Fixed [Join NT Domain : password problem, or so it seems]

Damien Veillon Damien.Veillon at alcatel.fr
Mon Feb 26 14:27:21 GMT 2001 

OK, That's fixed now ;-)

The problem was : part of the joining process, "smbpasswd -j" changes
the machine account password of the samba box on the PDC. In my case,
the PDC refused that change because of two options set in its registry.
Those two options are : RefusePasswordChange and DisablePasswordChange
and are located in the following registry key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

After having de-activated those options and restarted the netlogon
service, "smbpasswd -j" was ok and I was happy again !

You will find the description of those two options on :

http://support.microsoft.com/support/kb/articles/Q154/5/01.asp


Thanks to James, Tim and John for their answers,

Damien.



Damien Veillon a écrit :
> 
> Hi everybody,
> 
> I have a problem with the join NT domain procedure.
> I would like to use the "security = domain" authentification mode.
> Therefore, I followed the instructions found in the DOMAIN_MEMBER.txt
> file, by Jeremy Allison.
> 
> Here is my config :
> 
>   samba box (newly configured) :
>     hostname : host201
>     netbios name : host201
>     OS : Solaris 7
>     samba version : 2.0.7
>   NT domain :
>     domain name : DOM5
>     PDC : PDC407
>     PDC OS : NT 4 service pack 5
>   WINS server : WINS406 which is also NT 4 / SP 5
> 
> 
> Here is what I get :
> 
> step 1 : On the PDC (PDC407), adding the netbios name of the samba box
> (host201) whith the "server manager for domains" tool, as a "Windows NT
> workstation or server".
>   => OK.
> 
> step 2 : stopping the samba daemons on the samba box (host201)
>   => OK.
> 
> step 3 : joining the domain with the command :
> 
>   smbpasswd -j DOM5 -r PDC407
> 
>   => not OK ; damn !
> 
> I got the following messages :
> 
> --
> host201 # smbpasswd -j DOM5 -r PDC407
> cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
> modify_trust_password: unable to change password for machine HOST201 in domain DOM5 to Domain controller PDC407. Error was NT_STATUS_WRONG_PASSWORD.
> 2001/02/20 16:29:18 : change_trust_account_password: Failed to change password for domain DOM5.
> Unable to join domain DOM5.
> host201 # 
> --
> 
> Here is an extract of my smb.conf file when in step 1 :
> 
> --
> [global]
>         workgroup = DOM5
>         netbios name = host201
>         security = server
>         password server = PDC407
>         wins server = WINS406
> --
> 
> I checked the samba mailing list archive from january 2000 to february
> 2001 but found nothing regarding this problem.
> 
> I believe that the step 1 phase would create a trust account for the
> samba box, with a well-known initial trust account password. This
> allows smbpasswd to join the domain. Maybe there is something wrong in
> that area ? Unfortunately, I don't know the NT mecanisms well enough to
> figure out.
> 
> If anyone has any idea... please help !
> Thanks,
> Damien.

More information about the samba mailing list