Topic: Domain Logon

[David]

I have E-smith 4.1 accepting domain logons from Win95 and Win98 clients perfectly.

I am attempting to get an NT 4.0 workstation to logon in the same manner.
Every attempt to set domain from the NT workstation comes back with the error "Unable to connect to the domain controller for this Domain".

I log on locally to the NT box as "admin" with the same password.

After searching the newsgroups I still cannot find an answer specific to my problem. Have I missed the obvious? What do i need to modify on the E-smith or the workstation to allow it to log on ?

[Luuk Jansen]

This question (or something like this question)  is asked on the Devinfo.
This is the developers e-smith mailing lisit, maybe you should sing in, and ask the question there. There is someone that had the same problem, but I can't past you all the mail involving it. You better ask it your self.

You can subscribe to the Devinfo mailing list at
http://www.e-smith.org/content/developers/

Luuk

[Andreas]

For every NT workstation which should be able to logon you have to run:

/sbin/e-smith/db accounts set foo machine Comment "Machine account for foo"
/etc/e-smith/events/actions/machine-account-create machine-create foo

"foo" stands for the NetBios name with which the machine logs on!
(Thanks to Charly Brady!)
After the second command there appears an error but it works!
And don't check the "create an account on the Domain Server with the user/password combination" in the network setup of your NT Client.

This comes from the devinfo mailing list, hope it works!

[David]

Thanks Luuk & Andreas. hasn't worked for me so far. but i think you've put me on the right track. I try again and if no luck see what I can find from the mailing list.

[David]

Thanks Charlie & Andreas that worked a treat in the end.

Armed with a clear head I went through my mods in etc/e-smith/templates-custom and removed my typos. I would have never found the lines you provided.

It would be nice to see an NT workstation add remove option in the web administrator. I will make this suggestion in the wish list.

[Will Elmes]

Having what I think to be a similar problem in W2000.  I am running a small network of 2 Win98 and  2 Win2000.  The 98 boxes can join the domain with no problems.  When I attempt to join the e-smith domain with the 2000 boxes I get the following message "Your computer cannot join the domain because of the following error:   The procedure number is out of range."   I have added the machine accounts as listed in previuos messages but this seems to make no difference.  I also read about not creating an account with my client but I do not even see this as an option under W2000's "join a domain wizard."  Is this what is preventing me from joining....ie. does 2000 attempt to create an account no matter what?  

Should my passwords be encrypted or plain?

Thanks!!

Will Elmes

[Charlie Brady]

Will Elmes wrote:

> Should my passwords be encrypted or plain?

Either is fine.

Charlie

[Michael Doerner]

Will Elmes wrote:
>
> to join the e-smith domain with the 2000 boxes I get the
> following message "Your computer cannot join the domain
> because of the following error:   The procedure number is out
> of range."  

Will,
I am at the same stage here when trying to add the first Win 2000 machine to the domain (to add NT 4 workstations wasn't a problem).

The above error ".. number out of range" I got when I tried to change from the original workgroup name "workgroup" to domain name 'baypc".

At that time I had already added the machine account manually.

After changing the workgroup name to be "baypc" and restarting (it's one of those occurencies where you still have to restart Win 2000) now I try to join again.

This time from workgroup "baypc" to domain "baypc" and the error changes to be:
The credentials supplied conflict with an existing set of credentials.

I have created a local user account "admin" on the Win2000 machine with the same password as the admin account on the E-smith server and browsing as part of the workgroup I can access all shared resources.

Sorry, no real help. Just some more details from here.

Regards,
Michael Doerner

[Will Elmes]

Have done some more research and it seems the problem for Win2000 domain logons lies in Samba.  What I got from (I'm far from expert on this...) was that the current version of Samba will not allow Win2000 machines to logon because it does not support trust relationships.  I may try to get the 2.2 development release going.  Will post results.  The page I found this was at http://bioserve.latrobe.edu.au/samba/ntdomfaq.html

[Kristof Vermeire]

And what's E-smith's reply on this problem?