[Samba] Win XP Pro / Linux PDC

Art Powell art at adalante.net
Tue Jan 13 16:52:35 GMT 2004 

In XP, you have to make some changes to the security policy. On the XP
client, go to the "Control Panel" and then "Administrative Tools" and
then open the "Local Security Settings" and the open the "Local Options"
and then the "Security Options" folder. The following should be
DISABLED:

Domain Member: Digitally encrypt or sign secure channel data
Domain Member: Digitally encrypt secure data channel
Domain Member: Digitally sign secure data channel.

Reboot your machine, and it should now be able to join the domain.

This was a problem in SAMBA 2.x. Let me know if it works, I am
interested to see if it is still a problem in SAMBA 3.x (my guess is
yes, due to difference in the way XP authenticates.).

Art Powell
Adalante Network Solutions Inc.
9410-C Anderson Mill Road
Austin, TX 78729
Off: 1-512-918-2672
Cel: 1-512-633-7577
 

-----Original Message-----
From: Antony Gelberg [mailto:antony at antgel.co.uk] 
Sent: Monday, January 12, 2004 10:47 AM
To: samba at lists.samba.org
Subject: [Samba] Win XP Pro / Linux PDC

Hi all,

I'm trying to configure Samba as a PDC.  I'm running Debian Woody, hence
Samba version 3.0.0final-1.  We have no Windows servers anywhere on the
network (yay!).

I have done an smbpasswd for root, and add machine script is setup (see
attached smb.conf).  From the XP Pro workstation, when I fill in the
domain
name, log in as root, and click ok, I eventually get: "The following
error
occurred when attempting to join the domain CHHAUSMANN: access denied".

I know that something is working, because if I type in the wrong root
password, I get a different error - "unknown username or bad password".

In /var/log/samba/log.nmbd, I get things like:
[2004/01/13 00:27:24, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.0.101: code = 0x12
[2004/01/13 00:27:24, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.0.101: code = 0x7


I'm about to use the source, but can anyone give me any pointers?  I
also
looked at
<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=utf-8&threadm=2d9
47vo
q7e1rlatse397lr7sh6hosu8f6g%404ax.com&rnum=1&prev=/groups%3Fhl%3Den%26lr
%3D%
26ie%3DUTF-8%26oe%3Dutf-8%26q%3Dxp%2Bpro%2Bsamba%2Bjoin%2Bdomain%2B%2522
digi
tally%2Bencrypt%2522%26btnG%3DGoogle%2BSearch>
and followed the instructions there, but trying to join the domain as
machineadmin just returns "The user name could not be found.".

A

More information about the samba mailing list