Trouble registering Samba Server in an NT domain

Zaleski, Matthew (M.E.) mzaleski at
Mon Oct 29 18:40:05 GMT 2001

I've looked thru the Howto's and a bunch of the list archives but can't find an answer to my exact problem:

I'm trying to switch my Samba server (version 2.2.1a on Mandrake 8.1) from a share level security to domain authentication.  (My company has had NT domain servers for about 2 years and I think they have all the bugs worked out.)  I'm assuming (maybe incorrectly) that as long as I have a valid (unoccupied) NetBIOS machine name acceptable for a NT workstation, then Samba can step into its shoes to request domain level user authentication.

When I type as root (names are changed to protect the innocent):
smbpasswd -j MYDOMAIN

I have "password server = *" and that seems to negate the need to specify my password server on the command above.  Is that correct?

I get a flurry of debug messages from my high log level setting.  From them I can see Samba contact the WINS server to locate the PDC and is successful.  It then connects to the PDC, but eventually fails with a NT_STATUS_NO_TRUST_SAM_ACCOUNT error.  What does this mean?

Here is the revelant snippet from my debug session:
Got a positive name query response from ( )
Connecting to at port 139
LSA Open Policy
LSA Query Info Policy
LSA_QUERYINFOPOLICY (level 5): domain:MYDOMAIN  domain sid:S-1-5-21-1078229911-1189946983-1225219381
LSA Close
cli_net_req_chal: LSA Request Challenge from ECCNA101 to AV2443: 658B07A562883C61
cli_net_auth2: srv:\\ECCNA101 acct:AV2443$ sc:2 mc: AV2443 chal FB1E53C79AF322C0 neg: 1ff
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine ECCNA101. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
2001/10/29 17:28:37 : change_trust_account_password: Failed to change password for domain MYDOMAIN.
Unable to join domain MYDOMAIN.

Matthew Zaleski

More information about the samba mailing list