[Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback

Ashutosh Kamdar akamdar at gnsi.com
Sat Apr 16 07:14:42 GMT 2005 

John / Jim,

Thanks for the feedback.

It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. 

Any guidance would be appreciated.

Regards,

Ash


------Original Message-----
-From: John H Terpstra [mailto:jht at Samba.Org]
-Sent: Friday, April 15, 2005 11:27 PM
-To: 'Van Sickler, Jim'
-Cc: samba at lists.samba.org, 'jht at samba.org'
-Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam	ba-Guide feedback
-
-Jim / Others,
-
-I have tried to deal with the issues raised in this email. I agree entirely 
-with the suggestion. I hope it has been sufficiently dealt with in my latest 
-update that should become visible on the Samba web servers within 24 hours.
-
-Please check over the changes to Section 7.3.2 and let me know if it missed 
-the mark. Thanks for the feedback.
-
-- John T.
-
-On Friday 15 April 2005 15:36, Van Sickler, Jim wrote:
-> John,
->
->   The restrictanonymous setting was the primary culprit
-> in Ash's issue.  I think he's using basically the same
-> setup as I am;  no winbind/LDAP involved.  I'm thinking
-> there's some initial handshaking that requires an
-> anonymous connection to PDC, and it's being blocked
-> if the restrictanonymous setting is too high.
->
-> I sent a note to Ash (& the list) asking for the
-> restrictanonymous settings on his server.  They
-> were 2 (no join) and 0 (successful join).  His
-> admin has changed it back to 2 now that the
-> Samba server is a member server.  The setting
-> is dynamic;  no NT4 server reboot is required.
-> Can this be added to Chap 7 as a note for section 7.3.2.3?
->
-> In the case of using "net rpc join -U administrator%xxxxxx"
-> his result was "Unable to find a suitable server"
-> which indicate Samba wasn't finding the PDC.
->
-> In the case of using
-> net rpc join -S NT4SERVER -U administrator
-> net rpc join -S NT4SERVER -U administrator%'xxxxxxxx'
-> net rpc join -W MYWORKGROUP -U administrator
-> net rpc join -W MYWORKGROUP -U administrator%'xxxxxxxx'
-> his results were "Unable to join domain <domain>"
-> which indicate a connection to the PDC.
->
-> He had the PDC entry in smb.conf and /etc/lmhosts,
-> so I think the syntax for the example in the
-> Guide should be revised to "net join rpc -S PDC -U root%not24get"
-> (which are %not24et on pgs 241/242 in the current Guide)
-> to aid in first-try success.
->
-> Section 7.3.2 might be broken into 2 sections:
->
-> 7.3.2.1	NT4/Samba Domain with Samba Domain Member Server - Using smbusers
-> Detailing use of the /etc/samba/smbusers file for *nix/Domain users
-> Incorporate the current Item 3 for joining the domain
-> Using net rpc info/net rpc testjoin to validate membership
-> This is for OS that support Samba but don't support Winbind
->
-> 7.3.2.2	NT4/Samba Domain with Samba Domain Member Server - Using Winbind
-> Containing the current 7.3.2 contents
->
->
-> That's all for now...
-> Jim Van Sickler
-> Network Administrator
-> Kaman Aerospace Corp
-
--- 
-John H Terpstra
-Samba-Team Member
-Phone: +1 (650) 580-8668
-
-Author:
-The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
-Samba-3 by Example, ISBN: 0131472216
-Hardening Linux, ISBN: 0072254971
-Other books in production.
-
-
-

More information about the samba mailing list