[Samba] problem joining the domain

Tom.Klopf at mms.gov Tom.Klopf at mms.gov
Thu Jun 6 10:57:04 GMT 2002


Michael:
  You said " Yes, the machine pre-existed in the domain."
	
	This implies that there was a pre-existing machine account that was
in use for the server.  Every time you want to add a samba server to a
domain, the MACHINE ACCOUNT HAS TO BE DELETED AND READDED. In other words,
every time you run "smbpasswd -j mydomain" (or something like that), the
machine account on the PDC has to be deleted and readded. This should really
be added to the samba documentation.  The reason I put it in caps is that NT
admins have a hard time believing this. 

	Also, make sure that your "PDC" machine account (which is now called
a domain controller) has the option called "allow pre-Windows 2000 computers
to use/join/whatever" checked off.  Samba spoofs a NT 4.0 server, so this
option needs to be used. ALSO: make sure your Domain Controller can do PDC
emulation (it's some service that's run).

	Futz around with the options you're giving smbpasswd, too.  I would
just try "smbpasswd -j domain" first, so long as your "password server" is
set to the right one in your smb.conf.

	

Hope that helps.

-t
	


Thomas Klopf
MMS - Gulf Region (ACS-GS contractor)
Phone: 504.736.2444
Mobile: 504.319.2600
 

-----Original Message-----
From: Michael Rasmussen [mailto:rasmussenm at columbiafunds.com] 
Sent: Thursday, June 06, 2002 10:32 AM
To: Yannick Tousignant
Cc: samba at lists.samba.org
Subject: RE: [Samba] problem joining the domain

Yes, the machine pre-existed in the domain.  As in, "Domain Admin, please
add chain so I can have it join the domain." Which domain admin did.  

In truth, we tried joining the domain first, that failed so we had the admin
add chain to the domain they tried to join and . . . 

--  
  Michael Rasmussen - Network Engineer, Columbia Management
  voice:  971-925-6723  cell:  503-807-1447  rasmussenm at columbiafunds.com
  <mailto:rasmussenm at columbiafunds.com> http://www.columbiafunds.com


> -----Original Message-----
> From: Yannick Tousignant [mailto:ytousignant at oka-info.com]
> Sent: Thursday, June 06, 2002 8:24 AM
> To: Michael Rasmussen
> Cc: samba at samba.org
> Subject: RE: [Samba] problem joining the domain
> 
> 
> 
> Did you add your linux machine into the WindowsNT PDC?
> 
> I belive it's in Server manager into Administration menus.
> 
> Yannick
> 
> 
> > -----Original Message-----
> > From: samba-admin at lists.samba.org 
> [mailto:samba-admin at lists.samba.org]On
> > Behalf Of Michael Rasmussen
> > Sent: Thursday, June 06, 2002 11:15 AM
> > To: samba at lists.samba.org
> > Cc: IT Server Group
> > Subject: [Samba] problem joining the domain
> >
> >
> > We've encountered a problem with getting a newly installed 
> Samba based
> > machine to join the domain.
> >
> > Here's the command line and error response:
> >
> >    [root at chain samba]# smbpasswd -j COLUMBIA -r cmc-bkup -U murphyn
> >    Password:
> >    error creating domain user: NT_STATUS_INVALID_DOMAIN_ROLE
> >    Unable to join domain COLUMBIA.
> >    [root at chain samba]#
> >
> > Installation is a RedHat 7.2 (from KRUD) box with freshly 
> installed Samba
> > RPMs version 2.2.3a-6.  smb.conf was created by a cut and 
> paste from a
> > working installation on another box on our network, changing the
> > server name
> > and share paths as necessary.
> >
> > murphyn is a domain admin for COLUMBIA, the PDC (cmc-bkup) 
> and the BDC are
> > NT4 boxes.
> >
> > As the Linux guy I don't know what this error message means.  The
> > NT admins
> > are at a loss to explain the problem.
> >
> > Curiosities:
> >
> > 	I've used the same software version to add a box to our domain
> > 	Essentially the same config is used on the working and 
> non-working
> > boxes, so I'm puzzled about what configuration issue could be
> > causing this.
> >
> > Bottom Line Question:
> >
> >   do you know what causes this error and how I can resolve 
> this issue and
> > have the machine chain join the COLUMBIA domain?
> >
> >   Where did I miss whatever it is in the documentation?
> >
> > --
> >   Michael Rasmussen - Network Engineer, Columbia Management
> >   voice:  971-925-6723  cell:  503-807-1447  
> rasmussenm at columbiafunds.com
> >   <mailto:rasmussenm at columbiafunds.com> http://www.columbiafunds.com
> >
> > NOTICE:  This communication may contain confidential or other
> > privileged information.  If you are not the intended recipient,
> > or believe that you have received this communication in error,
> > please do not print, copy, retransmit, disseminate, or otherwise
> > use the information.  Also, please indicate to the sender that
> > you have received this email in error, and delete the copy you
> > received.  Any communication that does not relate to official
> > Columbia business is that of the sender and is neither given nor
> > endorsed by Columbia.  Thank you.
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> 
> 

NOTICE:  This communication may contain confidential or other privileged
information.  If you are not the intended recipient, or believe that you
have received this communication in error, please do not print, copy,
retransmit, disseminate, or otherwise use the information.  Also, please
indicate to the sender that you have received this email in error, and
delete the copy you received.  Any communication that does not relate to
official Columbia business is that of the sender and is neither given nor
endorsed by Columbia.  Thank you.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list