Re: Adding to Samba domain requires super-user password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



What version of samba?

Do you have the same problems with an XP machine?
Are you able to login as domain administrator on machines already in the domain? If you delete the local profile for domain administrator on a domain client, are you still able to login. By deleteing the local profile you make sure you are not logging in with cached credentials.

Can you use the smbclient command on the server to validate that your Administrator account and password is valid?

Do you have a samba account defined for your root user? that normally isn't needed, and wouldn't be in the LDAP backened.

Does pdbedit show your Administrator account?

Did this work prior to a samba upgrade. I upgrade samba versions at some point and had problems adding machines. Since I don't add new machines very often it took a while to detect and resolve this problem. Samba had trouble properly creating the LDAP attributes for the samba machine accounts.


If, when joining a domain, you get an error that the "the specified network password is not correct." Assuming the unix account for the machine exists, you may need to recreating a samba account with smbpasswd command.

#smbpasswd -x -m machinename
#smbpasswd -a -m machinename


Samba 3.5.x has trouble creating the LDAP attributes correctly. It appears to incorrectly set sambaAccountFlags as "[U]" (user) instead of "[W]" (workstation). When attempting to join a machine to the domain you may get an error that the account already exists. Use an LDAP editor to make sure sambaAccountFlags is set to "[W]." (You can used pbedit to verify the setting but not to change it to "[W].") Your PC account should have the following entries.


        type:      sambaPrimaryGroupSID
        value:    S-1-x-xx-xxxxx-xxxxx-xxxxx-515
        type:      sambaAccountFlags
        value:     [W         ]






On 03/15/12 06:03, Dermot wrote:
Hi,

Suddenly when I add a new workstation to out Samba3 (LDAP backend)
domain, I have to give the root username and password. When I set-up
the samba3 domain initially, I could use domain\admin user and their
password but that has started to give me "unknown user or bad
password". This last error is from a Windows7 machine I am currently
trying to add. I have merged the registry fix from
https://bugzilla.samba.org/attachment.cgi?id=4988&action=view.

Can someone offer me any pointers on how I can use a domain\admin
username and password to add workstations to the domain?
Thanks in advance.
Dermot.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux