Joining a Windows 2000 Domain in an OU other than the top level

Jay Ts jay at
Mon Dec 10 06:57:07 GMT 2001

Don't even try to add the server to the Active Directory (LDAP/
Kerberos) domain. When you add a Samba server to a Win 2000 domain,
the domain controller(s) use backward compatiblity to support it
as if they are a Windows NT 4.0 PDC.

When running the smbpasswd command, you need to use the Administrator
account and password, not your personal user account.  Try:

smbpasswd -j DOMAIN-NAME -r PDC-NAME -U Administrator%<Administrator-Password>

I think that may do it for you.

Jay Ts

> Due to restrictions set up in our Windows 2000 domain, I've been having
> trouble adding a Samba server to the domain.  I've had a domain
> administrator add the server into an OU that we do have access to, and my
> Windows account has been enabled to add nodes to that OU.  When I execute
> "smbpasswd -j DOM -r PDC -U myid%mypasswd", I get the traditional:
> smbpasswd -j DOMAIN/OU/SUBOU -r PDC -D 4 -U myid
> added interface ip=###.###.25.36 bcast=###.###.25.255 nmask=
> Password: 
> resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20>
> getlmhostsent: lmhost entry: ###.###.22.14 PDC
> Connecting to ###.###.22.14 at port 139
> session setup ok
> Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> Unable to join domain DOMAIN.
> The same thing happens whether I try to add it to just DOMAIN or
> DOMAIN/OU/SUBOU.  I'm trying to set this up using Samba 2.2.2 under Solaris
> 8.  I was successfully able to add it to both an NT domain as well as a test
> Windows 2000 domain in the top level OU.  I deleted the MACHINE.SID and
> secrets.tdb files in between each attempt.
> Mike

More information about the samba-ntdom mailing list