smbpasswd problems in 2.2

ZINKEVICIUS,MATT (HP-Loveland,ex1) matt_zinkevicius at
Tue Jan 15 14:34:20 GMT 2002

All three scenarios work just fine with a 2 month old cvs snapshot of

In #1, From smb.conf.5: 
  If the password server option is set to "*" then Samba will
  attempt to autolocate Primary or Backup Domain controllers
  to authenticate against...

In #2, for a LONG time if the remote machine wasn't given then the "password
server" option was used from smb.conf. If you want smbpasswd to work locally
you use the -l flag. Has this changed on purpose or is it a bug? The -l
option is still there I see.

In #3, The account was freshly created.

Again all these work fine with an older snapshot of samba.


-----Original Message-----
From: Esh, Andrew [mailto:AEsh at]
Sent: Tuesday, January 15, 2002 8:37 AM
To: 'ZINKEVICIUS,MATT (HP-Loveland,ex1)'; samba-technical at
Subject: RE: smbpasswd problems in 2.2

I don't think this is right. 
In #1, the remote machine name is "*". Which to me means "connect to all
hosts". That doesn't make any sense. Is this shorthand for "the hostname of
whatever host is the PDC"? I don't think that will work.
In #2, no remote machine name is given, so the local machine is assumed. The
results are as expected. 
In #3, the arguments are correct, but only if there is a freshly created
trust account for this host on the PDC. If an account has not been created,
then a user account with Administrator privileges must also be supplied, so
smbpasswd can create the trust account itself. Since this wasn't done, and
it doesn't appear as though a trust account already exists, then these
results are correct.
The correct thing to do is a combination of #2 and #3: 
        smbpasswd -j MYDOMAIN -r MYPDC -U administrator%howdy 
This gives the domain name, the PDC name, and the admin user account needed
to create the trust account on the PDC, and join the domain.
-----Original Message----- 
From: ZINKEVICIUS,MATT (HP-Loveland,ex1) 
[mailto:matt_zinkevicius at] 
Sent: Monday, January 14, 2002 5:27 PM 
To: samba-technical at 
Subject: smbpasswd problems in 2.2 

Hi all, 
We are experiencing 3 new problems when attemping to join a domain, using a 
recent samba 2.2.3-pre snapshot (1/3/2002). 
1) PDC discovery is not working 
% smbpasswd -j MYDOMAIN -U administrator%howdy -r * 
Could not resolve name * 
Unable to join domain MYDOMAIN. 
2) smbpasswd is not using the "password server" option from smb.conf (seems 
to default to acting locally). 
% smbpasswd -j MYDOMAIN -U administrator%howdy 
error creating domain user: NT_STATUS_ACCESS_DENIED 
Unable to join domain MYHOSTNAME. <-- This is this machines hostname 
3) Unable to join an existing computer account created on the PDC. 
% smbpasswd -j MYDOMAIN -r MYPDC 
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT 
cli_nt_setup_creds: auth2 challenge failed 
modify_trust_password: unable to setup the PDC credentials to machine MYPDC.

2002/01/14 16:23:21 : change_trust_account_password: Failed to change 
password for domain MYDOMAIN. 
Unable to join domain MYDOMAIN. 
Any clues why this broke so bad recently? 
Matt Zinkevicius 
Software Engineer 
Network Storage Array Solutions 

More information about the samba-technical mailing list