smbpasswd problems in 2.2

ZINKEVICIUS,MATT (HP-Loveland,ex1) matt_zinkevicius at hp.com
Tue Jan 15 14:34:20 GMT 2002


Andrew,
All three scenarios work just fine with a 2 month old cvs snapshot of
samba-2.2.

In #1, From smb.conf.5: 
  
  If the password server option is set to "*" then Samba will
  attempt to autolocate Primary or Backup Domain controllers
  to authenticate against...

In #2, for a LONG time if the remote machine wasn't given then the "password
server" option was used from smb.conf. If you want smbpasswd to work locally
you use the -l flag. Has this changed on purpose or is it a bug? The -l
option is still there I see.

In #3, The account was freshly created.

Again all these work fine with an older snapshot of samba.

--Matt

-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Tuesday, January 15, 2002 8:37 AM
To: 'ZINKEVICIUS,MATT (HP-Loveland,ex1)'; samba-technical at lists.samba.org
Subject: RE: smbpasswd problems in 2.2


I don't think this is right. 
In #1, the remote machine name is "*". Which to me means "connect to all
hosts". That doesn't make any sense. Is this shorthand for "the hostname of
whatever host is the PDC"? I don't think that will work.
In #2, no remote machine name is given, so the local machine is assumed. The
results are as expected. 
In #3, the arguments are correct, but only if there is a freshly created
trust account for this host on the PDC. If an account has not been created,
then a user account with Administrator privileges must also be supplied, so
smbpasswd can create the trust account itself. Since this wasn't done, and
it doesn't appear as though a trust account already exists, then these
results are correct.
The correct thing to do is a combination of #2 and #3: 
        smbpasswd -j MYDOMAIN -r MYPDC -U administrator%howdy 
This gives the domain name, the PDC name, and the admin user account needed
to create the trust account on the PDC, and join the domain.
-----Original Message----- 
From: ZINKEVICIUS,MATT (HP-Loveland,ex1) 
[mailto:matt_zinkevicius at hp.com] 
Sent: Monday, January 14, 2002 5:27 PM 
To: samba-technical at lists.samba.org 
Subject: smbpasswd problems in 2.2 


Hi all, 
We are experiencing 3 new problems when attemping to join a domain, using a 
recent samba 2.2.3-pre snapshot (1/3/2002). 
1) PDC discovery is not working 
% smbpasswd -j MYDOMAIN -U administrator%howdy -r * 
Could not resolve name * 
Unable to join domain MYDOMAIN. 
2) smbpasswd is not using the "password server" option from smb.conf (seems 
to default to acting locally). 
% smbpasswd -j MYDOMAIN -U administrator%howdy 
error creating domain user: NT_STATUS_ACCESS_DENIED 
Unable to join domain MYHOSTNAME. <-- This is this machines hostname 
3) Unable to join an existing computer account created on the PDC. 
% smbpasswd -j MYDOMAIN -r MYPDC 
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT 
cli_nt_setup_creds: auth2 challenge failed 
modify_trust_password: unable to setup the PDC credentials to machine MYPDC.

Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 
2002/01/14 16:23:21 : change_trust_account_password: Failed to change 
password for domain MYDOMAIN. 
Unable to join domain MYDOMAIN. 
Any clues why this broke so bad recently? 
Matt Zinkevicius 
Software Engineer 
Network Storage Array Solutions 
Hewlett-Packard 




More information about the samba-technical mailing list