security=domain problem in samba 2.2.8a - SMB

This is a discussion on security=domain problem in samba 2.2.8a - SMB ; I am having a problem with setting security=domain in the 2.2.8a distribution. The problem is getting the Unix host to join the Windows domain. As per the documentation, I type: smbpasswd -j mydomain -r mydomain_dc -Uadministrator as the root user ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: security=domain problem in samba 2.2.8a

  1. security=domain problem in samba 2.2.8a

    I am having a problem with setting security=domain in the 2.2.8a
    distribution.

    The problem is getting the Unix host to join the Windows domain. As per the
    documentation, I type:

    smbpasswd -j mydomain -r mydomain_dc -Uadministrator

    as the root user and provide the administrator password when prompted.
    smbpasswd gets the following error:

    Error connecting to mydomain_dc - NT_STATUS_ACCESS_DENIED

    When looking in the security event log on mydomain_dc, I find that the
    administrator user successfully logging
    in from the Unix host. What I am seeing is that the workstation name is:

    \\nnn.nnn.nnn.nnn

    where nnn.nnn.nnn.nnn is the IP address of the Unix host; not the resolved
    name.

    The smb.conf file contains the following:

    encrypt passwords = yes
    security = domain
    password server = mydomain_dc
    workgroup = mydomain

    BTW, mydomain_dc is the single role master for mydomain and is a 2003
    server.

    Does anyone have any suggestions as to what the problem is?


    Regards,
    Mike



  2. Re: security=domain problem in samba 2.2.8a

    In article ,
    Mike VanDusen wrote:
    >I am having a problem with setting security=domain in the 2.2.8a
    >distribution.
    >
    >The problem is getting the Unix host to join the Windows domain. As per the
    >documentation, I type:
    >
    > smbpasswd -j mydomain -r mydomain_dc -Uadministrator
    >
    >as the root user and provide the administrator password when prompted.
    >smbpasswd gets the following error:
    >

    You need to create a computer account in the domain you are trying
    to join to before you can issue the password above. If there
    is an account already, delete it, re-add it. Then go to the
    Unix box.

    Dave


  3. Re: security=domain problem in samba 2.2.8a

    "Dave Gresham" wrote in message news:409833a3$0$8706$a18e6209@newsreader.visi.com. ..
    > In article ,
    > Mike VanDusen wrote:
    > >I am having a problem with setting security=domain in the 2.2.8a
    > >distribution.
    > >
    > >The problem is getting the Unix host to join the Windows domain. As per the
    > >documentation, I type:
    > >
    > > smbpasswd -j mydomain -r mydomain_dc -Uadministrator
    > >
    > >as the root user and provide the administrator password when prompted.
    > >smbpasswd gets the following error:
    > >

    > You need to create a computer account in the domain you are trying
    > to join to before you can issue the password above. If there
    > is an account already, delete it, re-add it. Then go to the
    > Unix box.


    OK! I've found the magic incantation. The steps are:

    1) On the 2003 role master, add the Samba host to the domain using
    the AD Computers and Users MMC applet as suggested above.

    2) Reset the computer account.

    3) On the Samba host, configure the smb.conf file as indicated above.

    4) Execute:

    smbpasswd -j mydomain -r mydomain_dc

    WITHOUT specifying the login account name! This results in:

    2004/05/05 15:07:26 : change_trust_account_password: Changed password for domain MYDOMAIN.
    Joined domain MYDOMAIN.

    Samba will now start. Domain users that access the Samba host now
    result in the a login event on behalf of the user coming from the
    Samba host appearing in the security log of the domain controller
    specified in the smb.conf file.


    Thanks for the help,
    Mike


    >
    > Dave
    >




+ Reply to Thread