Damon Cortesi's Blog

Joining Samba (2.2.3) to a Windows 2003 Domain

smbpasswd -j DOMAIN -r PDC -U admin

This is typically the command one would use to join a Linux Samba server to a Windows domain. On a (fairly) default Windows Server 2003 PDC, this seems to fail with the following error:

Error connection to PDC
Unable to join domain DOMAIN.COM

If you pass a -D 10 to smbpasswd, a couple of the error messages include:

smb_err=49152
smb_flg=136
smb_flg2=49153
failed tcon_X

Fortunately, the fix to this is pretty easy. Unfortunately, it does compromise some of the security of your Windows network. The setting in question is SMB signing, and you need to disable it here:
HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
RequireSecuritySignature=0

By setting this to 0, you do open yourself to a potential man-in-the-middle attack against the SMB protocol. SmbRelay, anyone?

In any case, setting this to 0 does allow your Samba machine to join the domain.

Continue reading » · Rating: · Written on: 10-27-03 · 6 Comments »

Joining Samba (2.2.3) to a Windows 2003 Domain

Apps I’ve Built

Contact Info

Recent Comments

Categories

Archives

Ads (Beta)