(8).  Perhaps this is a
bug since one would think that running:

   smbpasswd -j <DOM> -r <PDC> -UAdministrator%password

would accomplish the same thing, but in my case at least it doesn't.

Rgds,

-H-

-- 
Harvey M Wamboldt                    ^ E-Mail: harvey at iotek.ns.ca
MDA Inc 1000 Windmill Rd. Suite 60   ^ Fax:    (902)468-2278
Dartmouth NS, B3B 1L7, Canada        ^ Phone:  (902)481-3531