[Samba] How to join a win2k-domain using Samba 2.*

Ville Jutvik ville.jutvik at home.se
Sun Sep 21 10:06:56 GMT 2003


The documentation that I found regarding this issue wasn't that good - it didn't help me that much. Later on I managed to join the win2k-domain after a lot of work. Thus I'm writing this letter in order to help people who were in my situation.

This was my problem and the solution I devised for it:

I was using samba-2.2.3a (debian package) and the windows-domain I tried to join is managed by two win2k domain controllers using active directory (AD).

Since Samba 2.* doesn't support AD (3.* does though) you have to make sure that your PDC allows you to join the domain without using AD (using NT-style trust relationship). Therefore I think that the server has to be in something called "mixed" mode, but I'm not sure about this. One of the problems I faced was that our system-administrators didn't know how SMB worked. Since  I weren't allowed to touch the servers without having them looking over my back this proved to a big hassle. I asked them wether the server were in native or mixed mode but they didn't know(!) I can't understand how they manage to run the network without such basic knowledge about smb-networks.

However, this is what I did:

1. Install samba-2.2.3a with debian-packages (other 2.* version should work equally well)
2. Configured my smb.conf. Theses option has to be set:
workgroup = YOUR-WORKGROUP
encrypt passwords = yes
security = domain
password server = *

3. I went to the win2k-dc and created a machine-account manually according to the instructions on this page: http://unix.derkeiler.com/Mailing-Lists/SunManagers/2003-06/0512.html

3. Run: smbpasswd -j your-win2k-domain -r your-domain-controller's-netbios-name -U an-administration-account

In my case this command returned a message saying "failed to join domain", but this step proved to be important later on. 

4. Run: smbpasswd -j your-win2k-domain -r your-domain-controller's-netbios-name  -m 
This changes the password of the machine-account. "Joined domain your-win2k-domain" should be returned which means that you've successfully joined the domain.

Conclusion:
I'm not really sure wether I'm doing the right thing or not, but it works for me where samba's howto failed. The reason that I need to run smbpasswd twice may be because of an authentication problem with the server (the server may be running in wrong "mode"). I anyone has any clue about this I would be greatfull if he/she could drop me a line. Also, if you've get stuck anyway you're free to contact me if you've got questions.

Best regards,
Ville Jutvik
ville.jutvik at home.se

-----Original Message-----
From: Craig Taylor <craig.taylor at theforwardgroup.com>
To: Ville Jutvik <ville.jutvik at home.se>
Date: Mon, 15 Sep 2003 09:48:53 +0100
Subject: Re: Samba-join-problem

Yes definitely, I will let you know if I find a solution

Thanks
Craig


--
Craig Taylor
IT Director
Forward Ltd
84-86 Regent Street
London
W1B 5DD
Telephone: +44 (0)20 7734 2303
Fax: +44 (0)20 7494 2570
http://www.theforwardgroup.com

***********************************************************************
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
Forward Ltd
***********************************************************************

> From: "Ville Jutvik" <ville.jutvik at home.se>
> Date: Sun, 14 Sep 2003 01:14:42 +0200
> To: craig.taylor at theforwardgroup.com
> Subject: Samba-join-problem
> 
> Hi
> 
> I saw you message on the samba-mailing-list. I just want you to know that I
> got exactly the same problem. I suggest that we notice eachother if one of us
> finds the solution to the problem.
> 
> Best regards,
> Ville Jutvik
> ville.jutvik at home.se
> 


one: +44 (0)20 7734 2303
Fax: +44 (0)20 7494 2570
http://www.theforwardgroup.com

***********************************************************************
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
Forward Ltd
***********************************************************************

> From: "Ville Jutvik" <ville.jutvik at home.se>
> Date: Sun, 14 Sep 2003 01:14:42 +0200
> To: craig.taylor at theforwardgroup.com
> Subject: Samba-join-problem
> 
> Hi
> 
> I saw you message on the samba-mailing-list. I just want you to know that




More information about the samba mailing list