Join NT Domain : password problem, or so it seems

Roman, James (J.D.) jroman6 at ford.com
Tue Feb 20 19:30:01 GMT 2001 

Are all the machines on the same subnet? Or more specifically, are you on
the same subnet as PDC407? Try "nmblookup -M - -T" and see if your PDC or
WINS server comes back.  

One other distant possibility, have you set Encrypt Passwords = Yes?  

-----Original Message-----
From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
Sent: Tuesday, February 20, 2001 12:49 PM
To: samba at us5.samba.org
Subject: RE: Join NT Domain : password problem, or so it seems



James, thanks for your answer... unfortunetely your suggestions don't
fix my problem !

OK, I checked/tried the followings :
  -> there is no DOM5.HOST201.mac file (actually, the private directory
     only contains the MACHINE.SID file)
  -> I removed the samba machine account, waited more than 15 minutes.
     I then started from scrach (included rm private/MACHINE.SID file)
     with all the netbios names in CAPS ("netbios name = HOST201",
     "password server = DOM407" and so on) (by the way, yes, hostname
     HOST201 is unique on the network !)
  -> I then re-added the samba server (HOST201) to the domain as a
     workstation in server manager and tried the "smbpasswd -j DOM5 -r
PDC407"
     line again (I am root, so I have write access to the samba
     installation directory)

I have exactly the same problem :-( 



Roman, James (J.D.) a écrit :
> Before you try again. Search to see if there is a (NTDOMAIN NAME).(SAMBA
> SERVER NAME).mac file on your system.  If so delete it.  Go back to your
NT
> PDC and remove the samba machines account from server manager.  WAIT 15
> MINUTES FOR THE NT SAM DATABASE TO UPDATE!!!! 
> 
> Now start from scratch. Change your smb.conf, so that netbios name =
HOST201
> (All CAPS)  (By the way HOST201 is unique on the network, isn't it?)
Re-add
> the Samba server (HOST201) to the domain as a workstation in server
manager.
> Now try the smbpasswd -j DOM5 -r PDC407 line again (Make sure you are
root,
> and that you have write access to the samba installation directory,
probably
> the same as where your smbpasswd file is located.)
> 
> Let me know if this helps. 
>
> -----Original Message-----
> From: Damien Veillon [mailto:Damien.Veillon at alcatel.fr]
> Sent: Tuesday, February 20, 2001 11:14 AM
> To: samba at us5.samba.org
> Subject: Join NT Domain : password problem, or so it seems
> 
> 
> 
> Hi everybody,
> 
> I have a problem with the join NT domain procedure.
> I would like to use the "security = domain" authentification mode.
> Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
> file, by Jeremy Allison.
> 
> Here is my config :
> 
>   samba box (newly configured) :
>     hostname : host201
>     netbios name : host201
>     OS : Solaris 7
>     samba version : 2.0.7
>   NT domain :
>     domain name : DOM5
>     PDC : PDC407
>     PDC OS : NT 4 service pack 5
>   WINS server : WINS406 which is also NT 4 / SP 5
> 
> 
> Here is what I get :
> 
> step 1 : On the PDC (PDC407), adding the netbios name of the samba box
> (host201) whith the "server manager for domains" tool, as a "Windows NT
> workstation or server".
>   => OK.
> 
> step 2 : stopping the samba daemons on the samba box (host201)
>   => OK.
> 
> step 3 : joining the domain with the command :
> 
>   smbpasswd -j DOM5 -r PDC407
> 
>   => not OK ; damn !
> 
> I got the following messages :
> 
> --
> host201 # smbpasswd -j DOM5 -r PDC407
> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
> modify_trust_password: unable to change password for machine HOST201 in
> domain DOM5 to Domain controller PDC407. Error was
NT_STATUS_WRONG_PASSWORD.
> 2001/02/20 16:29:18 : change_trust_account_password: Failed to change
> password for domain DOM5.
> Unable to join domain DOM5.
> host201 # 
> --
> 
> Here is an extract of my smb.conf file when in step 1 :
> 
> --
> [global]
>         workgroup = DOM5
>         netbios name = host201
>         security = server
>         password server = PDC407
>         wins server = WINS406
> --
> 
> I checked the samba mailing list archive from january 2000 to february
> 2001 but found nothing regarding this problem.
> 
> I believe that the step 1 phase would create a trust account for the
> samba box, with a well-known initial trust account password. This
> allows smbpasswd to join the domain. Maybe there is something wrong in
> that area ? Unfortunately, I don't know the NT mecanisms well enough to
> figure out.
> 
> If anyone has any idea... please help !
> Thanks,
> Damien.
> 
> 
> 
> 
>

More information about the samba mailing list