Hello Everyone, I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. I've compiled and configured all the required code.. and all works so far. I can do a kinit username@domain.name and get a ticket from the AD server... Samba's smbd and nmbd run, winbind complains about credentials..... Here's my issue. I don't have any control over the AD server. We have a 3rd party IT support group. And I'm not sure they are adding the samba server in the AD tree correctly.... My problem is, our 3rd party IT guys said he added my machine to the ad domain, but, I can't join, nor is the machine searchable through MS networking, so, I don't think he added it right. My question is: Is there any way to join an AD domain without having to know the administrators password? If so, how? Thanks!!! ...Joe
On Tue, 2004-08-03 at 18:19, Joseph.Gaude@gd-ais.com wrote:> Hello Everyone, > I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. > > I've compiled and configured all the required code.. and all works so far. I > can do a kinit username@domain.name and get a ticket from the AD server... > Samba's smbd and nmbd run, winbind complains about credentials..... > > Here's my issue. I don't have any control over the AD server. We have a 3rd > party IT support group. And I'm not sure they are adding the samba server in > the AD tree correctly.... My problem is, our 3rd party IT guys said he added > my machine to the ad domain, but, I can't join, nor is the machine > searchable through MS networking, so, I don't think he added it right. > > My question is: Is there any way to join an AD domain without having to know > the administrators password? If so, how?You have to either do a "net ads join "Computers" -Sserver" once you get Kerberos setup properly, or you have to use key.tabs This is how it has to be done on the Microsoft side. http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Then you just have to follow up and configure samba to use the key.tab -- greg, greg@gregfolkert.net The technology that is Stronger, better, faster: Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040803/21d9ef18/attachment.bin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joseph.Gaude@gd-ais.com wrote: | Hello Everyone, | I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. | | I've compiled and configured all the required code.. and all works so far. I | can do a kinit username@domain.name and get a ticket from the AD server... | Samba's smbd and nmbd run, winbind complains about credentials..... | | Here's my issue. I don't have any control over the AD server. We have a 3rd | party IT support group. And I'm not sure they are adding the samba server in | the AD tree correctly.... My problem is, our 3rd party IT guys said he added | my machine to the ad domain, but, I can't join, nor is the machine | searchable through MS networking, so, I don't think he added it right. | | My question is: Is there any way to join an AD domain without | having to know the administrators password? If so, how? I've got a bug report in the net command when joining a domain and using a non-default ou for storing the computer accounts? Does this description fit ? If so I can send you a workaround. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBFaFuIR7qMdg1EfYRAlE0AKCZ5MBQBl9rpzJLadVUudWLIp3nsACghlSc Gi35rAcf222HuB38Wdzsu9M=U/cP -----END PGP SIGNATURE-----