John / Jim, Thanks for the feedback.
It appears that the restrictanonymous setting issue is a known one. Is there a workaround or patch for Samba that does not require the registry changes on the PDC? I would imagine network/system admins would have heartburn making registry changes in the production environment. In my case itself, making this change in the production environment to allow a Samba server to join the domain will invite a load of CRFs and questions. Any guidance would be appreciated. Regards, Ash ------Original Message----- -From: John H Terpstra [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 11:27 PM -To: 'Van Sickler, Jim' -Cc: samba@lists.samba.org, '[EMAIL PROTECTED]' -Subject: Re: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback - -Jim / Others, - -I have tried to deal with the issues raised in this email. I agree entirely -with the suggestion. I hope it has been sufficiently dealt with in my latest -update that should become visible on the Samba web servers within 24 hours. - -Please check over the changes to Section 7.3.2 and let me know if it missed -the mark. Thanks for the feedback. - -- John T. - -On Friday 15 April 2005 15:36, Van Sickler, Jim wrote: -> John, -> -> The restrictanonymous setting was the primary culprit -> in Ash's issue. I think he's using basically the same -> setup as I am; no winbind/LDAP involved. I'm thinking -> there's some initial handshaking that requires an -> anonymous connection to PDC, and it's being blocked -> if the restrictanonymous setting is too high. -> -> I sent a note to Ash (& the list) asking for the -> restrictanonymous settings on his server. They -> were 2 (no join) and 0 (successful join). His -> admin has changed it back to 2 now that the -> Samba server is a member server. The setting -> is dynamic; no NT4 server reboot is required. -> Can this be added to Chap 7 as a note for section 7.3.2.3? -> -> In the case of using "net rpc join -U administrator%xxxxxx" -> his result was "Unable to find a suitable server" -> which indicate Samba wasn't finding the PDC. -> -> In the case of using -> net rpc join -S NT4SERVER -U administrator -> net rpc join -S NT4SERVER -U administrator%'xxxxxxxx' -> net rpc join -W MYWORKGROUP -U administrator -> net rpc join -W MYWORKGROUP -U administrator%'xxxxxxxx' -> his results were "Unable to join domain <domain>" -> which indicate a connection to the PDC. -> -> He had the PDC entry in smb.conf and /etc/lmhosts, -> so I think the syntax for the example in the -> Guide should be revised to "net join rpc -S PDC -U root%not24get" -> (which are %not24et on pgs 241/242 in the current Guide) -> to aid in first-try success. -> -> Section 7.3.2 might be broken into 2 sections: -> -> 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers -> Detailing use of the /etc/samba/smbusers file for *nix/Domain users -> Incorporate the current Item 3 for joining the domain -> Using net rpc info/net rpc testjoin to validate membership -> This is for OS that support Samba but don't support Winbind -> -> 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind -> Containing the current 7.3.2 contents -> -> -> That's all for now... -> Jim Van Sickler -> Network Administrator -> Kaman Aerospace Corp - --- -John H Terpstra -Samba-Team Member -Phone: +1 (650) 580-8668 - -Author: -The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 -Samba-3 by Example, ISBN: 0131472216 -Hardening Linux, ISBN: 0072254971 -Other books in production. - - - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
