Trouble registering Samba Server in an NT domain

Zaleski, Matthew (M.E.) mzaleski at ford.com
Tue Oct 30 13:29:05 GMT 2001


I have no control over the domain.  That's somewhere in the IT department and I don't want to chase it down if I don't have to.  I'm still unclear what is being done on the Windows server side.  If I have a company-issued machine name and we already have NT workstations in the area, doesn't that meet the requirements?

Matthew Zaleski

> -----Original Message-----
> From: Joseph [mailto:jolt at nicholasofmyra.org]
> Sent: Tuesday, October 30, 2001 10:21 AM
> To: Zaleski, Matthew (M.E.)
> Cc: samba at lists.samba.org
> Subject: Re: Trouble registering Samba Server in an NT domain
> 
> 
> Have you added the machine to the domain using server 
> manager?  If you 
> have, have you tried removing it and adding it again?
> 
> Zaleski, Matthew (M.E.) wrote:
> 
> >I've looked thru the Howto's and a bunch of the list 
> archives but can't find an answer to my exact problem:
> >
> >I'm trying to switch my Samba server (version 2.2.1a on 
> Mandrake 8.1) from a share level security to domain 
> authentication.  (My company has had NT domain servers for 
> about 2 years and I think they have all the bugs worked out.) 
>  I'm assuming (maybe incorrectly) that as long as I have a 
> valid (unoccupied) NetBIOS machine name acceptable for a NT 
> workstation, then Samba can step into its shoes to request 
> domain level user authentication.
> >
> >When I type as root (names are changed to protect the innocent):
> >smbpasswd -j MYDOMAIN
> >
> >I have "password server = *" and that seems to negate the 
> need to specify my password server on the command above.  Is 
> that correct?
> >
> >I get a flurry of debug messages from my high log level 
> setting.  From them I can see Samba contact the WINS server 
> to locate the PDC and is successful.  It then connects to the 
> PDC, but eventually fails with a 
> NT_STATUS_NO_TRUST_SAM_ACCOUNT error.  What does this mean?
> >
> >Here is the revelant snippet from my debug session:
> ><SNIP>
> >Got a positive name query response from 99.99.99.99 ( 99.99.88.88 )
> >Connecting to 99.99.88.88 at port 139
> >LSA Open Policy
> >LSA Query Info Policy
> >LSA_QUERYINFOPOLICY (level 5): domain:MYDOMAIN  domain 
> sid:S-1-5-21-1078229911-1189946983-1225219381
> >LSA Close
> >cli_net_req_chal: LSA Request Challenge from ECCNA101 to 
> AV2443: 658B07A562883C61
> >cred_session_key
> >cred_create
> >cli_net_auth2: srv:\\ECCNA101 acct:AV2443$ sc:2 mc: AV2443 
> chal FB1E53C79AF322C0 neg: 1ff
> >cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> >cli_nt_setup_creds: auth2 challenge failed
> >modify_trust_password: unable to setup the PDC credentials 
> to machine ECCNA101. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
> >2001/10/29 17:28:37 : change_trust_account_password: Failed 
> to change password for domain MYDOMAIN.
> >Unable to join domain MYDOMAIN.
> ></SNIP>
> >
> >
> >Matthew Zaleski
> >
> 
> 




More information about the samba mailing list