[Samba] Problems joining a domain with a large number of DCs

Eric Diven eric.diven at edsiohio.com
Wed Nov 5 17:16:58 GMT 2008


> > > On Tue, Nov 04, 2008 at 05:59:25PM -0500, Eric Diven wrote:
> > > I'm having issues joining samba to a domain with a large 
> number of 
> > > domain controllers.  The domain is a mixed windows
> > 2003/windows 2008
> > > domain.  The samba server is Solaris 10 update 5 running on SPARC.
> > > 
> > > I have a custom samba build of samba 3.0.28 on the server
> > because we
> > > need Tobi Oetiker's samfs patch.  Because of the issue 
> that version 
> > > has with passwords longer than eight characters on Solaris,
> > I've also
> > > build samba 3.0.24 for using net to join the domain.
> > 
> > You might want to use the latest git checkout of 3-0-test, 
> for example
> 
> > available via
> > 
> > http://repo.or.cz/w/Samba.git?a=snapshot;h=af33c8b3521564c;sf=tgz
> > 
> > as there have been fixes for the server affinity cache during join.
> > 
> > Volker
> > 
> 
> Volker, thanks.  I'll take a look at that and see if it 
> works.  To clarify, is the issue in net in 3.0.24, and I can 
> resolve my problem by using only net from the git snapshot.  
> Or will I need to apply the Tobi patch to the snapshot and 
> use that build in its entirety?
> 
> Also, if I go to that build, it looks like the 8 character 
> password bug
> (https://bugzilla.samba.org/show_bug.cgi?id=4866) is still in 
> the re-opened state.  I'll try it, but if it's still an 
> issue, the domain policy prevents using passwords as short as 
> 8 characters.  I was looking yesterday for instructions on 
> how to join a machine to a domain without having to enter the 
> admin password.
> 
> My impression (probably incorrect) is that this can be done 
> by creating the machine account in AD before trying to join 
> the machine, but I've been unable to actually find any info 
> about how to then get samba joined.
> 
> Thanks again,
> 
> ~Eric
> 
> (Volker, sorry for the duplicate email, I hit the wrong reply 
> the first
> time)

I've been going through the changelogs, and it looks like the Solaris 8
char password bug was fixed in 3.0.28a by Jiri Sasek.  The bug still
lists as REOPENED, but there hasn't been any activity on it since
November of last year.

3.0.28a also appears to have added support for joining a Windows 2008
domain, which may be relevant as it is a mixed environment with both
W2K3 and W2K8 DCs.

~Eric


More information about the samba mailing list