[Samba] Changing password server to win 2012

Rowland Penny rowlandpenny at googlemail.com
Tue Nov 11 09:57:55 MST 2014


On 11/11/14 16:46, richard van beers wrote:
> This seems funny too:
> root at barracuda:/usr/local/samba/bin# pkginfo -l CSWsambacommon
>     PKGINST:  CSWsambacommon
>        NAME:  samba_common - Tools to access a server's filespace and
> printers via SMB (common)
>    CATEGORY:  application
>        ARCH:  sparc
>     VERSION:  3.0.23,REV=2006.08.09b
>      VENDOR:  http://www.samba.org/ packaged for CSW by Fredrik Lundholm
>      PSTAMP:  ra20060809091430
>    INSTDATE:  Aug 06 2013 15:08
>     HOTLINE:  http://www.opencsw.org/bugtrack/
>       EMAIL:  fredrik at opencsw.org
>      STATUS:  completely installed
>       FILES:       55 installed pathnames
>                     4 shared pathnames
>                    11 directories
>                    13 executables
>                 31890 blocks used (approx)
>
> root at barracuda:/usr/local/samba/bin# ./smb
> smbcacls    smbclient   smbcontrol  smbcquotas  smbpasswd   smbspool
>   smbstatus   smbtar      smbtree
> root at barracuda:/usr/local/samba/bin# ../sbin/smbd -V
> Version 3.0.14a
>
> Looks like the used version (3.014) is not the same as the installed
> version... I bet the previous admin was also not a sun guru... :/ (Right
> now I wish -I- was...)
>
> Gr RichardvB
>
>
> On Tue, Nov 11, 2014 at 5:25 PM, richard van beers <
> richard.van.beers at gmail.com> wrote:
>
>> There might be.
>>
>> Got a small step further:
>>
>> After realizing the solaris machine was still looking at the old DNS, I
>> pointed resolv.conf to the new DNS, and used the -S flag:
>> root at barracuda:/usr/local/samba/bin# ./net rpc join -U rbeers -S
>> rbn-srv-5211
>> Password:
>>
>> [2014/11/11 17:10:54, 0] utils/net_rpc_join.c:(319)
>>    Error domain join verification (reused connection): NT code 0xc0000388
>>
>> This seems to point to a bug that indeed has been resolved in 3.2 and
>> higher.
>>
>> We seem to have no solaris support (hence the old SUNS with old solaris
>> and ye olde samba)
>>
>> So if I go that route, I likely would need to compile from source or get a
>> ready package for sol9. If we need to go that route, my lack of solaris
>> know-how scares me :) Im not even sure where the original solaris 9CD's are
>> (I have found untouched boxes of solaris 10) and have no good idea of how
>> to get missing dependancies if I need those.
>>
>>
>>
>> Gr RichardvB
>>
>>
>> On Tue, Nov 11, 2014 at 5:09 PM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>> On 11/11/14 15:57, richard van beers wrote:
>>>
>>>> Hi list,
>>>>
>>>> My goal is to share a few shares from a solaris 9 host with a new win2012
>>>> domain. Im rather new to solaris (some years of linux exp, but samba has
>>>> been a LONG time ago)
>>>>
>>>> The solaris machine has been created as a machine account in AD under its
>>>> hostname by the windows admins in the new win2012 domain. (Thats not me,
>>>> although I have domain admin access if need be)
>>>>
>>>> I have an issue changing samba (version 3.0.14a) from the existing win2k3
>>>> domain to a new win2012 domain. I have not setup samba on it, and I am
>>>> not
>>>> sure if I need to "join the domain" (The new one). However. Just changing
>>>> workgroup + password server fails:
>>>>
>>>> old:
>>>> When, from an account with the same name/passw as exists in the old
>>>> win2k3
>>>> DC, I issue a net use like this it works fine:
>>>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>>>> The command completed successfully.
>>>>
>>>> new:
>>>> it fails:
>>>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>>>> Configuration information could not be read from the domain controller,
>>>> either b
>>>> ecause the machine is unavailable, or access has been denied.
>>>>
>>>>
>>>> The old smb.conf:
>>>>
>>>>       workgroup = win.olddomain.intern
>>>>       domain master = no
>>>>       preferred master = yes
>>>>       local master = yes
>>>>       domain logons = no
>>>>       password server = dc1 dc2
>>>>       security = domain
>>>>
>>>> The new smb.conf:
>>>> workgroup = nl.newdomain.com
>>>> password server = <ip1 of dc1> <ip2 of dc2>
>>>> .. other options left same.
>>>>
>>>> a share would be:
>>>> [testshare]
>>>>     comment       = test share
>>>>     path          = /mypath/sharetest
>>>>     public        = no
>>>>     writeable     = yes
>>>>     create mode   = 0770
>>>>     inherit permissions = yes
>>>>     force directory mode = 2770
>>>>
>>>>
>>>> If I try to join the new domain it fails too: (Although it validates my
>>>> password properly!, using a wrong password fails with: The username or
>>>> password was not correct.)
>>>>
>>>>
>>>> root at barracuda:/usr/local/samba/bin# ./net rpc join -U <myadminuser> -I
>>>> 192.168.80.211
>>>> [2014/11/11 16:43:04, 0] rpc_client/cli_netlogon.c:(256)
>>>>     cli_nt_setup_creds: request challenge failed
>>>> Password:
>>>>
>>>> [2014/11/11 16:43:29, 0] rpc_client/cli_netlogon.c:(256)
>>>>     cli_nt_setup_creds: request challenge failed
>>>> [2014/11/11 16:43:29, 0] utils/net_rpc_join.c:(319)
>>>>     Error domain join verification (reused connection):
>>>> NT_STATUS_INVALID_COMPUTER_NAME
>>>>
>>>> Unable to join domain <shortdomainname>.
>>>>
>>>>
>>>> Interesting observation:
>>>> when starting samba (both with old and new configs) it reports:
>>>>
>>>> Could not list trusted domains
>>>> MYSOLARISHOSTNAME
>>>> BUILTIN
>>>> <oldshortdomainname> or <newshortdomainname> (depending on old or new
>>>> config.)
>>>>
>>>>
>>>>
>>>>
>>>> SO, two questions:
>>>>
>>>> - Do I -need- to join the new domain?
>>>> - If so, what am I doing wrong to join?
>>>>
>>>>
>>>> Greetz Richard van Beers
>>>>
>>> Hi, is there anyway that you can upgrade samba (opencsw ??), '3.0.14a' is
>>> very old and you are trying to connect to the latest windows server, there
>>> have been many changes to the protocols in between the two.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
You could always go mad and install Debian instead :-D

Rowland



More information about the samba mailing list