[Samba] Re: Samba file server -- samba domain join problem

Anthony Linux anthony.linux at gmail.com
Thu May 4 17:54:47 GMT 2006

Nevermind, I got it fixed.

I changed security=domain to security=user and copied over all my ldap
information (ou=Groups, ou=Users, etc).  I then added the manager password
with smbpasswd -w <PW> and everything works great now.

It seems like 3.0.10 for FC3 does not pass the password encrypted the way
the PDC is expecting it.  It resolved the users fine, but something broke
when trying to verify passwords.  This fix is also nice because I can easily
turn the second server into a BDC if necessary, although I would want to
replicate my ldap database there first (no point having a BDC get user info
from a PDC LDAP server that crashed! :-)

Hopefully this will help some people I saw who had similar problems but no


On 5/4/06, Anthony Linux <anthony.linux at gmail.com> wrote:
>  Hello,
> I recently upgraded a network to FC3 from RH9 (I know, I know, behind the
> times).
> The network is small: one PDC, one file server.  The PDC (Samba, LDAP,
> DNS, DHCP all on FC3) is running fine.  Seamless between linux logins and
> windows XP.  Users can log in, see the shares, mount drives.
> The second file server is just going to be an NFS and Samba server.  The
> plan is to use security=domain and share everything the same way the PDC
> does.
> Two problems:  first, it did not want to join the domain.  I kept trying
> "net rpc join", it prompts for a password and tells me the password is
> incorrect.  I checked the logs and it said something about not allowing
> NTLMv1 for root.  So I set "client ntlmv2 auth = yes" and it allowed me to
> join the domain.
> So far so good, right?
> When I try to open the share it prompts for a username and password.  When
> I type valid ones in, it rejects them and upgrades their bad password count
> (so the PDC is seeing an attempt to access the share).  The log files only
> say NT_STATUS_WRONG_PASSWORD for the user account.
> I have looked through the HOWTO and searched google, but can't seem to
> find anything on this.  Sad thing is, I remember this being really, really
> easy the last time I did it.
> Any ideas?
> Thanks,
> Anthony
> my simplified smb.conf (I have tried many other options like wins settings
> to no avail).
> workgroup=MYNET
> security=domain
> password server = MYPDC
> ntlmv2 client auth = yes
> encrypt passwords = yes
> [Share info ...]

More information about the samba mailing list