Damon Cortesi's blog

Musings of an entrepreneur.

Joining Samba (2.2.3) to a Windows 2003 Domain

| Comments

smbpasswd -j DOMAIN -r PDC -U admin

This is typically the command one would use to join a Linux Samba server to a Windows domain. On a (fairly) default Windows Server 2003 PDC, this seems to fail with the following error:

Error connection to PDC Unable to join domain DOMAIN.COM

If you pass a -D 10 to smbpasswd, a couple of the error messages include:

smb_err=49152 smb_flg=136 smb_flg2=49153 failed tcon_X

Fortunately, the fix to this is pretty easy. Unfortunately, it does compromise some of the security of your Windows network. The setting in question is SMB signing, and you need to disable it here: HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters RequireSecuritySignature=0

By setting this to 0, you do open yourself to a potential man-in-the-middle attack against the SMB protocol. SmbRelay, anyone?

In any case, setting this to 0 does allow your Samba machine to join the domain.