[Samba] Must you "net join" for the Samba machine to become a
domain member?
Karnowski, David
dkarnowski at etrade.com
Wed Jan 18 23:08:19 GMT 2006
Question:
I want to setup a Samba server as a domain member, allowing Windows PC to map unix server directories, but having the authentication performed by our Windows Domain Controller(s). I'm basically following this example from the Samba docs: http://us1.samba.org/samba/docs/man/Samba3-HOWTO/domain-member.html#id2538809
It appears to me that I must "net join" the domain from the Samba server for this to work. Is this correct? Are there alternatives? My problem is that this "net use" command requires some manual intervention (entering a password for a domain user) that we'd rather avoid. We want to setup an automated Samba package installation with no manual intervention and no hard-coded usernames and passwords. If it must "join" the domain why doesn't Samba try join the domain automatically (if it's not already joined) using the credentials of the first user who tries to map a drive? Or does it try to join automatically and something is wrong in my config that's preventing it ...
Boring Details:
Running Samba 3.0.20b on Solaris. Here's my samba.conf:
[global]
security = domain
workgroup = CORP
password server = jfk1dc1.corp.etradegrp.com
log level = 10
log file = /etrade/home/dkarnows/work/samba/logs/%m.log
netbios name = DEV1NY
lock directory = /etrade/home/dkarnows/work/samba/locks
pid directory = /etrade/home/dkarnows/work/samba/locks
private dir = /etrade/home/dkarnows/work/samba/private
[homes]
comment = Home Directories
read only = No
create mask = 0750
browseable = No
guest ok = no
preserve case = yes
We've added my Samba server ("DEV1NY") to the "CORP" domain (I can see it listed when I run svrmgr.exe).
So I start smbd & nmbd daemons. I have NOT run a "net join" command on my Samba server yet. I then on my Win2000 workstation I try to map my unix home: \\dev1ny.etrade.com\dkarnows but it fails with a pop-up that says:
The mapped network drive could not be created because the following error has occurred:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
On the Samba server side I have this in the <workstation_name>.log file:
[2006/01/18 17:04:20, 2] smbd/sesssetup.c:setup_new_vc_session(704)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/01/18 17:04:20, 2] smbd/sesssetup.c:setup_new_vc_session(704)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/01/18 17:04:20, 0] auth/auth_domain.c:check_ntdomain_security(284)
check_ntdomain_security: could not fetch trust account password for domain 'CORP'
[2006/01/18 17:04:20, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [dkarnows] -> [dkarnows] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO
So then I manually join the Samba server (DEV1NY) to the CORP domain:
net rpc join -w CORP -U dkarnows -s `pwd`/smb.conf -S jfk1dc1.corp.etradegrp.com
and then, once I've entered my password I've been prompted for, try to map the drive again and it works fine.
any help appreciated,
David Karnowski
More information about the samba
mailing list