[Samba] Upgrade/migrate, lost workstation trusts

Dave Beach drbeach4 at gmail.com
Sun Feb 28 14:44:53 UTC 2016


> 2) I need to figure out why I cannot simply rejoin the domain from the workstations - the errors appear to be related to the use of the server's root account to authorize the join, which worked fine before the big switch.

> For #2, I'm not sure I understand the mechanics of how a domain join happens, and how the authorizing account is leveraged to do that. Is there a decent explanation of that somewhere?

So, the server log throws an error telling me that LANMAN passwords are not permitted for the root account. This used to work with Samba 3.5.x, and something has obviously changed. My smb.conf specifies lanman auth = no, client lanman auth = no, client ntlmv2 auth = yes, client plaintext auth = no. Those settings haven't changed between the old smb.conf and the new. Domain name is the same, the domain SID appears to be the same, testparm doesn't throw any errors, ldap backend is the same and appears to be working.

I'm trying to rejoin a Win7 client that was previously joined, no settings have changed on the client.

Any ideas?




More information about the samba mailing list