Joining Samba (2.2.3) to a Windows 2003 Domain
smbpasswd -j DOMAIN -r PDC -U admin
This is typically the command one would use to join a Linux Samba server to a Windows domain. On a (fairly) default Windows Server 2003 PDC, this seems to fail with the following error:
Error connection to PDC
Unable to join domain DOMAIN.COM
If you pass a -D 10 to smbpasswd, a couple of the error messages include:
smb_err=49152
smb_flg=136
smb_flg2=49153
failed tcon_X
Fortunately, the fix to this is pretty easy. Unfortunately, it does compromise some of the security of your Windows network. The setting in question is SMB signing, and you need to disable it here:
HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
RequireSecuritySignature=0
By setting this to 0, you do open yourself to a potential man-in-the-middle attack against the SMB protocol. SmbRelay, anyone?
In any case, setting this to 0 does allow your Samba machine to join the domain.
6 Comments so far
Leave a comment
Sigh… where are the interesting conversations of old? Samba, Samba, Samba… Our cousin Sam is hopping on a train tomorrow and will be passing through Chicago. Will you be around?
By Big Sison 10.30.03 3:47 pm
*is likewise bored*
By cia.on 10.30.03 7:05 pm
YAWN………..
By Mary-Margareton 11.01.03 4:57 pm
I thought it was quite interesting and informative!
By pjciiion 11.02.03 10:33 pm
Excellent! No more island samba servers! Thanks for your help! Very informative and interesting. Don’t let family peer pressure stop you from impacting the world!
By rnaston 04.11.05 11:38 am
Samba and Windows 2003 are the critical issues of the day! Why aren’t they covered on RocketBoom?
By Mike D.on 04.11.05 5:39 pm
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>