Unable to use Samba in Win2K Domain
Mark Frost
mfrost at westnet.com
Wed Jan 2 10:19:05 GMT 2002
Hello. We recently migrated our site from an NT domain model to a 2000 domain
model (active directory). In the process, I've found that I'm unable to use
Samba with our new domain. These same machines were able to function properly
as domain
I've tried samba versions 2.2.2 and 3.0alpha12. The systems running Samba
are all running Solaris 8. Prior to the migrated to Active Directory (2000
domain) we were using "security = domain" in smb.conf with success. Haven't
been able to make this work with our new AD domain.
Here's the "global" section of my smb.conf file:
[global]
encrypt passwords = yes
guest account = smbguest
load printers = yes
lock directory = /var/samba/locks
log file = /var/samba/log.%m
message command = /usr/bin/csh -c '/usr/bin/csh <%s |& /usr/local/bin/smbclient -M %m; /usr/bin/rm %s'&
password server = stadcl01
printcap name = /usr/local/etc/printcap
printing = bsd
security = domain
time server = yes
wins server = <WINS Server IP Address (Win2k box)>
workgroup = CORP
I've been attempting to use the following command, run as root, to join
these hosts to the new Active Directory domain:
# smbpasswd -r stadcl01 -j CORP -U admin_id
(this command worked perfectly to join these machines to our old NT domain).
Note that the "admin_id" shown above has rights that allow adding machines
to the new domain and had been used successfully to add other Windows-based
machines to the new domain.
When I attempt to run the smbpasswd command above, one of two things happens.
1) If there is no computer account in the "CORP" domain for this machine, I get
the following:
# smbpasswd -D 4 -r stadcl01 -j CORP -U admin_id
added interface ip=139.61.163.101 bcast=139.61.163.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name stadcl01<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file
or directory
resolve_hosts: Attempting host lookup for name stadcl01<0x20>
Connecting to 10.88.14.66 at port 139
session setup ok
Domain=[CORP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Joined domain CORP.
However, this machine is not truly usable on the domain. If you attempt to
connect to it from a Windows box, it will continually ask for a password.
If you attempt to connect to it locally
# smbclient -L aspen -U admin_id
added interface ip=139.61.163.101 bcast=139.61.163.255 nmask=255.255.255.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a
Tree Connect or Session Setup are invalid.)
#
(all this used to work with an NT domain).
I've checked the domain and the account was indeed created (in the default
"Computer" container). It's the only host listed in all lower-case (all
others are all upper-case), but I think this happened with NT domains as well.
Just out of curiosity, I tried adding "netbios name = ASPEN" to hopefully
force it to use an all upper-case name to see if that mattered. It did
not.
2) If the computer account already exists (say I just want to run smbpasswd
to reset the password which used to work with our NT domain), I get:
# smbpasswd -D 4 -r stadcl01 -j CORP -U admin_id
added interface ip=139.61.163.101 bcast=139.61.163.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name stadcl01<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file
or directory
resolve_hosts: Attempting host lookup for name stadcl01<0x20>
Connecting to 10.88.14.66 at port 139
session setup ok
Domain=[CORP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Unable to join domain CORP.
#
I'm at a loss as to why I can't make this work. Clearly the permissions to
add machines as domain members to this domain exists since I can add
non-Samba Windows boxes with no problems.
Any help is greatly appreciated.
Thanks
Mark Frost
More information about the samba
mailing list