New approach to win2k joins...

Jim McDonough jmcd at
Mon Aug 5 14:24:02 GMT 2002

I've tried a new approach to getting win2k to join a samba AD-like domain.
I've made it happen from the outside...that is, I'm not running "join" on
the windows box.  I'm:
1) creating the host principal in the KDC
2) running ksetup.exe /servername <clientname> /setrealm <realmname>
3) running ksetup.exe /servername <clientname> /addkdc <realmname> <kdc>
4) running another program which issues an lsa 0x2f (which is what step 2
does, too, so I think step 2 might not be necessary) which sets the domain
name, the dns domain name, the forest name, the GUID, and the SID of the
5) modify my MIT KDC to accept the option flag 0x00010000, which windows
won't seem to stop sending
6) modified nmbd to respond to mailslot opcode 0x12 with new opcodes 0x17
and 0x19, which return more AD information (such as domain GUID) to the

My system boots, repeatedly tries to connect to an LDAP server, does
connect to the KDC, uses the correct host principcal and password.

But when I try to logon, it tries to use the short version of the domain as
the realm...which my MIT KDC doesn't like.  Any ideas here?

I tried disabling netbios, but it didn't work too well...because the nmbd
mods I made are a netbios replacement for a ms-cldap request (not standard
cldap) that finds the the DC...

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list