TNG 0.7 - can't join domain

Patrick J. LoPresti patl at cag.lcs.mit.edu
Tue Feb 29 19:49:58 GMT 2000 

I am having similar problems...

Luke Kenneth Casson Leighton <lkcl at samba.org> writes:

> 1) do you have a "root" account in the smbpasswd file?

Yes.

> 2) are you using it in the network contril panel?

Yes.

> please, people, be more specific.  time and time and time and time
> again, i have to repeat and repeat and repeat this: if your report
> doesn't contain specific instructions and information, it's
> completely useless.

It would help if someone would document the correct procedure.  Lars
Knesche's FAQ still says to use "smbpasswd -m" which is wrong, and the
only other documentation is loosely spread across the hundreds of
messages each week to this mailing list.  I am still not sure what I
am supposed to be doing, so all of efforts are attempts to make the
thing work at all, not to locate problems.  (I can't tell what is a
problem if I do not know what is supposed to work.)

> well, which domain?

I named it "TEST".

> how does it not join?

When I try to join the domain from the Network Control panel dialog,
it says that the account I am using does not have permission or that
the password is wrong or somesuch.  I did not write it down because I
had no idea that this was supposed to work in the first place; I went
right on to try something else.

> did you type the username / password in the network control panel
> dialog?

Yes.  "root" plus password.

> did you know that you should do this?

No, I was shooting in the dark.

> does the  trust account already exist?

Yes.  I created it using the rpcclient "adduser" command.  (Which
itself took a good half hour to figure out.)  Was that wrong?

> does the unix account (myworkstation$) exist?

Yes.

> are you using ldap, smbpasswd or samtdb or mysql or nt5ldap as the
> password back-end?

smbpasswd

> these are just a _few_ of the issues i can think of when someone
> says, "i can't join the domain", and i'm really sorry, michael, it's
> nothing personal, but it's really exasperating to be repeating this
> quite so many times [a day].  after three years, i'd have thought
> people would get it by now.

Could someone please document *once*, in one place, the precise set of
steps we are supposed to be using?  And actually try it yourself in
the process?  As near as I can tell, the procedure goes something like
this:

  1) Make sure root account exists in smbpasswd (use "smbpasswd -a" if
     not)

  2) Make sure machine account (MACHINE$) exists in /etc/passwd

  3) (Is this step even right??)  Use rpcclient to create the machine
     account in smbpasswd.  (rpcclient with what args, exactly?  What
     does the % in "rpcclient -S . -U root%" mean, anyway?)

  4) Use the network control panel to join the workstation to the
     domain, using the root login and password.

  5) (Optional, for better security) Use rpcclient blah blah to
     randomize the trust account password

I had a ton of trouble getting this to work, but I did not carefully
record all of the problems because I did not know what I was supposed
to be doing in the first place...  In the end, I edited smbpasswd by
hand, joined the domain *without* creating the machine account from
Network Properties, and used rpcclient to reset the trust account
password.  Not exactly a streamlined process.

 - Pat

More information about the samba-ntdom mailing list