Re-joining the Domain

Andrew Bartlett abartlet at pcug.org.au
Mon Dec 3 14:45:02 GMT 2001


"Orenstein, Dave" wrote:
> 
> I was wondering if there is an answer to this
> challenge or if I just have to live with it?  I'm a bit
> of a Newbie here.  I'm in the process of setting up
> Samba -2.2.2 on a Redhat v7.1 (Seawolf) server.
> I've discovered that joining the NT Domain is a simple
> matter of
> 
> smbpasswd -j DOMAIN_NAME
> 
> smbpasswd picks up the PDC name from smb.conf
> and moves right along.  There is no need to send a
> PDC admin password out in clear text to make things
> happen as I have seen suggested elsewhere.  

This is becoue you are using the old, insecure method of joining a
domain.  You get the join becouse 'adding' the machine in server
manamger (or equiv) also set the password to a known value.  A value
both found in the Samba sources and known to anybody who cares to join
before you get a chance to... :-)

> The
> challenge that I have run into is that as the instructions
> in the excellent Samba docs state, you have to create
> the machine entry at the PDC and then issue the join
> command on the Samba server.

You shouldn't do it that way around, you should use the -j domain
-Uadmin%pass  method.

> What I found is that every time I make a change to
> smb.conf or stop and start the smbd and/or nmbd
> daemons, the PDC entry has to be recreated before
> the join command can be successfully issued.  Is there
> some way around having to repeat the work done at the
> PDC?  

Why do you feel the need to rejoin?  Once the join is done, the password
is randomised and stored - it is no longer the default value that you
used to join in the first place.

You should only rejoin if the account becomes inoperable for some
reason.

> I'm presently not a Domain Admin.

You don't actually need domain admin privs, only 'add machine account to
domain' privs.  These might be easier to extract from your local NT
admin.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list