HPE Community
Operating System - HP-UX
1833005 Members
3327 Online
110048 Solutions
New Discussion

Samba: How to check if Domain Menbership is intact?

 
Alzhy
Honored Contributor

‎12-14-2005 06:31 AM

‎12-14-2005 06:31 AM

Samba: How to check if Domain Menbership is intact?

Server used to be a domain member via security=domain. After tests, the Samba service was changed to security=user. (Nothing was dne on the Domain head to remove the machine account). Then the service was once more resumed with security=domain. A join now fails (net rpc join ...). "net rpc testjoiin" says join is ok.

1. How do I check from UNIX if my Samba service at this point is still a true domain member.

2. Will a rejoin neccessitate a refresh of the machine account and a join needed once more?

Thanks!
Hakuna Matata.
0 Kudos
Reply
4 REPLIES 4
eric roseme
Respected Contributor

‎12-14-2005 06:46 AM

‎12-14-2005 06:46 AM

Re: Samba: How to check if Domain Menbership is intact?

Hi Nelson,

You already have a computer object on the domain. That object has a matching SID to the one stored in your secrets.tdb. So you cannot re-join the domain unless you delete the existing computer object and add it back.

You can do a "net rpc testjoin" and/or "net rpc info" and those should indicate if your current config is okay. If your users cannot auth-n, then you need to delete the old object and re-join.

I doubt that simply changing "security = user" would mod your secrets.tdb, but if it did, then you need to re-join.

Eric Roseme
Hewlett-Packard
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎12-14-2005 07:48 AM

‎12-14-2005 07:48 AM

Re: Samba: How to check if Domain Menbership is intact?

Samba and Windows work in mysterious ways - more then likely you will need to have a NT admin remove the machine account from Server Manager, then rejoin the domain manually from the command line on HP-UX.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-14-2005 08:12 AM

‎12-14-2005 08:12 AM

Re: Samba: How to check if Domain Menbership is intact?

Shalom Nelson aka Harley man,

1. Check the primary domain controller. Depending on which OS, the Samba machine should be listed in the machine database, at least for Windows Server 2003.

2. I don't think so, but if behavior remains strange, #2 is a viable option for fixing the problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Thomas Bianco
Honored Contributor

‎12-15-2005 02:20 AM

‎12-15-2005 02:20 AM

Re: Samba: How to check if Domain Menbership is intact?

heres the NT side:

"membership" is nothing more then having an account on the domain and trusting it for authentication. the account has a password like any other that is changed every 30 days by the DC. the exception is that the computer is allowed to log into the domain to update it's password using the last password as well.

so: if the server has been disconnected more then 60 days, then it's very likley the DC has changed the password of the computer account, and the secrets file is out of date anyways.

talk to your NT admin, have him remove the computer account from the domain, and create a new one.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.