This week for a some reason almost all of our Samba 2.2.7 AIX servers stopped working. We have domain with 2003R2 domain controllers and for some reason all our attempts to join these Samba servers to the domain gave us:
server:/> smbpasswd -j SCC_NT -U Administrator Passowrd: Error connecting to DC - NT_STATUS_ACCESS_DENIED Unable to join domain DOMAIN
After couple of fights with our System Engineering department and intensive googling I’ve found a solution. Original post could be found here:
http://lists.samba.org/archive/samba/2003-May/066356.html
I just changed registry value on one of our domain controllers and specify it the smbpasswd command:
server:/> smbpasswd -j SCC_NT -U Administrator -r DC2 Password: Joined domain DOMAIN.
Hooray! Our engineers promised me to upgrade Samba to 3.0 there soon (this is another solution for this problem), but on AIX 5.1 for some reason Samba 3.0 doesn’t work properly.
Here is the mirror of this great knowledge from the link above :)
> So, W2K doesn’t need SMB-packets signatures and we have no problems, but we
> want it to work with Windows 2003. What’s the difference between Windows 2000
> and Windows 2003 when it comes to security signatures of SMB-packets?By default, a Windows Server 2003 requires signature of SMB packets (at least, a Windows Server 2003 DC).
> Can we disable signatures in Windows 2003 Server or do we have to make
> some changes in Red Hat/Samba? Is ther another way to get around this
> problem?Yes, you can look for the following security option
Microsoft network server: Digitally sign commnunications (always) :
and set it to Disabled, instead of Enabled.
This security option modifies the following registry value:
Key: HKLM\SYSTEM\CCS\Service\lanmanserver\parameters\
Value: RequireSecuritySignature
Content: 0 to disable, 1 to enableIf you don’t want to reboot after that change, you can stop the srv.sys driver and services that depend on it using the following command:
C:\>net stop srv
Then, you can restart it, as well as the services that depend on it (in particular, netlogon)
C:\>net start srv
Jean-Baptiste Marchand
UPDATE: It is important to remove old record about host from AD.