Symantec Ghost cann't join Samba-PDC domain

Mon Sep 24 01:40:03 GMT 2001

Matt,
As you have already heard from uwe (Sorry uwe, I don't know your name) Ghost
copies the machine as is, and it is most likely that the machine account
password has expired. In NT the only solution is, as suggested, recreate the
accounts for each machine one-by-one, but Win2k has a cloning prep tool that
clears out all the network unique stuff from the system prior to cloning
using Ghost. Information on that is available from Microsoft. Try looking at
http://www.microsoft.com/windows2000/techinfo/planning/default.asp
for tips on installing your client machines with Windows 2000

-----Original Message-----
From: Matt Lessem [mailto:Matt.Lessem at Colorado.EDU]
Sent: Monday, 24 September 2001 5:47 PM
To: samba-ntdom at lists.samba.org
Subject: Symantec Ghost cann't join Samba-PDC domain

I've got a Redhat 7.1 server running samba-2.2.1a serving as a PDC for
about 100 machines in teaching labs at a university.

In general, the server works well. It is very stable and has no problem
supporting 400+ users. As an added bonus, it also serves as a firewall
and a dhcp server and provides the students with ssh/scp access to their
home directories.

The one major problem I'm having involves using Symantec Ghost 7
Enterprise edition to image the Windows 2000 clients in the labs. I
won't spend too much time explaining how this works, as only those
familiar with Ghost will likely have any suggestions or care to read on.

What happens is: when Ghost 7 Console re-images a client machine, it
attempts to re-add it to the domain using a name and password given to
Ghost when it is installed. This user exist on the Samba-PDC server, and
has permission to create domain accounts.

When the freshly imaged client machine comes back up, with the correct
name and thinking it is in the correct domain, it gives an error of,
roughly, "Failed to join domain. Bad parameter". I hit "ok" and the
machine reboots. When the client comes up again, it still thinks it is
in the domain. If I attempt to login to the domain, it says roughly,
"Unable to logon to domain. Computer account is nonexistant or password
is wrong". Of course, all of these machines already have accounts on the
Samba-PDC server.

The solution, up to this point, has been to remove each machine from the
domain, reboot, put each machine back into the domain, providing a name
and password for the samba-pdc that can do that, and reboot again. You
can see how this could get old with 100 clients.

I have seen Ghost 7 successfully put machines back into a domian that is
run by a Win2K server, so it is not purely a matter of Ghost being
broken.

Questions you might be able to help me with:

1. How is Ghost attempting to re-add these machines to the domain? If it
is attempting to use user manager for domain style commands, I know that
Samba-PDC does not support that. If it is doing something else, what is
that?

2. Is Samba logging the attempts by Ghost to rejoin these machines to
the domain? If so, where?

3. Is anyone doing this successfully? In other words, is it just me/my
server?

4. Does anyone have any solutions/work-arounds for getting Ghost 7 and a
Samba-PDC to play nice -- besides moving to a Win2K Server and just
using the Samba machine as a file server?

Any help or thoughts are much appreciated.

Thanks,
Matt Lessem