Re-adding samba to a domain (was RE: Fear, Uncertainty, Doubt and
Citrix on Win2k)
Lightfoot.Michael
Lightfoot.Michael at comcare.gov.au
Wed Jan 16 20:16:02 GMT 2002
> At 11:17 AM 1/16/02 +1100, you wrote:
> <snip>
> > > To join the domain use 'smbpasswd -j DOMAIN -U
> Administrator'. This
> > > will create a machine account (with the PDC's admin password)
> > > and set a
> > > password on that account. This allows Samba to pass both the
> > > challenge
> > > and response to the DC and to get back sane error codes.
> > >
> >I think I must be a little thick as I can't get this to
> work. I tried:
> >
> >smbpasswd -j COMCARE -u Administrator
> >
> >It came back with a password prompt which I asked the M$ man
> to enter (for
> >the PDC admin account) and it failed authentication. The
> server exists at
> >the PDC and everything (according to the M$ bloke) is OK there.
>
> Right, I know I'm butting in here, but what I have seen on
> the list is that
> that joins the domain, but some people have had to create the
> account manually.
>
> So, on the PDC, you need to make an account, and check the
> box that allows
> non-w2k machines to use it. Then that command might work.
>
OK, here's the resolution!
In recent months the PDC has been upgraded from NT4 to Win2k. This change
forced us to upgrade all our Samba servers from various ancient 1.9.18
patchlevels to 2.2.2.
When I tried to change from security = server to security = domain as
suggested by Andrew B, I got the problem outlined above.
The solution is that you have to delete each Samba server from the domain
and then re-add it. After this the instructions per the Samba Project
documentation - for us Aussies:
http://samba.mirror.aarnet.edu.au/samba/docs/Samba-HOWTO-Collection.html#DOM
AIN-SECURITY
work perrrrfectly.
We are now running in test with no authentication errors for Win2k TSE users
and my developers and testers all have silly grins!
Thanks to all who gave assistance. In another few days I'll be able to call
myself an MCSE. >:-)
BTW, I received this URL in last night's email. I hope it makes someone's
day:
http://www.microsoft.com&item=q209354@www.hardware.no/nyheter/feb01/Q209354%
20-%20HOWTO.htm
(watch the wrap.)
Michael Lightfoot
SysIX Unix Systems Consulting
02 6258 8185
michael.lightfoot at canb.auug.org.au
More information about the samba
mailing list