Join NT Domain : password problem, or so it seems
Damien.Veillon at alcatel.fr
Tue Feb 20 17:48:48 GMT 2001
James, thanks for your answer... unfortunetely your suggestions don't
fix my problem !
OK, I checked/tried the followings :
-> there is no DOM5.HOST201.mac file (actually, the private directory
only contains the MACHINE.SID file)
-> I removed the samba machine account, waited more than 15 minutes.
I then started from scrach (included rm private/MACHINE.SID file)
with all the netbios names in CAPS ("netbios name = HOST201",
"password server = DOM407" and so on) (by the way, yes, hostname
HOST201 is unique on the network !)
-> I then re-added the samba server (HOST201) to the domain as a
workstation in server manager and tried the "smbpasswd -j DOM5 -r PDC407"
line again (I am root, so I have write access to the samba
I have exactly the same problem :-(
Roman, James (J.D.) a écrit :
> Before you try again. Search to see if there is a (NTDOMAIN NAME).(SAMBA
> SERVER NAME).mac file on your system. If so delete it. Go back to your NT
> PDC and remove the samba machines account from server manager. WAIT 15
> MINUTES FOR THE NT SAM DATABASE TO UPDATE!!!!
> Now start from scratch. Change your smb.conf, so that netbios name = HOST201
> (All CAPS) (By the way HOST201 is unique on the network, isn't it?) Re-add
> the Samba server (HOST201) to the domain as a workstation in server manager.
> Now try the smbpasswd -j DOM5 -r PDC407 line again (Make sure you are root,
> and that you have write access to the samba installation directory, probably
> the same as where your smbpasswd file is located.)
> Let me know if this helps.
> -----Original Message-----
> From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
> Sent: Tuesday, February 20, 2001 11:14 AM
> To: samba at us5.samba.org
> Subject: Join NT Domain : password problem, or so it seems
> Hi everybody,
> I have a problem with the join NT domain procedure.
> I would like to use the "security = domain" authentification mode.
> Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
> file, by Jeremy Allison.
> Here is my config :
> samba box (newly configured) :
> hostname : host201
> netbios name : host201
> OS : Solaris 7
> samba version : 2.0.7
> NT domain :
> domain name : DOM5
> PDC : PDC407
> PDC OS : NT 4 service pack 5
> WINS server : WINS406 which is also NT 4 / SP 5
> Here is what I get :
> step 1 : On the PDC (PDC407), adding the netbios name of the samba box
> (host201) whith the "server manager for domains" tool, as a "Windows NT
> workstation or server".
> => OK.
> step 2 : stopping the samba daemons on the samba box (host201)
> => OK.
> step 3 : joining the domain with the command :
> smbpasswd -j DOM5 -r PDC407
> => not OK ; damn !
> I got the following messages :
> host201 # smbpasswd -j DOM5 -r PDC407
> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
> modify_trust_password: unable to change password for machine HOST201 in
> domain DOM5 to Domain controller PDC407. Error was NT_STATUS_WRONG_PASSWORD.
> 2001/02/20 16:29:18 : change_trust_account_password: Failed to change
> password for domain DOM5.
> Unable to join domain DOM5.
> host201 #
> Here is an extract of my smb.conf file when in step 1 :
> workgroup = DOM5
> netbios name = host201
> security = server
> password server = PDC407
> wins server = WINS406
> I checked the samba mailing list archive from january 2000 to february
> 2001 but found nothing regarding this problem.
> I believe that the step 1 phase would create a trust account for the
> samba box, with a well-known initial trust account password. This
> allows smbpasswd to join the domain. Maybe there is something wrong in
> that area ? Unfortunately, I don't know the NT mecanisms well enough to
> figure out.
> If anyone has any idea... please help !
More information about the samba