Unable to join domain
Cannon, Mike R.
cannon at purdue.edu
Wed Nov 14 13:08:14 GMT 2001
I still can't get either command to work for me.
(a) add the NetBIOS name to the domain in Server Mangler (as a domain
admin), then the Samba server can configure itself _without_ the
Administrator password using 'smbpasswd -j DOMAIN -r PDC'
-OR-
(b) just run 'smbpasswd -j DOMAIN -r PDC -UAdministrator%yourpasswordhere'
with an NT domain admin password.
--
Mike Cannon
Infrastructure Systems Administrator
Management Information
Purdue University
1061 Freehafer Hall (FREH)
West Lafayette, IN 47907-1061
office phone: 765.494.6357
office fax: 765.496.1380
email: cannon at purdue.edu
-----Original Message-----
From: Eric Wallace [mailto:Eric.Wallace at nsc.com]
Sent: Wednesday, November 14, 2001 4:04 PM
To: samba; samba-ntdom
Cc: wschmidt; khadley; cannon
Subject: Re: Unable to join domain
Thanks to Will Schmidt and Kenneth Hadley for their responses, Samba is now
a somewhat happy member server in the NT4 domain...
### FYI: Getting Samba to join an NT Domain ###
The trick was this: adding a Samba server to the domain works much like
adding an NT box... You can either:
(a) add the NetBIOS name to the domain in Server Mangler (as a domain
admin), then the Samba server can configure itself _without_ the
Administrator password using 'smbpasswd -j DOMAIN -r PDC'
-OR-
(b) just run 'smbpasswd -j DOMAIN -r PDC -UAdministrator%yourpasswordhere'
with an NT domain admin password.
(Neither the old O'Reilly "Using Samba" book nor the latest "security =
domain ..." HOWTO make this distinction clear. If whomever wrote the docs
would like assistance in adding some more detail here, I'd be happy to
help--I'm getting quite intimate with Samba now!)
If after Samba says it has become a happy domain member and it still won't
authenticate (with Globals "security = domain" and "password server = *"),
you'll see some tell-tale signs.
1.) The log entries show the following, one list for each domain controller,
until it finally defaults to the local 'smbpasswd' file.
[2001/11/06 12:43:06, 0]
././rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2001/11/06 12:43:06, 0]
././rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2001/11/06 12:43:06, 0]
././smbd/password.c:connect_to_domain_password_server(1372)
connect_to_domain_password_server: unable to setup the PDC
credentials to machine PDC. Error was : NT_STATUS_ACCESS_DENIED.
...and so on...
2.) The NT domain controllers are auditing (logging) security
success/failure, so here's the message from Event Manager:
The session setup from the computer SAMBA failed to authenticate.
The name of the account referenced in the security database is
SAMBA$.
The following error occurred: Access is denied.
Micro$oft comments on these errors in KB article Q175024
(http://support.microsoft.com/support/kb/articles/q175/0/24.asp?id=175024&SD
=MSKB), but their suggestion doesn't work for Samba. Better just remove your
Samba server from the domain with Server Manager, wait for it to flush, then
delete or rename 'secret.tdb' and retry with step (a) above.
Eric W. Wallace
National Semiconductor/Maine
I.S. Infrastructure Sr. System Engineer
eric.wallace at nsc.com
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list