Join NT Domain : password problem, or so it seems
Roman, James (J.D.)
jroman6 at ford.com
Tue Feb 20 19:30:01 GMT 2001
Are all the machines on the same subnet? Or more specifically, are you on
the same subnet as PDC407? Try "nmblookup -M - -T" and see if your PDC or
WINS server comes back.
One other distant possibility, have you set Encrypt Passwords = Yes?
-----Original Message-----
From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
Sent: Tuesday, February 20, 2001 12:49 PM
To: samba at us5.samba.org
Subject: RE: Join NT Domain : password problem, or so it seems
James, thanks for your answer... unfortunetely your suggestions don't
fix my problem !
OK, I checked/tried the followings :
-> there is no DOM5.HOST201.mac file (actually, the private directory
only contains the MACHINE.SID file)
-> I removed the samba machine account, waited more than 15 minutes.
I then started from scrach (included rm private/MACHINE.SID file)
with all the netbios names in CAPS ("netbios name = HOST201",
"password server = DOM407" and so on) (by the way, yes, hostname
HOST201 is unique on the network !)
-> I then re-added the samba server (HOST201) to the domain as a
workstation in server manager and tried the "smbpasswd -j DOM5 -r
PDC407"
line again (I am root, so I have write access to the samba
installation directory)
I have exactly the same problem :-(
Roman, James (J.D.) a écrit :
> Before you try again. Search to see if there is a (NTDOMAIN NAME).(SAMBA
> SERVER NAME).mac file on your system. If so delete it. Go back to your
NT
> PDC and remove the samba machines account from server manager. WAIT 15
> MINUTES FOR THE NT SAM DATABASE TO UPDATE!!!!
>
> Now start from scratch. Change your smb.conf, so that netbios name =
HOST201
> (All CAPS) (By the way HOST201 is unique on the network, isn't it?)
Re-add
> the Samba server (HOST201) to the domain as a workstation in server
manager.
> Now try the smbpasswd -j DOM5 -r PDC407 line again (Make sure you are
root,
> and that you have write access to the samba installation directory,
probably
> the same as where your smbpasswd file is located.)
>
> Let me know if this helps.
>
> -----Original Message-----
> From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
> Sent: Tuesday, February 20, 2001 11:14 AM
> To: samba at us5.samba.org
> Subject: Join NT Domain : password problem, or so it seems
>
>
>
> Hi everybody,
>
> I have a problem with the join NT domain procedure.
> I would like to use the "security = domain" authentification mode.
> Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
> file, by Jeremy Allison.
>
> Here is my config :
>
> samba box (newly configured) :
> hostname : host201
> netbios name : host201
> OS : Solaris 7
> samba version : 2.0.7
> NT domain :
> domain name : DOM5
> PDC : PDC407
> PDC OS : NT 4 service pack 5
> WINS server : WINS406 which is also NT 4 / SP 5
>
>
> Here is what I get :
>
> step 1 : On the PDC (PDC407), adding the netbios name of the samba box
> (host201) whith the "server manager for domains" tool, as a "Windows NT
> workstation or server".
> => OK.
>
> step 2 : stopping the samba daemons on the samba box (host201)
> => OK.
>
> step 3 : joining the domain with the command :
>
> smbpasswd -j DOM5 -r PDC407
>
> => not OK ; damn !
>
> I got the following messages :
>
> --
> host201 # smbpasswd -j DOM5 -r PDC407
> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
> modify_trust_password: unable to change password for machine HOST201 in
> domain DOM5 to Domain controller PDC407. Error was
NT_STATUS_WRONG_PASSWORD.
> 2001/02/20 16:29:18 : change_trust_account_password: Failed to change
> password for domain DOM5.
> Unable to join domain DOM5.
> host201 #
> --
>
> Here is an extract of my smb.conf file when in step 1 :
>
> --
> [global]
> workgroup = DOM5
> netbios name = host201
> security = server
> password server = PDC407
> wins server = WINS406
> --
>
> I checked the samba mailing list archive from january 2000 to february
> 2001 but found nothing regarding this problem.
>
> I believe that the step 1 phase would create a trust account for the
> samba box, with a well-known initial trust account password. This
> allows smbpasswd to join the domain. Maybe there is something wrong in
> that area ? Unfortunately, I don't know the NT mecanisms well enough to
> figure out.
>
> If anyone has any idea... please help !
> Thanks,
> Damien.
>
>
>
>
>
More information about the samba
mailing list