HPE Community
Operating System - OpenVMS
1753481 Members
4599 Online
108794 Solutions
New Discussion юеВ

Re: CIFS V1.1-ECO1 and Windows Server 2008

 
SOLVED
Go to solution
Jeremy Begg
Trusted Contributor

тАО04-30-2009 07:05 PM

тАО04-30-2009 07:05 PM

Re: CIFS V1.1-ECO1 and Windows Server 2008

Further testing ...

With or without "require strongkey = yes" in SMB.CONF, the domain policy must be set as described in the KB article for CIFS to join the domain.

Once the join has been done, the domain policy can be reset to the defaults and CIFS will continue to work as a member server in the domain.

We also found that changing the "require strongkey" setting in CIFS after CIFS has joined the domain will break it: the join must be done again. (But perhaps this is expected behaviour.)

Regards,
Jeremy Begg
0 Kudos
Reply
Paul Nunez
Respected Contributor

тАО05-01-2009 05:13 AM

тАО05-01-2009 05:13 AM

Re: CIFS V1.1-ECO1 and Windows Server 2008

Hi Jeremy,

I didn't have the same problem - with the Windows Server 2008 policy disabled and with "require strongkey = yes" in smb.conf, I was able to join the domain.

Deleted the machine account from Active Directory, delete all .tdb files in samba$root:[private] and [var.locks], commented out the "require strongkey" and tried to join again - no luck:

[2009/05/01 08:59:14, 0] SAMBA$SRC:[SOURCE.UTILS]NET_RPC_JOIN.C;1:(359)
Error in domain join verification (credential setup failed): NT code 0xc0000388

Uncommented the "require strongkey = yes" line and was able to join again...

Regards,

Paul
0 Kudos
Reply
Robert Atkinson
Respected Contributor

тАО03-09-2011 03:22 AM

тАО03-09-2011 03:22 AM

Re: CIFS V1.1-ECO1 and Windows Server 2008

For what it's worth, I can confirm Paul's solution worked fine for me under CIFS v1.2 Patch 001.

Rob.
0 Kudos
Reply
Jeremy Begg
Trusted Contributor

тАО03-09-2011 03:29 AM

тАО03-09-2011 03:29 AM

Re: CIFS V1.1-ECO1 and Windows Server 2008

Thanks Robert. The customer concerned is making less use of CIFS than they used to, but they are now talking about implementing external authentication so I want to look into upgrading them to the latest CIFS. Which means your recent experience might come in handy :-)

Regards,
Jeremy Begg
0 Kudos
Reply
Paul Nunez
Respected Contributor

тАО03-09-2011 03:56 AM

тАО03-09-2011 03:56 AM

Re: CIFS V1.1-ECO1 and Windows Server 2008

Jeremy,

CIFS is not required for external authentication and doesn't provide any extauth capability (there is no
ACME module provided).

Use the ACME LDAP module to provide external authentication.

Paul
0 Kudos
Reply
Jeremy Begg
Trusted Contributor

тАО03-09-2011 02:47 PM

тАО03-09-2011 02:47 PM

Re: CIFS V1.1-ECO1 and Windows Server 2008

Paul,

Thanks for the comments. I worded my note badly. What I meant to imply was that up until recently we didn't want to upgrade CIFS because it seemed that every time we touched it, something broke. We had arrived at a patch level which solved most problems and were happy to leave it there.

Now that CIFS is less critical and the new IT manager wants to authenticate everything against the Active Directory domain, it's probably time to look at upgrading CIFS to 1.2.

Regards,
Jeremy Begg
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.