smbpasswd problems in 2.2
ZINKEVICIUS,MATT (HP-Loveland,ex1)
matt_zinkevicius at hp.com
Tue Jan 15 14:34:20 GMT 2002
Andrew,
All three scenarios work just fine with a 2 month old cvs snapshot of
samba-2.2.
In #1, From smb.conf.5:
If the password server option is set to "*" then Samba will
attempt to autolocate Primary or Backup Domain controllers
to authenticate against...
In #2, for a LONG time if the remote machine wasn't given then the "password
server" option was used from smb.conf. If you want smbpasswd to work locally
you use the -l flag. Has this changed on purpose or is it a bug? The -l
option is still there I see.
In #3, The account was freshly created.
Again all these work fine with an older snapshot of samba.
--Matt
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Tuesday, January 15, 2002 8:37 AM
To: 'ZINKEVICIUS,MATT (HP-Loveland,ex1)'; samba-technical at lists.samba.org
Subject: RE: smbpasswd problems in 2.2
I don't think this is right.
In #1, the remote machine name is "*". Which to me means "connect to all
hosts". That doesn't make any sense. Is this shorthand for "the hostname of
whatever host is the PDC"? I don't think that will work.
In #2, no remote machine name is given, so the local machine is assumed. The
results are as expected.
In #3, the arguments are correct, but only if there is a freshly created
trust account for this host on the PDC. If an account has not been created,
then a user account with Administrator privileges must also be supplied, so
smbpasswd can create the trust account itself. Since this wasn't done, and
it doesn't appear as though a trust account already exists, then these
results are correct.
The correct thing to do is a combination of #2 and #3:
smbpasswd -j MYDOMAIN -r MYPDC -U administrator%howdy
This gives the domain name, the PDC name, and the admin user account needed
to create the trust account on the PDC, and join the domain.
-----Original Message-----
From: ZINKEVICIUS,MATT (HP-Loveland,ex1)
[mailto:matt_zinkevicius at hp.com]
Sent: Monday, January 14, 2002 5:27 PM
To: samba-technical at lists.samba.org
Subject: smbpasswd problems in 2.2
Hi all,
We are experiencing 3 new problems when attemping to join a domain, using a
recent samba 2.2.3-pre snapshot (1/3/2002).
1) PDC discovery is not working
% smbpasswd -j MYDOMAIN -U administrator%howdy -r *
Could not resolve name *
Unable to join domain MYDOMAIN.
2) smbpasswd is not using the "password server" option from smb.conf (seems
to default to acting locally).
% smbpasswd -j MYDOMAIN -U administrator%howdy
error creating domain user: NT_STATUS_ACCESS_DENIED
Unable to join domain MYHOSTNAME. <-- This is this machines hostname
3) Unable to join an existing computer account created on the PDC.
% smbpasswd -j MYDOMAIN -r MYPDC
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine MYPDC.
Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
2002/01/14 16:23:21 : change_trust_account_password: Failed to change
password for domain MYDOMAIN.
Unable to join domain MYDOMAIN.
Any clues why this broke so bad recently?
Matt Zinkevicius
Software Engineer
Network Storage Array Solutions
Hewlett-Packard
More information about the samba-technical
mailing list