Symantec Ghost cann't join Samba-PDC domain

Dana Canfield canfield at
Wed Sep 26 18:53:03 GMT 2001

Yes, we are successfully doing what you want.  The trick is that (as I
understand it) Ghost wants your console machine to be logged in with
administrative privileges.  In other words, it wants the console machine
to be able to reset the domain account on behalf of the client.  I have
not been able to make this work, but we've talked to the head of
Symantec's Ghost Support and they seem very willing to work on this
problem.  Perhaps if one of the samba developers in interested, I could
put the right people in touch with each other to make this feature work.

More importantly, there is a way to automatically add machines to the
domain with Ghost.  You have to use Ghost's support of the Microsoft
SysPrep utility, rather than GhostWalker and the built-in domain adding
support.  This is documented in one of the Ghost manuals.  It's not real
easy to figure out, but as long as you understand how to add a machine
to the domain in samba, and you are willing to read all of the
documents, it can be made to work.  Plus, using sysprep has the added
bonus of letting us ghost to machines with different hardware because it
resets the hardware profile.

Note that SysPrep should work with any disk imaging software, not just

If you get really stuck, perhaps I can post our sysprep config file as
an example, but that part is really just a matter of reading the SysPrep


On Mon, 2001-09-24 at 02:47, Matt Lessem wrote:
> I've got a Redhat 7.1 server running samba-2.2.1a serving as a PDC for
> about 100 machines in teaching labs at a university.
> In general, the server works well. It is very stable and has no problem
> supporting 400+ users. As an added bonus, it also serves as a firewall
> and a dhcp server and provides the students with ssh/scp access to their
> home directories.
> The one major problem I'm having involves using Symantec Ghost 7
> Enterprise edition to image the Windows 2000 clients in the labs. I
> won't spend too much time explaining how this works, as only those
> familiar with Ghost will likely have any suggestions or care to read on.
> What happens is: when Ghost 7 Console re-images a client machine, it
> attempts to re-add it to the domain using a name and password given to
> Ghost when it is installed. This user exist on the Samba-PDC server, and
> has permission to create domain accounts.
> When the freshly imaged client machine comes back up, with the correct
> name and thinking it is in the correct domain, it gives an error of,
> roughly, "Failed to join domain. Bad parameter". I hit "ok" and the
> machine reboots. When the client comes up again, it still thinks it is
> in the domain. If I attempt to login to the domain, it says roughly,
> "Unable to logon to domain. Computer account is nonexistant or password
> is wrong". Of course, all of these machines already have accounts on the
> Samba-PDC server.
> The solution, up to this point, has been to remove each machine from the
> domain, reboot, put each machine back into the domain, providing a name
> and password for the samba-pdc that can do that, and reboot again. You
> can see how this could get old with 100 clients.
> I have seen Ghost 7 successfully put machines back into a domian that is
> run by a Win2K server, so it is not purely a matter of Ghost being
> broken.
> Questions you might be able to help me with:
> 1. How is Ghost attempting to re-add these machines to the domain? If it
> is attempting to use user manager for domain style commands, I know that
> Samba-PDC does not support that. If it is doing something else, what is
> that?
> 2. Is Samba logging the attempts by Ghost to rejoin these machines to
> the domain? If so, where?
> 3. Is anyone doing this successfully? In other words, is it just me/my
> server?
> 4. Does anyone have any solutions/work-arounds for getting Ghost 7 and a
> Samba-PDC to play nice -- besides moving to a Win2K Server and just
> using the Samba machine as a file server?
> Any help or thoughts are much appreciated.
> Thanks,
> Matt Lessem

More information about the samba-ntdom mailing list