Unable to join Win2k Pro SP2 to Samba 2.2.2 PDC

security at zule.ne.mediaone.net security at zule.ne.mediaone.net
Wed Jan 9 07:00:19 GMT 2002 

ok.. Now I added the following entry into the [GLOBAL] section of my
smb.conf:

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u

After this I deleted the machine account (ACTON$) from both the
/etc/passwd file and the smbpasswd file. I then sent a SIGHUP to smbd.
Now there is no entry found anywhere for the win2k machine that I would
like to
add.. So at this point I assume that when I attempt to change the domain
on the win2k machine, it will prompt me for the root password,  I will
enter it and the machine should be added to the domain.. Now I tried this
exact scenario and I still receive the same error, as well as see the same 
Netlogon command 15 on a sniffer trace..

On 9 Jan 2002, Kohei Yoshida wrote:

> On Wed, 2002-01-09 at 09:00, security at zule.ne.mediaone.net wrote:
> > Thanks,
> > 	As far as the add user script is concerned, I had not gotten
> > the point of impelementing that yet. In the mean time I just manually add
> > users using the "useradd" command and then execute the command:
> > smbpasswd -a "username"
> > smbpasswd -e "username"
> 
> Unfortunately there is no other way to join win2k without using "add
> user script".  So you need to go ahead and implement it.  Just to
> clarify, "add user script" is for adding *machine accounts*, not for
> adding ordinary *users* (I know it's a bit confusing).  For adding
> users, your method is the way to go.
> 
> > 	Here is the root entry in the smbpasswd file, I just did not send
> > it with the original post:
> > 
> > root:0:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U
> > ]:LCT-3C3A1FE6:root,,,
> 
> Oh, Okay.  Looks good to me.
> 
> > Thanks again,
> > -Mark
> > On 9 Jan 2002, Kohei Yoshida wrote:
> > 
> > > On Wed, 2002-01-09 at 08:31, security at zule.ne.mediaone.net wrote:
> > > > Hello,
> > > > 	I have Samba 2.2.2 running on RedHat 7.1 acting as a PDC. I have
> > > > successfully joined Win98 as well as NT4.0 stations into this domain but
> > > > have been unable join any w2k devices. I have attempted both Pro and
> > > > Server, with and without service packs. A sniffer trace shows that
> > > > everytime the w2k machine tries to join the domain the PDC responds with
> > > > NetLogon command 15 "Station not in Domain's Computer List". The win2k
> > > > device just responds with a generic message along the lines of
> > > > incorrect password or the domain cannot be contacted. Now I have been
> > > > actively following
> > > > the mailing lists and have attempted just about every suggestion that
> > > > anyone has made in the past, but to no avail. If anyone has any
> > > > suggestions I would greatly appreciate it. 
> > > > 
> > > > Best Regards,
> > > > -Mark Persons
> > > 
> > > I found at least two things that are lacking here.  One is "add user
> > > script" parameter in your global section, and a password entry for root
> > > in your smbpasswd file (the password doesn't have to match the one in
> > > /etc/passwd).  IIRC these two things are not necessary to have Win9x/ME
> > > or WinNt clients, but you need them for win2k clients.  In other words,
> > > you can't manually create machine accounts for win2k.
> > > 
> > > For details go to
> > > 
> > > http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html#SAMBA-PDC
> > > 
> > > and look under section 8.4.2.
> > > 
> > > Kohei
> > > 
> > > > # Global parameters
> > > > [global]
> > > >         workgroup = XX
> > > >         netbios name = kane
> > > >         wins server = 172.16.200.203
> > > > #       wins server = 172.16.200.208
> > > >         interfaces = 172.16.200.203 127.0.0.1
> > > >         bind interfaces only = yes
> > > >         preferred master = yes
> > > >         domain master = yes
> > > >         local master = yes
> > > > #       OS Level = 34
> > > >         OS Level = 64
> > > >        # remote announce = zeus
> > > >         server string = Unix SMB Server on %h v%v
> > > >         security = USER
> > > >        # password server = apollo
> > > >         encrypt passwords = yes
> > > >         password level = 2
> > > >         max log size = 100
> > > >         dns proxy = No
> > > >         restrict anonymous = no
> > > >         name resolve order = lmhosts wins host bcast
> > > >         create mask = 0777
> > > >         force directory mode = 0777
> > > >         locking = yes
> > > >         log level = 2
> > > >         log file = /var/log/samba/samba.log.%m
> > > >         domain admin group = @wheel
> > > >         domain logons = yes
> > > > # These are the things I added from Dejanews
> > > > #       max xmit = 65535
> > > > #       strict sync = no
> > > > #       strict locking = no
> > > > #       hide files = no
> > > > #       read raw = yes
> > > > #       write raw = yes
> > > > #       oplocks = yes
> > > > #       dead time = 15
> > > >         status = yes
> > > > 
> > > > 
> > > >         socket options = TCP_NODELAY IPTOS_LOWDELAY
> > > >         ; Security and file integrity related options
> > > >         ;       Strict locking is available for paranoid locking
> > > > situations only
> > > >         ;        enabling this severely degrades read / write performance.
> > > >         ;       strict locking = yes
> > > >         ;       fake oplocks = yes
> > > >         #share modes = yes
> > > >         #veto files = /lost*/
> > > >         #local master = no
> > > > 
> > > > [netlogon]
> > > >         path=/usr/local/samba/lib/netlogon
> > > >         writeable = no
> > > >         write list = ntadmin
> > > > 
> > > > #
> > > > # This is for automounted home dir's to appear in explorer windows
> > > > #        homedir map = auto.home
> > > > #        NIS homedir = yes
> > > > [homes]
> > > > comment = Home Directories
> > > > read only = No
> > > > browseable = No
> > > > 
> > > > #########################################################################################
> > > > smbpasswd file:
> > > > 
> > > > 
> > > > PC16$:602:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
> > > > ]:LCT-00000000:PC16 PDCacct.
> > > > NT1$:606:5AA6327063FA3C030040A3697CF771AB:5AA6327063FA3C030040A3697CF771AB:[W
> > > > ]:LCT-3C027E47:
> > > > PEPSI$:608:6FD92534BFEC8274AAD3B435B51404EE:6FC5929356B92633861B4610B93BDF61:[W
> > > > ]:LCT-3C02A4A7:
> > > > WPI1$:611:1AA2440BF558D6DB6B04BED96CEF7A9A:1AA2440BF558D6DB6B04BED96CEF7A9A:[W
> > > > ]:LCT-3C0C030F:
> > > > mark123456789123456789:613:36F821466A974D4DAAD3B435B51404EE:E95F5EE42AB18DC4D888C0E01185EDDF:[UX
> > > > ]:LCT-3C1693D2:
> > > > NT8$:615:AD8B1B2EBCC270E14BBF4C76B543B521:AD8B1B2EBCC270E14BBF4C76B543B521:[W
> > > > ]:LCT-3C17B697:
> > > > NT4$:616:E756DE8A52AB0E43A2C5E4312B855720:E756DE8A52AB0E43A2C5E4312B855720:[W
> > > > ]:LCT-3C17B682:
> > > > test1:617:E88D94D6EBD10FC7AAD3B435B51404EE:AACD12D27C87CAC8FC0B8538AED6F058:[UX
> > > > ]:LCT-3C18CE62:
> > > > NAS1$:621:CDB971CFC905E273B8AE461DCB9ABAB3:CDB971CFC905E273B8AE461DCB9ABAB3:[W
> > > > ]:LCT-3C3A2631:
> > > > NAS3$:622:78F0B678048D3E85945A9FB83D0882C9:78F0B678048D3E85945A9FB83D0882C9:[W
> > > > ]:LCT-3C3A2B6B:
> > > > NAS2$:623:4A6C776B39FDD6B42B5C67ABC85AAE9C:4A6C776B39FDD6B42B5C67ABC85AAE9C:[W
> > > > ]:LCT-3C3A1E4C:
> > > > test2:624:E3FDADCB358C2967AAD3B435B51404EE:0E8231621F574D3636255FF36DD86C9C:[UX
> > > > ]:LCT-3C3A1FFB:
> > > > test3:625:3DB7B914FAE75EC0AAD3B435B51404EE:ED78E4BEE2001D143286284067C3BE3F:[UX
> > > > ]:LCT-3C3A299D:
> > > > ACTON$:626:83E65F76765BC107AAD3B435B51404EE:5C0598D154404189430AECE40C351C50:[W
> > > > ]:LCT-00000000:
> > > > 
> > > > 
> > > > 
> > > > -- 
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > > > 
> > > 
> > > 
> > 
> > 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list