[Top] [All Lists]

Re: [Samba] Why not using the windows configuration wizard (joining a do

Subject: Re: [Samba] Why not using the windows configuration wizard (joining a domain) with Samba-3?
From: Eric Roseme
Date: Tue, 13 Dec 2005 09:03:35 -0800
John H Terpstra wrote:

On Monday 12 December 2005 02:22, Michael Billerbeck wrote:

On Monday 12 Decemver 2005 09:46, John H Terpstra wrote:
On Sunday 11 December 2005 15:51, Michael Billerbeck wrote:

in the Samba How-to I've read not to use the configuration wizard with
samba-3 when joining a domain.
Why that? Is there a problem?

Please point me at the specific reference in the HOWTO. I need to understand what causes you concern.

Please help me to understand your concern. If the documentation is
I must correct of extend it.

In chapter 8.2.2 Joining a domain: Windows 2000/XP Professional (on page
131) point 4 says:
"Click the computer name tab. [...] Clicking the Network ID button will
launch the configuration wizard. Do not use this with Samba-3."
I was asking this because I used it also with Samba-3 and I would like to
know if there are some side effects when using it or why it is explicitly

Joining through use of this tool did not work with early releases of Samba-3.
Try it. Let me know if it works now.

PS: If you try the NetworkID Wizard, and it fails, reboot the Windows PC before attempting to use the "Change" button. In the past, a failure when usign the NetworkID wizard would hose up the Windows client so that it then count not resolve the netbios name of the domain controller.

- John T.
Using the Users and Computers MMC adds the Samba computer object with a different UserAccountControl attribute value than when you use "net ads join". It used to be that the (apparent) default value of 4128 would not allow auth-n with MD5. I just tested this (W2003SP1 and 3.0.14a) and it now works with MD5. In other words, using the MMC to add the computer object, then doing a "net ads join" (Modifying Existing Object), now results in successful client auth-n - at least in this test case. I have heard the same testimony from other sources. I would still recommend adding the object with the "net ads join", and the resulting UserAccountControl attribute value of 2166784.

Eric Roseme
To unsubscribe from this list go to the following URL and read the

<Prev in Thread] Current Thread [Next in Thread>