[olug] Samba on an NT Domain

William E. Kempf williamkempf at hotmail.com
Mon Jul 29 19:01:37 UTC 2002

----- Original Message -----
From: "Phil Brutsche" <phil at brutsche.us>
To: <olug at olug.org>
Sent: Friday, July 26, 2002 8:09 PM
Subject: Re: [olug] Samba on an NT Domain

> William E. Kempf wrote:
> > Anyone know how to get a Linux box up and running under an NT PDC
> I've got a little experience with that :)
> > I've set the /etc/samba/smb.conf file to read:
> >
> > encrypt passwords = yes
> > security = domain
> > workgroup = DOMAIN_NAME
> > password server = *
> >
> > I've run the command:
> >
> > # smbpasswd -r DOMAIN_PDC -j DOMAIN_NAME
> >
> > I get the error:
> >
> > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME
> > cli_nt_setup_creds: request challenge failed
> > modify_trust_password: unable to setup the PDC credentials to
>                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > 2002/07/26 12:00:00 : change_trust_account_password: Failed to change
> > password for domain DOMAIN_NAME.
> > Unable to join domain DOMAIN_NAME.
> When you join a domain you need to specifiy a username that has the
> authority to join a machine to the domain:
> smbpasswd -r DOMAIN_PDC -j DOMAIN_NAME -U administrator

The machine name was already registered on the domain, so this wasn't
needed.  The problem was a rather stupid one.  I had one of our NT admins
helping to configure this box initially, and he changed the network
configuration so the domain was the NT domain, rather then the actual
network domain.  I thought this was wrong at the time, but let him go ahead
with it.  Switching this back to the network domain allowed the smbpasswd
command to execute with out error, and now the box is found on the NT

Now I need help with administering this box.  I'm having some difficulty
with user/password management.  The documentation can get quite confusing in
places where I *think* some options apply when the Samba box is acting as a
PDC rather then being connected to an NT PDC.  I setup smb.conf to include
the following options:

passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n *password* %n\n *updated*
unix password sync = yes

(This is on a RH 7.2 box.)

Executing smbpasswd to change a users password reports success, and an su
into that account works with the newly supplied password making me think
everything is fine with the world.  However, if I go back to the NT box and
try to logon to the domain with that user, the password has not been
changed.  By the same token, changing the password on the NT domain has no
effect on the smbpasswd or account pass word on the RH box.  Any ideas what
I've done wrong here?

The next question is whether or not there's any way to automatically add
user accounts from the NT domain.  We plan to use this box as a CVS server,
and it would be nice if any user added to the NT domain would be given
access to the CVS repository (through ssh) with out the need for adding them
to the Linux box as well.

Bill Kempf


For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org


More information about the OLUG mailing list