[Samba] FW: Samba and Windows 2000 Password Authentication -
Here is the Answer.
Gabriel Matthews
gabriel at cinergycom.com
Tue Dec 10 15:58:00 GMT 2002
Nevermind.. I seem to have fixed my problem.. ANAKIN is not the PDC..
once I pointed it to LUKE, our PDC, then it joined and all is happy..
Gabriel
On Tue, 10 Dec 2002, Gabriel Matthews wrote:
>
> This last reply has helped me figure out quite a few things, but I'm still
> getting stuck on the 'adding server to domain' part. Here is what I am
> seeing.
>
> [root at yavin gabriel]# smbpasswd -j CT01 -r ANAKIN -U gabriel
> Password:
> error creating domain user: NT_STATUS_INVALID_DOMAIN_ROLE
> Unable to join domain CT01.
>
> I have added yavin (linux server) to the domain, and it shows in the
> server manager screen. But I guess I'm missing something else. Can
> someone help me?
>
> Gabriel
>
> On Mon, 9 Dec 2002, David Neilson wrote:
>
> > To Samba Users Group:
> >
> > I posted the message below, and a member of the group called me and talked
> > me through the problem. The solution is at the bottom of the page.
> >
> > > -----Original Message-----
> > > From: David Neilson
> > > Sent: Monday, December 09, 2002 3:40 PM
> > > To: 'samba at lists.samba.org'
> > > Subject: Samba and Windows 2000 Password Authentication
> > >
> > > Is there a way to configure Samba so that all password authentication is
> > > done through the Windows domain controllers?
> > >
> > > As I understand it, the variable "encrypt passwords" must be set to yes if
> > > "security" is set to "domain". This causes Samba to reference the
> > > smbpasswd file, so if the W2K user's password on the domain controller is
> > > not the same as that in the smbpasswd file, Samba will prompt the user for
> > > the password in smbpasswd.
> > >
> > > I have tried various options, like setting "security" equal to the server,
> > > and "password server" equal to domain controller, but it all works the
> > > same: the user has to enter the smbpasswd password to get authenticated.
> > >
> > >
> > > If this is not possible, is there a way to sync up the passwords between
> > > the domain controllers and the smbpasswd file?
> > >
> > > David Neilson
> > > Western Family Foods, Inc.
> > > System Administrator
> > > 503 639 6300 x370
> > >
> > The Answer:
> >
> > When the Windows Administrator had created the machine account in the
> > domain, I assumed I did not have to use the "smbpasswd" command to create
> > the trust relationship between the Samba Server and the domain. I was
> > wrong, and once I followed the steps below, I could log onto the domain and
> > then access Samba shares without getting asked for a password:
> >
> > Update the global section of the smb.conf file to include the following:
> > workgroup = MY_COMPANY_DOMAIN
> > security = domain
> > password server = *
> > encrypt passwords = yes
> > smbpasswd file = THE_FILE_PATH_AND_NAME
> > os level = 0 ### This server will never become a domain controller
> >
> > Stop the smbd and nmbd daemons.
> >
> > Run the smbpasswd command to establish a trust relationship:
> > smbpasswd -j MY_COMPANY_DOMAIN -r DOMAIN_CONTROLLER -Uadministrator%password
> >
> > Start up the Samba daemons.
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
> Gabriel Matthews
> Network Support
> Cinergy Communications
> gabriel at cinergycom.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
Gabriel Matthews
Network Support
Cinergy Communications
gabriel at cinergycom.com
More information about the samba
mailing list