Hello everyone,
I configured and installed samba 2.2.3a on my Red Hat 7.2 server, and I want
the server to join a domain for authentication. I have already done that
using RH 6.2 and samba 2.2.2 but now I am experiencing some difficulties.
My smb.conf file says:
[global]
workgroup = MYDOMAIN
netbios name = AMAROK
server string = Samba Server on AMAROK
interfaces = eth0
security = DOMAIN
encrypt passwords = Yes
password server = MYSERVER
When I use the command:
smbpasswd -j MyDomain
I get the following answer:
fetch_domain_sid: unable to connect to SMB server on machine MyServer. Error
was : SUCCESS - 0.
Failed to get domain SID. Unable to join domain MYDOMAIN.
I am unsure about the meaning of the error message: It says
Error was: SUCCESS.
Which I find a bit deceiving!
I can connect to my shares from my win machine because I created an entry
for myself in the smbpasswd file, giving the same password I use to
authenticate to the W2K domain, but authentication is done at the samba
server level, I want authentication from the domain controller.
Another bit of information: When I installed my RH server, I selected medium
security and that installed some ipchains rules that blocked off access to
swat. I had to rework the rules to allow me to connect to swat. Maybe there
are some other rules that prevent access to ports 137 to 139 that I have not
spotted yet.
Thanks,
Maurice
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
Oopsie, forgot to sent it to the list :)
Don't know about ipchains, but "smbpasswd -j -r MYSERVER -U
DOMAINADMINACCOUNT worked for me.
-----Original Message-----
From: Maurice GL [mailto:looking4urlp@hotmail.com]
Sent: Tuesday, April 09, 2002 11:47 AM
To: samba@lists.samba.org
Subject: [Samba] can't join a 2000 domain
Hello everyone,
I configured and installed samba 2.2.3a on my Red Hat 7.2 server, and I
want
the server to join a domain for authentication. I have already done that
using RH 6.2 and samba 2.2.2 but now I am experiencing some
difficulties.
My smb.conf file says:
[global]
workgroup = MYDOMAIN
netbios name = AMAROK
server string = Samba Server on AMAROK
interfaces = eth0
security = DOMAIN
encrypt passwords = Yes
password server = MYSERVER
When I use the command:
smbpasswd -j MyDomain
I get the following answer:
fetch_domain_sid: unable to connect to SMB server on machine MyServer.
Error
was : SUCCESS - 0.
Failed to get domain SID. Unable to join domain MYDOMAIN.
I am unsure about the meaning of the error message: It says Error was:
SUCCESS. Which I find a bit deceiving!
I can connect to my shares from my win machine because I created an
entry
for myself in the smbpasswd file, giving the same password I use to
authenticate to the W2K domain, but authentication is done at the samba
server level, I want authentication from the domain controller.
Another bit of information: When I installed my RH server, I selected
medium
security and that installed some ipchains rules that blocked off access
to
swat. I had to rework the rules to allow me to connect to swat. Maybe
there
are some other rules that prevent access to ports 137 to 139 that I have
not
spotted yet.
Thanks,
Maurice
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Thanks for your suggestion Michael, but that did not work for me. I also found out that the command: smbclient -L MYSERVER returns: Error connecting to IP_OF_MYSERVER Connection to MYSERVER failed So I am back to square 0. MGL>From: "Blanchard, Michael" <MBlanchard@grandaire.com> >To: <samba@lists.samba.org> >Subject: RE: [Samba] can't join a 2000 domain >Date: Tue, 9 Apr 2002 11:52:48 -0400 > >Oopsie, forgot to sent it to the list :) > >Don't know about ipchains, but "smbpasswd -j -r MYSERVER -U >DOMAINADMINACCOUNT worked for me. > >-----Original Message----- >From: Maurice GL [mailto:looking4urlp@hotmail.com] >Sent: Tuesday, April 09, 2002 11:47 AM >To: samba@lists.samba.org >Subject: [Samba] can't join a 2000 domain > > >Hello everyone, > >I configured and installed samba 2.2.3a on my Red Hat 7.2 server, and I >want >the server to join a domain for authentication. I have already done that > >using RH 6.2 and samba 2.2.2 but now I am experiencing some >difficulties. > >My smb.conf file says: > >[global] > workgroup = MYDOMAIN > netbios name = AMAROK > server string = Samba Server on AMAROK > interfaces = eth0 > security = DOMAIN > encrypt passwords = Yes > password server = MYSERVER > >When I use the command: > >smbpasswd -j MyDomain > >I get the following answer: > >fetch_domain_sid: unable to connect to SMB server on machine MyServer. >Error >was : SUCCESS - 0. >Failed to get domain SID. Unable to join domain MYDOMAIN. > >I am unsure about the meaning of the error message: It says Error was: >SUCCESS. Which I find a bit deceiving! > >I can connect to my shares from my win machine because I created an >entry >for myself in the smbpasswd file, giving the same password I use to >authenticate to the W2K domain, but authentication is done at the samba >server level, I want authentication from the domain controller. > >Another bit of information: When I installed my RH server, I selected >medium >security and that installed some ipchains rules that blocked off access >to >swat. I had to rework the rules to allow me to connect to swat. Maybe >there >are some other rules that prevent access to ports 137 to 139 that I have >not >spotted yet._________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Maurice, You might first make sure that your Linux server can "see" the W2K DC. You might try using ping W2KSERVER and if that fails, make sure your DNS settings are correct. I had the same error message and it seems to be saying that it can't see the server (the server name isn't resolving to the proper IP). I had that happen to me, and once I corrected the DNS problem and could ping the W2K DC, the smbpasswd -j DOM -r W2KSERVER -U W2KAUTHORIZEDUSERNAME worked like a charm. Hope this helps. Kevin Bramblett
Maurice - to rule out a firewall conflict, do service ipchains stop and then try to join the domain. If it works, then you need to modify your ipchains rules: ipchains -I input -p tcp -d 12.34.56.78 137 -j ACCEPT ipchains -I input -p udp -d 12.34.56.78 137 -j ACCEPT ipchains -I input -p tcp -d 12.34.56.78 138 -j ACCEPT ipchains -I input -p udp -d 12.34.56.78 138 -j ACCEPT ipchains -I input -p tcp -d 12.34.56.78 139 -j ACCEPT ipchains -I input -p udp -d 12.34.56.78 139 -j ACCEPT Then run service ipchains save HTH Thomas Maurice GL wrote:> Another bit of information: When I installed my RH server, I selected > medium security and that installed some ipchains rules that blocked off > access to swat. I had to rework the rules to allow me to connect to > swat. Maybe there are some other rules that prevent access to ports 137 > to 139 that I have not spotted yet.