On Wed, 2007-01-24 at 17:09 +0100, sermodi wrote: > Andrew Bartlett skrev: > > On Tue, 2007-01-23 at 17:50 +0000, Cardon Denis wrote: > > > >> Hi sermodi, > >> > >>> I'm having a problem adding a W2K workstaion to the domain samba+ldap. > >>> I can > >>> add it by logging with the local administartor then add to domain, but I > >>> would like to do it without doing it manually on every workstation. Have > >>> hundrads of workstations, I tried to add them by using smbldap scripts > >>> and I > >>> get an entry for the workstation but it still don't work. Is it even > >>> possible to only add a trust account on the PDC or do I have to do it > >>> from > >>> the windows client? > >>> > >> adding a workstation throught the windows "join a domain" gui does some > >> configuration change on the host computer. Modifying is not enough, in > >> any case you'll have to do a few thing on the windows box. However there > >> a few command line tools available from MS for joining a domain, so you > >> can write a small script to add the boxes. > >> > > > > There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent > > enough time to figure out the crypto. The 524 byte password buffer > > looks like one of the existing uses of this kind of buffer (like SAMR), > > but that didn't apparently work. > > > > Andrew Bartlett > > > > > Thanks for the reply. > About the client modification, on an existing (by existing I mean a > workstaion that have been trusted previously on another PDC, a NT4) the > client has already a password configured to the domain, the domain name > is the same and a net vampire have been done on the NT4. So what is the > different between the challenge made to NT4 and the one made to to the > new samba PDC?
The whole purpose of the vampire process is that you should not have to rejoin machines. If you are forced to rejoin a machine when vampiring NT4, then it's a bug. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
