[Samba] RE: How to join a win2k-domain using Samba 2.*
On 21.Sept.2003, Ville Jutnik wrote :
> The documentation that I found regarding this issue wasn't that good
> - it didn't help me that much. Later on I managed to join the
> win2k-domain after a lot of work
I've joined many Samba 2.2.x servers to our NT4 domain, and for us it all
works just as documented in the "DOMAIN_MEMBER.html" document supplied in
the Samba source distro :
root# smbpasswd -j DOM -r DOMPDC -UAdministrator%password
or, to avoid entering the password on the command line, omit the password
part of the -U argument :
root# smbpasswd -j DOM -r DOMPDC -UAdministrator
which will cause a "password:" prompt.
> Samba 2.* doesn't support AD (3.* does though) you have to make
> sure that your PDC allows you to join the domain without using AD
> (using NT-style trust relationship). Therefore I think that the server
> has to be in something called "mixed" mode
Erm - Active Directory "mixed mode" is required if you need to have a
mixture of fully native ADS domain controllers and pre-Win2K domain
controllers, but *not* AFAIK to allow ordinary member servers to participate
in the "domain" ("tree", "forest", whatever). I'm just quoting what I've
read - we have no W2K ADS here.
However, I can well imagine that, as you describe, it's necessary to
pre-create the member server accounts in the ADS, and mark them as "Allow
pre-Windows 2000 computers to use this account". Interesting ... thanks for
the pointer.
> I was using samba-2.2.3a (debian package)
If you need the cutting-edge Samba domain-management features then I
strongly advise you don't do that - instead, use the Samba 2.2.8a Debian
package available using this apt source line :
deb http://people.debian.org/~peloy/samba/ woody main
This is the latest Samba release, packaged for Debian Woody, rather than the
functionally old Samba with security fixes applied ("backported"), that is
officially part of Woody - and should work better for people with complex
needs. It may be unofficial, but it's packaged by one of the Debian Samba
package maintainers ...
I found 2.2.8a gave us a better effect with "winbind" functionality.
> I anyone has any clue about this I would be greatfull if he/she
> could drop me a line
Sorry, I have no idea why you have to run the second "-m" smbpasswd call in
your scenario - maybe it's an ADS thing, or maybe it's a buggette in Samba
2.2.3a secure channels protocol handling ;-)
Nick Boyce
EDS, Bristol, UK
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Running smb without nmb? (Linux Suse 8.1 feature)
[sorry - bit of a belated reply - I have a bit of a backlog to read] On 23rd.Oct.2002, Linda Walsh asked : > I recently upgraded my Linux distro to SuSE 8.1 which > came w/samba 2.2.5. > > A feature of the upgrade was that it 'split' the startup > script for samba from 1 script for _smb_ & _nmb_ to 2 scripts. > > So how/why would splitting these scripts be a good thing? I can think of one good reason why a sysadmin might want to *re*start nmb without restarting smb - loss of WINS registration. For us, that happens periodically to the registration of our Samba boxen with our corporate Windows WINS servers, and I _think_ the underlying cause is that the WINS servers get rebooted. The first we notice is that calls start coming in from people who can no longer map network drives to the Sambas, or can no longer contact development webservers on the same boxes by NetBIOS name alone. A simple restart of nmb solves the problem, and restarting smb at the same time would be both unnecessary and undesirable. Nick Boyce EDS Southwest Solution Centre, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: How Samba let us down
Reading through Jeremy's eagerly awaited discourse on oplocks/share modes/locking, I read this bit : > ... if you need simultaneous > file access from a Windows and UNIX client you *must* have an > application that is written to lock records correctly on both > sides. Few applications are written like this, and even fewer > are cross platform (UNIX and Windows) so in practice this isn't > much of a problem. but my brain kept stumbling over "isn't much of a problem" (;-) surely that should say "isn't much of a solution" ? I only mention it in the interests of honing the discourse as it heads towards the docs. Cheers Nick Boyce EDS Southwest Solution Centre, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Error in joining samba server to Windows Domain
Jesse Chan asked : > I've installed samba 2.2.3a on HPUX11.0 and are currently trying to > join the samba server to our Windows Domain... I've installed the samba > package from from the binary package with winbind option However, > I encountered this error : > > load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.850 does not exist. > load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.ISO8859-1 does not exist. > Password: > Error connecting to *SMBSERVER > Unable to join domain The messages about failure to load Unicode character maps seem to be "normal" in current releases of Samba - we get them too, without apparent ill effect. I don't think they have anything to do with your domain-joining problem. You'll need to provide more info - probably your config file first, and a description of how you set things up, then a *trimmed* level 10 log of a domain-joining attempt - before anyone will be able to help you. > Nick Boyce > EDS, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
