[Samba] Windows XP Samba PDC Login Problems

Sam Barasch barasch at biostat.wisc.edu
Mon Aug 19 19:11:01 GMT 2002


I have a similar experience to share - one of the system admins who works had
written a program to update smbpasswd - removing listings that were not in
the NIS passwd map.

There was a file that contained the smbpasswd lines for machine accounts that
had to be added back in - after they had been deleted by the program he had

It turned out that the entry for the machine account in the smbpasswd file
was periodically being changed for machine accounts.  I'd guess that it was
changed about once every 28-30 days.  

The section of the line that would normally contain a user's password was 
changed for the machine account - and when we pasted in the backup copy of
the machine account info, it was stale and the machine account was unusable.
We had to take the machine out of the domain and add it back in again.

Is that your experience?  If so, watch the smbpasswd file for things that
could be modifying the machine account entries.

Good luck,
Sam Barasch
Dept. of Biostatistics
UW Madison

> *Getting grey hair by the minute*
> Hello All,
>     I set up a samba pdc for our office a month ago. All machines on the
> network are Windows XP with a few Windows 2000 clients.
> My Windows 2000 clients have joined the domain with out any problem. And are
> having no problems with the PDC or the domain.
> My Windows Xp clients have all joined the domain as well.  Though, sometimes
> after a couple of hours, a day, a week, the windows XP clients cannot logon
> seemingly out of the blue. This is not all systems. Maybe half run into this
> problem as where the other half have given me no problems what so ever.
> The following error I receive is:
> "Windows cannot connect to the domain, either because, the domain controller
> is down or otherwise unavailable, or because your computer account was not
> found.  Please try again later. If this message continues to appear contact
> your Sys Admin for help."
> I am using Samba Version 2.2.3a (Comes with RH 7.3)
> First. Yes I do have the sign or seal patch applied.  I also manually
> checked the registry. It has been applied to the current control set and all
> other controls sets just in case.
> I have made sure the following in Local Security Policy is set:
>   I edited or checked the following entries:
>  "Domain member: Digitally encrypt or sign secure channel(Disabled)"
>  "Domain member: Disable machine account password changes(Disabled)."
>  "Domain member: Require strong (Windows 2000 or later) session
> key(Disabled)"
> Other questions:
> Is the PDC down? NO
> Are there other XP and Windows 2000 clients using the PDC at present: Yes
> Do the machines have accounts? Yes
> Were these machines working before on the domain? Yes
> User accounts are located in the passwd and smbpasswd file
> Machine accounts are located in the passwd and smbpasswd file as well.
> The PDC is working.  Machines are using it.
> I been digging around quite a bit regarding this, and it seems like I am not
> alone.  But I have not found any answers or I have missed something very
> simple..or maybe complicated.
> Appreciate any help given
> Cheers and Thanks
> Sono
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list