[Samba] Must you "net join" for the Samba machine to become a domain member?

Karnowski, David dkarnowski at etrade.com
Wed Jan 18 23:08:19 GMT 2006 

Question:
I want to setup a Samba server as a domain member, allowing Windows PC to map unix server directories, but having the authentication performed by our Windows Domain Controller(s). I'm basically following this example from the Samba docs: http://us1.samba.org/samba/docs/man/Samba3-HOWTO/domain-member.html#id2538809 

It appears to me that I must "net join" the domain from the Samba server for this to work. Is this correct? Are there alternatives? My problem is that this "net use" command requires some manual intervention (entering a password for a domain user) that we'd rather avoid. We want to setup an automated Samba package installation with no manual intervention and no hard-coded usernames and passwords. If it must "join" the domain why doesn't Samba try join the domain automatically (if it's not already joined) using the credentials of the first user who tries to map a drive? Or does it try to join automatically and something is wrong in my config that's preventing it ...


Boring Details:
Running Samba 3.0.20b on Solaris. Here's my samba.conf:
[global]
    security = domain
    workgroup = CORP
    password server = jfk1dc1.corp.etradegrp.com
    log level = 10
    log file = /etrade/home/dkarnows/work/samba/logs/%m.log
    netbios name = DEV1NY
    lock directory = /etrade/home/dkarnows/work/samba/locks
    pid directory = /etrade/home/dkarnows/work/samba/locks
    private dir = /etrade/home/dkarnows/work/samba/private

[homes]
        comment = Home Directories
        read only = No
        create mask = 0750
        browseable = No
        guest ok = no
        preserve case = yes

We've added my Samba server ("DEV1NY") to the "CORP" domain (I can see it listed when I run svrmgr.exe).

So I start smbd & nmbd daemons. I have NOT run a "net join" command on my Samba server yet. I then on my Win2000 workstation I try to map my unix home: \\dev1ny.etrade.com\dkarnows but it fails with a pop-up that says: 
The mapped network drive could not be created because the following error has occurred:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

On the Samba server side I have this in the <workstation_name>.log file:

[2006/01/18 17:04:20, 2] smbd/sesssetup.c:setup_new_vc_session(704)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/01/18 17:04:20, 2] smbd/sesssetup.c:setup_new_vc_session(704)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/01/18 17:04:20, 0] auth/auth_domain.c:check_ntdomain_security(284)
  check_ntdomain_security: could not fetch trust account password for domain 'CORP'
[2006/01/18 17:04:20, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [dkarnows] -> [dkarnows] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO

So then I manually join the Samba server (DEV1NY) to the CORP domain:
 net rpc join -w CORP -U dkarnows -s `pwd`/smb.conf -S jfk1dc1.corp.etradegrp.com
and then, once I've entered my password I've been prompted for, try to map the drive again and it works fine.

any help appreciated,
David Karnowski

More information about the samba mailing list