Join NT Domain : password problem, or so it seems

Roman, James (J.D.) jroman6 at ford.com
Tue Feb 20 17:09:08 GMT 2001


Before you try again. Search to see if there is a (NTDOMAIN NAME).(SAMBA
SERVER NAME).mac file on your system.  If so delete it.  Go back to your NT
PDC and remove the samba machines account from server manager.  WAIT 15
MINUTES FOR THE NT SAM DATABASE TO UPDATE!!!! 

Now start from scratch. Change your smb.conf, so that netbios name = HOST201
(All CAPS)  (By the way HOST201 is unique on the network, isn't it?)  Re-add
the Samba server (HOST201) to the domain as a workstation in server manager.
Now try the smbpasswd -j DOM5 -r PDC407 line again (Make sure you are root,
and that you have write access to the samba installation directory, probably
the same as where your smbpasswd file is located.)

Let me know if this helps. 

-----Original Message-----
From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
Sent: Tuesday, February 20, 2001 11:14 AM
To: samba at us5.samba.org
Subject: Join NT Domain : password problem, or so it seems



Hi everybody,

I have a problem with the join NT domain procedure.
I would like to use the "security = domain" authentification mode.
Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
file, by Jeremy Allison.

Here is my config :

  samba box (newly configured) :
    hostname : host201
    netbios name : host201
    OS : Solaris 7
    samba version : 2.0.7
  NT domain :
    domain name : DOM5
    PDC : PDC407
    PDC OS : NT 4 service pack 5
  WINS server : WINS406 which is also NT 4 / SP 5


Here is what I get :

step 1 : On the PDC (PDC407), adding the netbios name of the samba box
(host201) whith the "server manager for domains" tool, as a "Windows NT
workstation or server".
  => OK.

step 2 : stopping the samba daemons on the samba box (host201)
  => OK.

step 3 : joining the domain with the command :

  smbpasswd -j DOM5 -r PDC407

  => not OK ; damn !

I got the following messages :

--
host201 # smbpasswd -j DOM5 -r PDC407
cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
modify_trust_password: unable to change password for machine HOST201 in
domain DOM5 to Domain controller PDC407. Error was NT_STATUS_WRONG_PASSWORD.
2001/02/20 16:29:18 : change_trust_account_password: Failed to change
password for domain DOM5.
Unable to join domain DOM5.
host201 # 
--

Here is an extract of my smb.conf file when in step 1 :

--
[global]
        workgroup = DOM5
        netbios name = host201
        security = server
        password server = PDC407
        wins server = WINS406
--

I checked the samba mailing list archive from january 2000 to february
2001 but found nothing regarding this problem.

I believe that the step 1 phase would create a trust account for the
samba box, with a well-known initial trust account password. This
allows smbpasswd to join the domain. Maybe there is something wrong in
that area ? Unfortunately, I don't know the NT mecanisms well enough to
figure out.

If anyone has any idea... please help !
Thanks,
Damien.









More information about the samba mailing list