[Samba] Joining an NT4 Domain: NT_STATUS_INVALID_COMPUTERNAME
Thomas Vaughan
tomva at isilon.com
Fri Oct 25 19:29:58 GMT 2002
Hello all-
Using samba 2.2.5 on FreeBSD 5 (a few months old).
I'm trying to get my FreeBSD box to serve out samba
shares using NT4 domain authentication. I've got
Win2K PDCs (a couple different domains) running in
mixed mode.
These are the steps I'm taking:
1) As NT domain administrator, I create machine
accounts in the domain for my FreeBSD box.
2) On the FreeBSD box, I set its DNS and domain to
match the PDC.
3) On the FreeBSD box, I set smb.conf to allow NT4
authentication (smb.conf listed below).
4) On the FreeBSD box, I restart samba with the new
smb.conf (restart smbd and nmbd).
5) I use smbpasswd -j <DOMAIN> -r <pdc_hostname> to
attempt to join the domain.
Step 5 fails, complaining that the FreeBSD client
doesn't trust the PDC (assuming I'm interpreting the
errors correctly).
If I try step 5 with my administrator account, it
works. However, that's not a good solution for me,
because I need to automate this so that the NT admin
only needs to create machine accounts.
Can anyone tell my why step 5 is failing? I need to
know what's breaking down in the protocol so I can
detect this in the field and deal with it (either get
it to work or display helpful diagnostics).
I can ping the pdc from my FreeBSD host, and vice-
versa. My FreeBSD host can resolve the pdc name using
nmbd. Adding the pdc to lmhosts didn't make any
difference.
My smb.conf:
[global]
encrypt passwords = yes
log file = /var/log/samba.log
large readwrite = yes
read size = 65536
socket options = TCP_NODELAY
dns proxy = no
change notify timeout = 3000
disable spoolss = yes
smb passwd file = /usr/local/private/smbpasswd
password server = *
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
workgroup = MY_NT_DOMAIN
server string = My Server rocks.
hosts allow =
security = DOMAIN
smbpasswd -j MY_NT_DOMAIN -r <pdc_hostname> spew:
hostname# smbpasswd -j MY_NT_DOMAIN -r <pdc_hostname> -D3
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb.conf"
Processing section "[global]"
added interface ip=<my_ip> bcast=<my_broadcast> nmask=<my_mask>
resolve_lmhosts: Attempting lmhosts lookup for name <pdc_hostname><0x20>
Connecting to <pdc_ip> at port 445
lsa_io_sec_qos: length c does not match size 8
resolve_lmhosts: Attempting lmhosts lookup for name <PDC_HOSTNAME><0x20>
Connecting to <pdc_ip> at port 445
cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME
cli_nt_setup_creds: request challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
<PDC_HOSTNAME>. Error was : NT_STATUS_UNSUCCESSFUL.
2002/10/25 12:25:49 : change_trust_account_password: Failed to change
password for domain MY_NT_DOMAIN.
Unable to join domain MY_NT_DOMAIN.
Other diagnostics:
hostname# wbinfo -p
'ping' to winbindd succeeded
hostname# wbinfo -t
Secret is bad
0xc00000e5
wbinfo -u and -g both work! I can see domain users
and groups. But my FreeBSD box can't join the domain.
More information about the samba
mailing list