rpcquery etc ...
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Feb 16 02:17:39 GMT 2000
On Wed, 16 Feb 2000, Richard Sharpe wrote:
> Hi,
>
> I noticed that when I do lsaquery I get back two SIDS, one for Domain
> Member and the other for Domain Controller, and they are the same.
correct. that tell me you made the query against a PDC.
> Does this mean that I have managed to join the domain, or not?
no. you have only obtained the SID.
> Actually, what is the canonical sequence of actions when one is setting up
> Samba TNG?
>
> Can you use rpcclient before you have joined the domain?
urr... actually... only on loop-back at the moment, as root :) a bit like
running smbpasswd as root.
rpcclient -S . -U root% -l log
> I have just deleted my server's trust account, hoping to use rpcclient to
> add the account and join the domain, but now lsaquery no longer works :-(
oops, you deleted your means to verify through SMB :-) :-)
smbd now _uses_ MSRPC to verify users. that means, if you don't have a
trusta account for itself, you can't even access anything via smbd,
_including_ using rpcclient -S servername.
therefore, you will have to use rpcclient -S . which onlky works as root.
by the way, i removed the requirement to do an lasquery command prior to
any SAM commands.
i added code that automatically does a SAM-equivalent to lsaquery, _fr_
you.
it does a sam_enum_domains followed by a sam_lookup_domain, which obtains
the Domain SID, and you're done.
More information about the samba-ntdom
mailing list