[Samba] Changing password server to win 2012

richard van beers richard.van.beers at gmail.com
Tue Nov 11 09:25:45 MST 2014


There might be.

Got a small step further:

After realizing the solaris machine was still looking at the old DNS, I
pointed resolv.conf to the new DNS, and used the -S flag:
root at barracuda:/usr/local/samba/bin# ./net rpc join -U rbeers -S
rbn-srv-5211
Password:

[2014/11/11 17:10:54, 0] utils/net_rpc_join.c:(319)
  Error domain join verification (reused connection): NT code 0xc0000388

This seems to point to a bug that indeed has been resolved in 3.2 and
higher.

We seem to have no solaris support (hence the old SUNS with old solaris and
ye olde samba)

So if I go that route, I likely would need to compile from source or get a
ready package for sol9. If we need to go that route, my lack of solaris
know-how scares me :) Im not even sure where the original solaris 9CD's are
(I have found untouched boxes of solaris 10) and have no good idea of how
to get missing dependancies if I need those.



Gr RichardvB


On Tue, Nov 11, 2014 at 5:09 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

> On 11/11/14 15:57, richard van beers wrote:
>
>> Hi list,
>>
>> My goal is to share a few shares from a solaris 9 host with a new win2012
>> domain. Im rather new to solaris (some years of linux exp, but samba has
>> been a LONG time ago)
>>
>> The solaris machine has been created as a machine account in AD under its
>> hostname by the windows admins in the new win2012 domain. (Thats not me,
>> although I have domain admin access if need be)
>>
>> I have an issue changing samba (version 3.0.14a) from the existing win2k3
>> domain to a new win2012 domain. I have not setup samba on it, and I am not
>> sure if I need to "join the domain" (The new one). However. Just changing
>> workgroup + password server fails:
>>
>> old:
>> When, from an account with the same name/passw as exists in the old win2k3
>> DC, I issue a net use like this it works fine:
>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>> The command completed successfully.
>>
>> new:
>> it fails:
>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>> Configuration information could not be read from the domain controller,
>> either b
>> ecause the machine is unavailable, or access has been denied.
>>
>>
>> The old smb.conf:
>>
>>      workgroup = win.olddomain.intern
>>      domain master = no
>>      preferred master = yes
>>      local master = yes
>>      domain logons = no
>>      password server = dc1 dc2
>>      security = domain
>>
>> The new smb.conf:
>> workgroup = nl.newdomain.com
>> password server = <ip1 of dc1> <ip2 of dc2>
>> .. other options left same.
>>
>> a share would be:
>> [testshare]
>>    comment       = test share
>>    path          = /mypath/sharetest
>>    public        = no
>>    writeable     = yes
>>    create mode   = 0770
>>    inherit permissions = yes
>>    force directory mode = 2770
>>
>>
>> If I try to join the new domain it fails too: (Although it validates my
>> password properly!, using a wrong password fails with: The username or
>> password was not correct.)
>>
>>
>> root at barracuda:/usr/local/samba/bin# ./net rpc join -U <myadminuser> -I
>> 192.168.80.211
>> [2014/11/11 16:43:04, 0] rpc_client/cli_netlogon.c:(256)
>>    cli_nt_setup_creds: request challenge failed
>> Password:
>>
>> [2014/11/11 16:43:29, 0] rpc_client/cli_netlogon.c:(256)
>>    cli_nt_setup_creds: request challenge failed
>> [2014/11/11 16:43:29, 0] utils/net_rpc_join.c:(319)
>>    Error domain join verification (reused connection):
>> NT_STATUS_INVALID_COMPUTER_NAME
>>
>> Unable to join domain <shortdomainname>.
>>
>>
>> Interesting observation:
>> when starting samba (both with old and new configs) it reports:
>>
>> Could not list trusted domains
>> MYSOLARISHOSTNAME
>> BUILTIN
>> <oldshortdomainname> or <newshortdomainname> (depending on old or new
>> config.)
>>
>>
>>
>>
>> SO, two questions:
>>
>> - Do I -need- to join the new domain?
>> - If so, what am I doing wrong to join?
>>
>>
>> Greetz Richard van Beers
>>
> Hi, is there anyway that you can upgrade samba (opencsw ??), '3.0.14a' is
> very old and you are trying to connect to the latest windows server, there
> have been many changes to the protocols in between the two.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list