Joining NT Domain

T. William Schmidt wschmidt at starband.net
Mon Oct 8 10:59:09 GMT 2001 

Thanks Jim for your response, the only one received BTW, but as I mentioned 
in my original post, I read DOMAIN_MEMBER.html in the docos and fully 
understood it.  I was shooting myself in the foot however, as I executed 
smbpasswd -j Domain_Name -r PDC more than once, thinking that could do no 
harm. :-(  It turns out it does, and you hose your PDC machine account if 
you do it.  I proved this to my satisfaction by having the PDC account 
removed and recreated and then testing smbpasswd again, and again and ... 
again.  So word to the wise, do it only once and trust your NT Admin guy 
when he says the account exists.  BTW: it is a 30 second job to create a 
PDC account but like some admin guys all over the world, they like to make 
you think they are opening their veins when they just do their jobs, but I 
am ranting about consulting life in large global enterprises...

After getting past this issue I still had a problem, in that my Samba 
server would not authenticate PC accounts in the PDC.  The error I got, 
NT_STATUS_ACCESS_DENIED, pointed at an rpc problem between my AIX 4.3.2.0 
machine and the PDC.  In fact, it was this error that caused me to think I 
had not successfully joined the domain, and is why I executed the smbpasswd 
command a second time in the first instance.  I traced the problem from the 
logs as far as the modules in ../rpc_server and I suspected the function 
_net_auth_2() in src_netlog_nt.c, but could see no easy way of exercising 
that code in dbx to examine it further.

To make a long and painful story short, I moved the Samba bits compiled on 
this machine to another RS/6000 with AIX 4.3.3.0, got a PDC account for 
this machine, executed smbpasswd only once and my Samba server worked 
perfectly.  I repeated these tests several times on both machines to verify 
that it was not a fluke, and got identical results.  Fortunately I have 
access to more than one RS/6000 and can find suitable examples of different 
versions of the OS.  Pity the poor guy with only a single machine that he 
must get working...

So, my conclusion is that even though I compiled the 2.2.1a source distro 
on this AIX 4.3.2.0 machine, there is something missing in the run-time 
libraries or system calls that is not revealed at compile time.  My compile 
errors for 2.2.1a where strictly type problems between signed and unsigned 
32 bit ints, that all were fixed with casts.  My config status was OK on 
both machines and after added those casts the distro compiled 
flawlessly.  I can only conclude that my 4.3.2.0 on this particular machine 
is not patched to permit 2.2.1a to execute, especially the rpc code, even 
thought it will compile, while on 4.3.3.0, the problem is not present.  So 
I am reluctantly abandoning all further work on AIX 4.3.2.0.

It was probably good for me that no one on the list responded and I had to 
work through these issues on my own.  I know a lot more about Samba today 
than I did a week ago, and I have lost all fear of getting into the sources 
and poking around.  I recompiled the distro with -g on so that I could run 
smbpasswd in dbx, and learned a lot from that exercise.

Thanks again Jim, for following up.

At 11:46 AM 10/8/2001 -0400, Van Sickler, Jim wrote:

>Will,
>
>   I was looking at the Samba List Archive and saw your message-since it's
>been a week, you probably already have your answer.
>
>But here's my nickel just in case-I get the same error messages if I try to
>join the Domain without having already created the computer on the PDC.
>
>----------------------------------------------------------------------------
>------
>
>   Add the TESTSMB1 computer to the Domain using the Server Manager.
>
>   su to root on TESTSMB1
>
>   smbpasswd -j CORP -r CORP01
>
>  Hopefully you're done - If not, let me know.
>
>----------------------------------------------------------------------------
>-------
>
>   Jim Van Sickler
>   Network Administrator
>   Kaman Aerospace Corp EODC
>   vansickj-eodc at kaman.com <mailto:vansickj-eodc at kaman.com>
>   (520) 295-2134

Regards,
Will Schmidt
SW Engineer/Consultant
Kipe & Associates       currently on assignment @ Freightliner LLC
Portland, OR
(541) 462-3160
(541) 462-3899 fax
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list