[Samba] FW: Samba and Windows 2000 Password Authentication -
Here is the Answer.
Gabriel Matthews
gabriel at cinergycom.com
Tue Dec 10 15:19:01 GMT 2002
This last reply has helped me figure out quite a few things, but I'm still
getting stuck on the 'adding server to domain' part. Here is what I am
seeing.
[root at yavin gabriel]# smbpasswd -j CT01 -r ANAKIN -U gabriel
Password:
error creating domain user: NT_STATUS_INVALID_DOMAIN_ROLE
Unable to join domain CT01.
I have added yavin (linux server) to the domain, and it shows in the
server manager screen. But I guess I'm missing something else. Can
someone help me?
Gabriel
On Mon, 9 Dec 2002, David Neilson wrote:
> To Samba Users Group:
>
> I posted the message below, and a member of the group called me and talked
> me through the problem. The solution is at the bottom of the page.
>
> > -----Original Message-----
> > From: David Neilson
> > Sent: Monday, December 09, 2002 3:40 PM
> > To: 'samba at lists.samba.org'
> > Subject: Samba and Windows 2000 Password Authentication
> >
> > Is there a way to configure Samba so that all password authentication is
> > done through the Windows domain controllers?
> >
> > As I understand it, the variable "encrypt passwords" must be set to yes if
> > "security" is set to "domain". This causes Samba to reference the
> > smbpasswd file, so if the W2K user's password on the domain controller is
> > not the same as that in the smbpasswd file, Samba will prompt the user for
> > the password in smbpasswd.
> >
> > I have tried various options, like setting "security" equal to the server,
> > and "password server" equal to domain controller, but it all works the
> > same: the user has to enter the smbpasswd password to get authenticated.
> >
> >
> > If this is not possible, is there a way to sync up the passwords between
> > the domain controllers and the smbpasswd file?
> >
> > David Neilson
> > Western Family Foods, Inc.
> > System Administrator
> > 503 639 6300 x370
> >
> The Answer:
>
> When the Windows Administrator had created the machine account in the
> domain, I assumed I did not have to use the "smbpasswd" command to create
> the trust relationship between the Samba Server and the domain. I was
> wrong, and once I followed the steps below, I could log onto the domain and
> then access Samba shares without getting asked for a password:
>
> Update the global section of the smb.conf file to include the following:
> workgroup = MY_COMPANY_DOMAIN
> security = domain
> password server = *
> encrypt passwords = yes
> smbpasswd file = THE_FILE_PATH_AND_NAME
> os level = 0 ### This server will never become a domain controller
>
> Stop the smbd and nmbd daemons.
>
> Run the smbpasswd command to establish a trust relationship:
> smbpasswd -j MY_COMPANY_DOMAIN -r DOMAIN_CONTROLLER -Uadministrator%password
>
> Start up the Samba daemons.
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
Gabriel Matthews
Network Support
Cinergy Communications
gabriel at cinergycom.com
More information about the samba
mailing list