Lightfoot.Michael
2002-Jan-17 19:32 UTC
can't get samba on solaris 8 box to join win2k domain
> mickey.ee.pdx.edu# ./smbpasswd -j CECS -r SNOWBIRD > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > SNOWBIRD. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2002/01/17 18:58:19 : change_trust_account_password: Failed to change > password for domain CECS. > Unable to join domain CECS. >Amazingly, I was just discussing this very thing two minutes ago! Did you see my message posted yesterday outlining this very problem and how I solved it? You probably have either of the following two scenarios: 1. you haven't followed the instructions at: http://samba.mirror.aarnet.edu.au/samba/docs/Samba-HOWTO-Collection.html#DOM AIN-SECURITY (particularly the first paragraph.) or 2. you have upgraded Samba from an older version and need to re-add the server to the domain as outlined in my message (subsequently I have decided that removing it may not be necessary, but you certainly have to explicitly add it.) Michael Lightfoot SysIX Unix Systems Consulting 02 6258 8185 michael.lightfoot@canb.auug.org.au
> Amazingly, I was just discussing this very thing two minutes ago! > > Did you see my message posted yesterday outlining this very problem and how > I solved it?I only subscribed -one- minute ago, so no. After recieving your email, I skipped to the list archive and looked it up, though, and it doesn't look like it's relevant to whatever my problem is.> 1. you haven't followed the instructions at: > > http://samba.mirror.aarnet.edu.au/samba/docs/Samba-HOWTO-Collection.html#DOM > AIN-SECURITY > > (particularly the first paragraph.)Ah, but we have.> 2. you have upgraded Samba from an older version and need to re-add the > server to the domain as outlined in my message (subsequently I have decided > that removing it may not be necessary, but you certainly have to explicitly > add it.)Although we do already have an early version samba server, it is connected to a different domain. There are as yet no samba servers on the domain to which we are trying to add this one. And at any rate, according to the Windows sysadmin working with me on this he's added and removed the samba server from the win2k domain more than once now. +---- James Neal, System and Network Administrator ----+ +---- CECS Computing Support support@cat.pdx.edu ----+
Lightfoot.Michael
2002-Jan-17 20:34 UTC
can't get samba on solaris 8 box to join win2k domain
> I only subscribed -one- minute ago, so no. > After recieving your email, I skipped to the list archive and > looked it > up, though, and it doesn't look like it's relevant to > whatever my problem > is. >Maybe not, but your symptom is precisely what I was seeing until we removed the samba machine from the domain and then re-added it. Are you using samba 2.2.2 (the latest stable) or another version? What OS and version are you using? Is it precompiled or did you compile it yourself? What is in your private directory (where the secrets file should be created?) Was the samba machine added as a "Windows NT Workstatsion or server"? Is the PDC Win2k or NT4 and what about the other DC's (relevant to running Win2k in native or mixed mode?) BTW, I tedn't no expert in this - just got enough help from other to fix my problem and learned a great deal during the panic. :-) Michael Lightfoot SysIX Unix Systems Consulting 61 2 6258 8185 michael.lightfoot@canb.auug.org.au
Lightfoot.Michael
2002-Jan-17 21:14 UTC
can't get samba on solaris 8 box to join win2k domain
> > What OS and version are you using? > > Solaris 2.8, like the subject line says... >New spectacles have been ordered. :-)> > What is in your private directory (where the secrets file should be > > created?) > > Just the secrets file (secrets.tdb) >Hmmm. You got an error, but the secrets file was there. Not sure whether that is significant or not.> I really do appreciate you taking the time to try and help me > out, btw. I > apologize for not having answers on hand, but this is a > problem where a > lot of what I'm dealing with is in the metaphorical black > box. (It's frustrating.) >Know what you mean, and it isn't helped when the Win2k bloke has a rather high opinion of himself (arrogance of youth, BillG can do no wrong and all that.) I probably would have had my problem solved several days earlier if he had been willing to take that tiny step out of his expertise area and towards mine. Instead I had to try and enter his, not really what I wanted to have to do - I got enough Slowaris troubles to keep me busy. :-)
> >Although we do already have an early version samba server, it is connected > >to a different domain. There are as yet no samba servers on the domain to > >which we are trying to add this one. And at any rate, according to the > >Windows sysadmin working with me on this he's added and removed the samba > >server from the win2k domain more than once now. > > Did you get him to check the box allowing "non-w2k" or "earlier than w2k" > clients when he added it?Yes, he did that each time he added it. We're still at a complete loss as to why this doesn't work for us. +---- James Neal, System and Network Administrator ----+ +---- CECS Computing Support support@cat.pdx.edu ----+