[Samba] Windows XP Samba PDC Login Problems

Diego Rivera lrivera at racsa.co.cr
Tue Aug 20 10:37:00 GMT 2002 

I've read a lot of posts of people trying to get Samba to work as a PDC
for XP clients.

First, two notes:

1) XP Home edition does NOT support a PDC environment out of the box
(not aware if it can be configured to do so with additional packages,
etc...anyone?).

2) XP Professional DOES support an NT PDC environment out of the box,
albeit some measures need to be taken first.  A friend found this url on
the net which provides such instructions.  I tried this in my lab, and
it worked flawlessly.  The only observation I would make is that the
path to find the "security policy" item is a bit messed up - in the XP
version I installed, he was missing a step.  This should not be a
problem.

http://www.annoyances.org/exec/forum/winxp/r1009126072

Once these two were done, I was able to do everything (with Samba 2.2.5
as PDC): domain authentication, netlogon, roaming profiles, printer
driver upload/download, etc.

Hope this helps!

Best

Diego


On Tue, 2002-08-20 at 13:16, S C wrote:
> Thank YOu Sam.
> 
> Something is better then nothing that is for sure.
> 
> Going to take the machine out of the domain and add it back.
> Will monitor the smbpasswd  file after.  Run Diffs or something on it.
> 
> I am noticing that this is a problem that people are having and I have not
> seen anybody really step up with any answers.
> 
> Curios, any Sys Admins or people with larger networks setup up with a Samba
> PDC and Windows XP?  Are you have any problems or is everything working
> smooooothley? ;o)
> 
> Cheers and Thanks
> Sono
> 
> ----- Original Message -----
> From: "Sam Barasch" <barasch at biostat.wisc.edu>
> To: "S C" <sono at codebaby.com>
> Cc: <samba at lists.samba.org>
> Sent: Monday, August 19, 2002 10:09 PM
> Subject: Re: [Samba] Windows XP Samba PDC Login Problems
> 
> 
> > Sono,
> >
> > I have a similar experience to share - one of the system admins who works
> had
> > written a program to update smbpasswd - removing listings that were not in
> > the NIS passwd map.
> >
> > There was a file that contained the smbpasswd lines for machine accounts
> that
> > had to be added back in - after they had been deleted by the program he
> had
> > written.
> >
> > It turned out that the entry for the machine account in the smbpasswd file
> > was periodically being changed for machine accounts.  I'd guess that it
> was
> > changed about once every 28-30 days.
> >
> > The section of the line that would normally contain a user's password was
> > changed for the machine account - and when we pasted in the backup copy of
> > the machine account info, it was stale and the machine account was
> unusable.
> > We had to take the machine out of the domain and add it back in again.
> >
> > Is that your experience?  If so, watch the smbpasswd file for things that
> > could be modifying the machine account entries.
> >
> > Good luck,
> > Sam Barasch
> > Dept. of Biostatistics
> > UW Madison
> >
> > >
> > > *Getting grey hair by the minute*
> > >
> > > Hello All,
> > >     I set up a samba pdc for our office a month ago. All machines on the
> > > network are Windows XP with a few Windows 2000 clients.
> > >
> > > My Windows 2000 clients have joined the domain with out any problem. And
> are
> > > having no problems with the PDC or the domain.
> > >
> > > My Windows Xp clients have all joined the domain as well.  Though,
> sometimes
> > > after a couple of hours, a day, a week, the windows XP clients cannot
> logon
> > > seemingly out of the blue. This is not all systems. Maybe half run into
> this
> > > problem as where the other half have given me no problems what so ever.
> > >
> > > The following error I receive is:
> > >
> > > "Windows cannot connect to the domain, either because, the domain
> controller
> > > is down or otherwise unavailable, or because your computer account was
> not
> > > found.  Please try again later. If this message continues to appear
> contact
> > > your Sys Admin for help."
> > >
> > > I am using Samba Version 2.2.3a (Comes with RH 7.3)
> > > First. Yes I do have the sign or seal patch applied.  I also manually
> > > checked the registry. It has been applied to the current control set and
> all
> > > other controls sets just in case.
> > >
> > > I have made sure the following in Local Security Policy is set:
> > >   I edited or checked the following entries:
> > >  "Domain member: Digitally encrypt or sign secure channel(Disabled)"
> > >  "Domain member: Disable machine account password changes(Disabled)."
> > >  "Domain member: Require strong (Windows 2000 or later) session
> > > key(Disabled)"
> > >
> > > Other questions:
> > > Is the PDC down? NO
> > > Are there other XP and Windows 2000 clients using the PDC at present:
> Yes
> > > Do the machines have accounts? Yes
> > > Were these machines working before on the domain? Yes
> > >
> > > User accounts are located in the passwd and smbpasswd file
> > > Machine accounts are located in the passwd and smbpasswd file as well.
> > >
> > > The PDC is working.  Machines are using it.
> > >
> > > I been digging around quite a bit regarding this, and it seems like I am
> not
> > > alone.  But I have not found any answers or I have missed something very
> > > simple..or maybe complicated.
> > >
> > > Appreciate any help given
> > >
> > > Cheers and Thanks
> > > Sono
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
> ----- Original Message -----
> From: "Sam Barasch" <barasch at biostat.wisc.edu>
> To: "S C" <sono at codebaby.com>
> Cc: <samba at lists.samba.org>
> Sent: Monday, August 19, 2002 10:09 PM
> Subject: Re: [Samba] Windows XP Samba PDC Login Problems
> 
> 
> > Sono,
> >
> > I have a similar experience to share - one of the system admins who works
> had
> > written a program to update smbpasswd - removing listings that were not in
> > the NIS passwd map.
> >
> > There was a file that contained the smbpasswd lines for machine accounts
> that
> > had to be added back in - after they had been deleted by the program he
> had
> > written.
> >
> > It turned out that the entry for the machine account in the smbpasswd file
> > was periodically being changed for machine accounts.  I'd guess that it
> was
> > changed about once every 28-30 days.
> >
> > The section of the line that would normally contain a user's password was
> > changed for the machine account - and when we pasted in the backup copy of
> > the machine account info, it was stale and the machine account was
> unusable.
> > We had to take the machine out of the domain and add it back in again.
> >
> > Is that your experience?  If so, watch the smbpasswd file for things that
> > could be modifying the machine account entries.
> >
> > Good luck,
> > Sam Barasch
> > Dept. of Biostatistics
> > UW Madison
> >
> > >
> > > *Getting grey hair by the minute*
> > >
> > > Hello All,
> > >     I set up a samba pdc for our office a month ago. All machines on the
> > > network are Windows XP with a few Windows 2000 clients.
> > >
> > > My Windows 2000 clients have joined the domain with out any problem. And
> are
> > > having no problems with the PDC or the domain.
> > >
> > > My Windows Xp clients have all joined the domain as well.  Though,
> sometimes
> > > after a couple of hours, a day, a week, the windows XP clients cannot
> logon
> > > seemingly out of the blue. This is not all systems. Maybe half run into
> this
> > > problem as where the other half have given me no problems what so ever.
> > >
> > > The following error I receive is:
> > >
> > > "Windows cannot connect to the domain, either because, the domain
> controller
> > > is down or otherwise unavailable, or because your computer account was
> not
> > > found.  Please try again later. If this message continues to appear
> contact
> > > your Sys Admin for help."
> > >
> > > I am using Samba Version 2.2.3a (Comes with RH 7.3)
> > > First. Yes I do have the sign or seal patch applied.  I also manually
> > > checked the registry. It has been applied to the current control set and
> all
> > > other controls sets just in case.
> > >
> > > I have made sure the following in Local Security Policy is set:
> > >   I edited or checked the following entries:
> > >  "Domain member: Digitally encrypt or sign secure channel(Disabled)"
> > >  "Domain member: Disable machine account password changes(Disabled)."
> > >  "Domain member: Require strong (Windows 2000 or later) session
> > > key(Disabled)"
> > >
> > > Other questions:
> > > Is the PDC down? NO
> > > Are there other XP and Windows 2000 clients using the PDC at present:
> Yes
> > > Do the machines have accounts? Yes
> > > Were these machines working before on the domain? Yes
> > >
> > > User accounts are located in the passwd and smbpasswd file
> > > Machine accounts are located in the passwd and smbpasswd file as well.
> > >
> > > The PDC is working.  Machines are using it.
> > >
> > > I been digging around quite a bit regarding this, and it seems like I am
> not
> > > alone.  But I have not found any answers or I have missed something very
> > > simple..or maybe complicated.
> > >
> > > Appreciate any help given
> > >
> > > Cheers and Thanks
> > > Sono
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list