Problems authenticating against NT PDC

Rob.Exley at equifax.com Rob.Exley at equifax.com
Thu Feb 3 09:03:20 GMT 2000 


I'm relatively new to Samba so please excuse any inconsistencies with my
terminology.

I'm running Samba 2.0.6 on Solaris 2.6 and having problems creating the Samba
server machine account on an NT PDC.
I already have an NT based domain 'PCDEV' which consists of a number of NT 4.0
workstations as well as a PDC ('AULE') and BDC running NT 4.0 Server with sp5
(??). My NT domain is all running on the same subnet (10.200.1.*). I am
attempting to get a Samba server running on a Sparc based Solaris 2.6 box
sitting on a different subnet (10.101.40.*). All IP connectivity/routing between
the subnets is fine and we have been using Exceed to work on the Solaris box for
some time.

I initially set up Samba using 'user' level security initially with just my own
username being registered using smbpasswd -a <username>, this worked fine but I
had a separate password for the NT domain, Samba server and Unix box. I then
modified my smb.conf to use domain level security and pointed the password
server to my PDC. Upon examining my Server Manager I had an entry for my Samba
server automatically (possibly because I set remote announce =
10.200.1.255/PCDEV). Anyway whenever I attempted to register my Samba server
using smbpasswd -j PCDEV -r AULE I recived the following message

root at hermes #./smbpasswd -j PCDEV -r AULE
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine AULE.
Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
2000/02/02 08:28:37 : change_trust_account_password: Failed to change password
for domain PCDEV.
Unable to join domain PCDEV.

I would appreciate it if someone can offer a suggestion as to why this isn't
working. I have probably missed a straight-forward step.
Below is my smb.conf (although this now reflects my 'user' level security mode,
the rest of the details are the same).

# Samba config file created using SWAT
# from 10.200.1.11 (10.200.1.11)
# Date: 2000/02/02 15:29:18

# Global parameters
[global]
        workgroup = PCDEV
        server string = Samba %v on (%L)
        interfaces = 10.101.40.3/255.255.255.0
        bind interfaces only = Yes
        encrypt passwords = Yes
        password server = AULE
        username map = /opt/thirdpp/ntg/samba/lib/usermap
        log file = /opt/thirdpp/ntg/samba/var/log.%m
        max log size = 50
        dns proxy = No
        wins server = 10.200.1.2
        remote announce = 10.200.1.255/PCDEV
        guest account = ftp
        hosts allow = 10.200.1. localhost

[homes]
        comment = Users home directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /usr/spool/samba
        print ok = Yes
        browseable = No

Thanks in advance

_____________________________
Rob Exley
Technical Consultant
New Technology Development
Equifax Plc

More information about the samba mailing list