Join NT Domain : password problem, or so it seems
Roman, James (J.D.)
jroman6 at ford.com
Tue Feb 20 17:09:08 GMT 2001
Before you try again. Search to see if there is a (NTDOMAIN NAME).(SAMBA
SERVER NAME).mac file on your system. If so delete it. Go back to your NT
PDC and remove the samba machines account from server manager. WAIT 15
MINUTES FOR THE NT SAM DATABASE TO UPDATE!!!!
Now start from scratch. Change your smb.conf, so that netbios name = HOST201
(All CAPS) (By the way HOST201 is unique on the network, isn't it?) Re-add
the Samba server (HOST201) to the domain as a workstation in server manager.
Now try the smbpasswd -j DOM5 -r PDC407 line again (Make sure you are root,
and that you have write access to the samba installation directory, probably
the same as where your smbpasswd file is located.)
Let me know if this helps.
From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
Sent: Tuesday, February 20, 2001 11:14 AM
To: samba at us5.samba.org
Subject: Join NT Domain : password problem, or so it seems
I have a problem with the join NT domain procedure.
I would like to use the "security = domain" authentification mode.
Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
file, by Jeremy Allison.
Here is my config :
samba box (newly configured) :
hostname : host201
netbios name : host201
OS : Solaris 7
samba version : 2.0.7
NT domain :
domain name : DOM5
PDC : PDC407
PDC OS : NT 4 service pack 5
WINS server : WINS406 which is also NT 4 / SP 5
Here is what I get :
step 1 : On the PDC (PDC407), adding the netbios name of the samba box
(host201) whith the "server manager for domains" tool, as a "Windows NT
workstation or server".
step 2 : stopping the samba daemons on the samba box (host201)
step 3 : joining the domain with the command :
smbpasswd -j DOM5 -r PDC407
=> not OK ; damn !
I got the following messages :
host201 # smbpasswd -j DOM5 -r PDC407
modify_trust_password: unable to change password for machine HOST201 in
domain DOM5 to Domain controller PDC407. Error was NT_STATUS_WRONG_PASSWORD.
2001/02/20 16:29:18 : change_trust_account_password: Failed to change
password for domain DOM5.
Unable to join domain DOM5.
Here is an extract of my smb.conf file when in step 1 :
workgroup = DOM5
netbios name = host201
security = server
password server = PDC407
wins server = WINS406
I checked the samba mailing list archive from january 2000 to february
2001 but found nothing regarding this problem.
I believe that the step 1 phase would create a trust account for the
samba box, with a well-known initial trust account password. This
allows smbpasswd to join the domain. Maybe there is something wrong in
that area ? Unfortunately, I don't know the NT mecanisms well enough to
If anyone has any idea... please help !
More information about the samba