[Samba] Changing password server to win 2012
Rowland Penny
rowlandpenny at googlemail.com
Tue Nov 11 09:57:55 MST 2014
On 11/11/14 16:46, richard van beers wrote:
> This seems funny too:
> root at barracuda:/usr/local/samba/bin# pkginfo -l CSWsambacommon
> PKGINST: CSWsambacommon
> NAME: samba_common - Tools to access a server's filespace and
> printers via SMB (common)
> CATEGORY: application
> ARCH: sparc
> VERSION: 3.0.23,REV=2006.08.09b
> VENDOR: http://www.samba.org/ packaged for CSW by Fredrik Lundholm
> PSTAMP: ra20060809091430
> INSTDATE: Aug 06 2013 15:08
> HOTLINE: http://www.opencsw.org/bugtrack/
> EMAIL: fredrik at opencsw.org
> STATUS: completely installed
> FILES: 55 installed pathnames
> 4 shared pathnames
> 11 directories
> 13 executables
> 31890 blocks used (approx)
>
> root at barracuda:/usr/local/samba/bin# ./smb
> smbcacls smbclient smbcontrol smbcquotas smbpasswd smbspool
> smbstatus smbtar smbtree
> root at barracuda:/usr/local/samba/bin# ../sbin/smbd -V
> Version 3.0.14a
>
> Looks like the used version (3.014) is not the same as the installed
> version... I bet the previous admin was also not a sun guru... :/ (Right
> now I wish -I- was...)
>
> Gr RichardvB
>
>
> On Tue, Nov 11, 2014 at 5:25 PM, richard van beers <
> richard.van.beers at gmail.com> wrote:
>
>> There might be.
>>
>> Got a small step further:
>>
>> After realizing the solaris machine was still looking at the old DNS, I
>> pointed resolv.conf to the new DNS, and used the -S flag:
>> root at barracuda:/usr/local/samba/bin# ./net rpc join -U rbeers -S
>> rbn-srv-5211
>> Password:
>>
>> [2014/11/11 17:10:54, 0] utils/net_rpc_join.c:(319)
>> Error domain join verification (reused connection): NT code 0xc0000388
>>
>> This seems to point to a bug that indeed has been resolved in 3.2 and
>> higher.
>>
>> We seem to have no solaris support (hence the old SUNS with old solaris
>> and ye olde samba)
>>
>> So if I go that route, I likely would need to compile from source or get a
>> ready package for sol9. If we need to go that route, my lack of solaris
>> know-how scares me :) Im not even sure where the original solaris 9CD's are
>> (I have found untouched boxes of solaris 10) and have no good idea of how
>> to get missing dependancies if I need those.
>>
>>
>>
>> Gr RichardvB
>>
>>
>> On Tue, Nov 11, 2014 at 5:09 PM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>> On 11/11/14 15:57, richard van beers wrote:
>>>
>>>> Hi list,
>>>>
>>>> My goal is to share a few shares from a solaris 9 host with a new win2012
>>>> domain. Im rather new to solaris (some years of linux exp, but samba has
>>>> been a LONG time ago)
>>>>
>>>> The solaris machine has been created as a machine account in AD under its
>>>> hostname by the windows admins in the new win2012 domain. (Thats not me,
>>>> although I have domain admin access if need be)
>>>>
>>>> I have an issue changing samba (version 3.0.14a) from the existing win2k3
>>>> domain to a new win2012 domain. I have not setup samba on it, and I am
>>>> not
>>>> sure if I need to "join the domain" (The new one). However. Just changing
>>>> workgroup + password server fails:
>>>>
>>>> old:
>>>> When, from an account with the same name/passw as exists in the old
>>>> win2k3
>>>> DC, I issue a net use like this it works fine:
>>>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>>>> The command completed successfully.
>>>>
>>>> new:
>>>> it fails:
>>>> C:\Users\myuser>net use z: \\mysolarismachineIP\testshare
>>>> Configuration information could not be read from the domain controller,
>>>> either b
>>>> ecause the machine is unavailable, or access has been denied.
>>>>
>>>>
>>>> The old smb.conf:
>>>>
>>>> workgroup = win.olddomain.intern
>>>> domain master = no
>>>> preferred master = yes
>>>> local master = yes
>>>> domain logons = no
>>>> password server = dc1 dc2
>>>> security = domain
>>>>
>>>> The new smb.conf:
>>>> workgroup = nl.newdomain.com
>>>> password server = <ip1 of dc1> <ip2 of dc2>
>>>> .. other options left same.
>>>>
>>>> a share would be:
>>>> [testshare]
>>>> comment = test share
>>>> path = /mypath/sharetest
>>>> public = no
>>>> writeable = yes
>>>> create mode = 0770
>>>> inherit permissions = yes
>>>> force directory mode = 2770
>>>>
>>>>
>>>> If I try to join the new domain it fails too: (Although it validates my
>>>> password properly!, using a wrong password fails with: The username or
>>>> password was not correct.)
>>>>
>>>>
>>>> root at barracuda:/usr/local/samba/bin# ./net rpc join -U <myadminuser> -I
>>>> 192.168.80.211
>>>> [2014/11/11 16:43:04, 0] rpc_client/cli_netlogon.c:(256)
>>>> cli_nt_setup_creds: request challenge failed
>>>> Password:
>>>>
>>>> [2014/11/11 16:43:29, 0] rpc_client/cli_netlogon.c:(256)
>>>> cli_nt_setup_creds: request challenge failed
>>>> [2014/11/11 16:43:29, 0] utils/net_rpc_join.c:(319)
>>>> Error domain join verification (reused connection):
>>>> NT_STATUS_INVALID_COMPUTER_NAME
>>>>
>>>> Unable to join domain <shortdomainname>.
>>>>
>>>>
>>>> Interesting observation:
>>>> when starting samba (both with old and new configs) it reports:
>>>>
>>>> Could not list trusted domains
>>>> MYSOLARISHOSTNAME
>>>> BUILTIN
>>>> <oldshortdomainname> or <newshortdomainname> (depending on old or new
>>>> config.)
>>>>
>>>>
>>>>
>>>>
>>>> SO, two questions:
>>>>
>>>> - Do I -need- to join the new domain?
>>>> - If so, what am I doing wrong to join?
>>>>
>>>>
>>>> Greetz Richard van Beers
>>>>
>>> Hi, is there anyway that you can upgrade samba (opencsw ??), '3.0.14a' is
>>> very old and you are trying to connect to the latest windows server, there
>>> have been many changes to the protocols in between the two.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
You could always go mad and install Debian instead :-D
Rowland
More information about the samba
mailing list