Security = domain Documentation

Bill Gardner bgardner at transzap.com
Thu Apr 11 23:58:41 GMT 2002

Previous message: [Samba] Joining a Domain With NT4 PDC Instructions Don't Work
Next message: Help
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In order to clear up some problems with the documentation it would be good
if the following changes were made to the section of the documentation
relating to having a Samba 2.x server joining an NT domain. Replace the
first section in the existing document with the second section:
============================================================================
=========================
Assume you have a Samba 2.x server with a NetBIOS name of SERV1 and are
joining an NT domain called DOM, which has a PDC with a NetBIOS name of
DOMPDC and two backup domain controllers with NetBIOS names DOMBDC1 and
DOMBDC2 .
In order to join the domain, first stop all Samba daemons and run the
command:
root# smbpasswd -j DOM -r DOMPDC -UAdministrator%password
as we are joining the domain DOM and the PDC for that domain (the only
machine that has write access to the domain SAM database) is DOMPDC. The
Administrator%password is the login name and password for an account which
has the necessary privilege to add machines to the domain. If this is
successful you will see the message:
smbpasswd: Joined domain DOM. 
in your terminal window. See the smbpasswd(8) man page for more details.
============================================================================
=========================
Assume you want the Samba 2.x server with a NetBIOS name of SERV1 to join
the domain DOM. There are three cases to consider:
		1. Pure NT4.0 Network: NT4.0 PDC (NT40PDC) and one or more
NT4.0 BDC's (NT40BDC01, NT40BDC02)
		2. Mixed Mode NT5.0 Network: Domain controller in mixed mode
(NT50DC) and one or more NT4.0 BDC's (NT40BDC01, NT40BDC02)
		3. Pure NT5.0 Native Mode Network: One or more NT5.0 Domain
Controllers all in native mode (NT50DC01, NT50DC02)
In order to join the domain DOM, first stop all Samba daemons on SERV1. Then
create a computer record for SERV1 on the correct domain controller:
		1. Pure NT4.0 Network: On the PDC (NT40PDC) use the
administrative tool Server Manager to create a new computer record for
SERV1.
		2. Mixed Mode NT5.0 Network: On the NT5.0 DC (NT50DC) use
the administrative tool Active Directory Users and Computers to create a new
computer record for SERV1. Make sure to check the box: [x] Allow pre-Windows
2000 computers to use this account.
		3. Pure NT5.0 Native Mode Network: On any of the NT5.0 DC's
(NT50DC01, NT50DC02) use the administrative tool Active Directory Users and
Computers to create a new computer record for SERV1. Make sure to check the
box: [x] Allow pre-Windows 2000 computers to use this account.
Now that you have created a computer record for SERV1, you will want SERV1
to join the domain. On SERV1 execute one of following commands:
		1. Pure NT4.0 Network: root# smbpasswd -j DOM -r NT40PDC
		2.Mixed Mode NT5.0 Network: root# smbpasswd -j DOM -r NT50DC
		3.Pure NT5.0 Mative Mode Network: root# smbpasswd -j DOM -r
NT50DC01
When joining the domain DOM in Case 1 only the PDC for that domain, NT40PDC,
has write access to the domain's SAM database. In Case 2 you want to use the
NT5.0 DC, NT50DC and in Case 3 you can use either DC, NT50DC01 or NT50DC02.
If this is successful you will see the message (the x's denote the date and
time):
xxxx/xx/xx xx:xx:xx : change_trust_account_password: Changed password for
domain DOMAIN.
Joined domain DOMAIN.
in your terminal window. See the smbpasswd(8) man page for more details.
============================================================================
============================

Previous message: [Samba] Joining a Domain With NT4 PDC Instructions Don't Work
Next message: Help
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the samba-docs mailing list