Problems joining NT domain

Problems joining NT domain

Post by Diego River » Tue, 02 May 2000 04:00:00



I've followed all instructions I've found but I still can't get to join
the domain!!  (Samba version 2.0.7 - version 2.0.6 failed with the
infamous SIGSEGV ).

This is the normal sequence of events to try to achieve this:

1) Remove the NT machine account for the linux box I'm about to add
(from NT Server Manager)

2) Create a new NT machine account for the same machine name (let's say
LINUX_BOX)

3) Go to LINUX_BOX, and stop all samba services running

4) As root, type 'smbpasswd -j DOMAIN -r DOMAIN_CONTROLLER' (naturally,
smb.conf has 'workgroup = DOMAIN', 'security = domain' and 'password
server = *' - as per new 2.0.7 doc's, but password encryption is turned
off)

5) This is the complete (names changed, except for *SMBSERVER which is
exactly as it comes out) error message:

attempt_netbios_session_request: DOMAIN_CONTROLLER rejected the session
for name *SMBSERVER with error Called name not present
modify_trust_password: machine DOMAIN_CONTROLLER rejected the NetBIOS
session request. Error was code 0
2000/05/01 14:09:11 : change_trust_account_password: Failed to change
password for domain DOMAIN.
Unable to join domain DOMAIN

I've tried multiple variations:

a) Enable password encryption
b) Explicitly set 'password server = DOMAIN_CONTROLLER' in smb.conf
c) Changing the name of LINUX_BOX to something else, and repeating (in
case residual information is interfereing)
d) Run smbpasswd AFTER starting the samba servers
e) Removing MACHINE.SID before running smbpasswd

In the past, I used to be able to join the domain (with this SAME
smb.conf file), by just using smbpasswd -j DOMAIN, but it didn't allow
me to "see" the machine DOMAIN_CONTROLLER on the network - which I NEED
to do since that's where version control is stored.

I've ruled out a network problem, since I CAN connect to an oracle
database on that machine (via TCP/IP).


Any help will be appreciated.

Another weird thing - I CAN see all machines that have logged on to that
domain.  I can also access their resources....  According to my
understanding of NT domain security....should'nt I NOT be able to do
that if I haven't joined the domain?

Best Wishes

Diego

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Problems joining NT domain

Post by Jeremy Allis » Wed, 03 May 2000 04:00:00



>4) As root, type 'smbpasswd -j DOMAIN -r DOMAIN_CONTROLLER' (naturally,
>smb.conf has 'workgroup = DOMAIN', 'security = domain' and 'password
>server = *' - as per new 2.0.7 doc's, but password encryption is turned
>off)
>5) This is the complete (names changed, except for *SMBSERVER which is
>exactly as it comes out) error message:
>attempt_netbios_session_request: DOMAIN_CONTROLLER rejected the session
>for name *SMBSERVER with error Called name not present
>modify_trust_password: machine DOMAIN_CONTROLLER rejected the NetBIOS
>session request. Error was code 0
>2000/05/01 14:09:11 : change_trust_account_password: Failed to change
>password for domain DOMAIN.
>Unable to join domain DOMAIN

The NetBIOS name you are using is not the NetBIOS name the
domain controller is listening on. This also explains the
problem you had in 2.0.6 as there was a bug in this area.

Do you have the PDC specified as a DNS name or IP address
in your smb.conf ? It should be the real NetBIOS name. Can
you use nmblookup to lookup that name from the Samba host
having problems joining the domain ?

Regards,

        Jeremy Allison,
        Samba Team.

 
 
 

1. Help! Problem joining NT domain

Hi,

I have a Samba server 2.0 running on Solaris 2.6, which I'm trying to
switch from
security=SERVER to security=DOMAIN, i.e. I want the Solaris machine to
join the NT
domain.
I have followed the instructions and tried to join the domain with the
command
# smbpasswd -j RIELLO-IT -r tiziano
(values reflect my NT domain name and the name of the NT PDC).
What I get back is:
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
TIZIANO. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT.
1999/09/16 14:58:26 : change_trust_account_password: Failed to change
password for domain RIELLO-IT.
Unable to join domain RIELLO-IT.

...is this a problem with the NT machine or my samba server
configuration?
Apparently everything is setup fine (e.g., the samba server has been
configured on the NT PDC as a
domain member).

Any help will be greatly appreciated.

Mauro Bregolin

2. Floppy Disk Controllers

3. Problem Joining NT Domain

4. GVIM menu with another program. Plz Help !

5. Problems joining samba server to NT domain

6. UNIX Email Software Survey FAQ [Part 1 of 3]

7. Join NT Domain : password problem, or so it seems

8. Win98 domain logins fail after NT joins the domain

9. problem with samba host joining nt domain

10. Problem joining a NT domain with Samba 2.0.x

11. OT: Joining an NT Wkstn to domain

12. SBS to join seperate NT Domain