> 2) I need to figure out why I cannot simply rejoin the domain from the
workstations - the errors appear to be related to the use of the server's
root account to authorize the join, which worked fine before the big switch.
> For #2, I'm not sure I understand the mechanics of how a domain join
happens, and how the authorizing account is leveraged to do that. Is there a
decent explanation of that somewhere?
So, the server log throws an error telling me that LANMAN passwords are not
permitted for the root account. This used to work with Samba 3.5.x, and
something has obviously changed. My smb.conf specifies lanman auth = no, client
lanman auth = no, client ntlmv2 auth = yes, client plaintext auth = no. Those
settings haven't changed between the old smb.conf and the new. Domain name
is the same, the domain SID appears to be the same, testparm doesn't throw
any errors, ldap backend is the same and appears to be working.
I'm trying to rejoin a Win7 client that was previously joined, no settings
have changed on the client.
Any ideas?