[Samba] My Problems with XP and Samba Domain (and how I fixed it)

[John Broadhead]

I had previously posted twice concerning problems I was having. I assume
that because I didn't get any answers that perhaps no one knew what was the
matter. Now that I figured it out maybe someone else has the same problem
and I can help to fix it.

After having already applied the proper registry hacks and policy edits
required for Windows XP (This is one area of John Terpstra's PDF that could
use some clarification. Perhaps explaining exactly which registry hacks and
policy edits that are required to join XP to a domain. In fact, I feel there
should be an XP section describing all the potential problems with joining
XP to a domain. Of course, I'm using 2.2.7 so the encryption issues might be
fixed for 3). I attempted to join the machine to my domain. After being
prompted for an administrator user, I entered in my root-mapped ntadmin
user. After several seconds I got an error saying that the Domain couldn't
be found or does not exist.

After viewing an Ethereal packet trace, I figured out that because my main
machine name goldengate is the same name as the main netbios name. But
because goldengate.americanconsultants.com maps to an internet accessible
address and the netbios name goldengate maps to an internal 192.168.0.1
address. Windows XP got confused and used the external address for the last
half of its communication. This is a potential big caveat (Especially if you
use the "bind interfaces only" option. Even though it wasn't really the
problem in my case). If I had it to do over again, I would set a netbios
name different than the main machine name.

I created an LMHOSTS file on the XP machine to fix the name issue. Now when
attempting to join, the packet trace didn't have the communication with the
external IP address. BUT I still got exactly the same error message!!

My Samba machine had a really strange setup with three smb.conf files:
smb.conf smb.conf.goldengate and smb.conf.printer
smb.conf essentially just made the netbios alias printer and then included
the other two with "include = /etc/samba/smb.conf.%I".
File smb.conf.printer used share level security and set up a server with no
passwords for our printer (for network guests to use). File
smb.conf.goldengate set up our domain and was user level security.

In the packet trace there was a LookupDomain request for our domain. The
server replied back with STATUS_NO_SUCH_DOMAIN. I think this is because
somehow it was communicating with PRINTER instead of GOLDENGATE because of
confusion since they both had the same IP address. Since smb.conf.printer
had no information about our domain it replied back that there was no such
domain. Of course this is just a guess about what the problem was. Either
way, my fix was to simplify our setup and remove the included smb.conf files
and just stick with security=user over the whole thing. (Now I just need to
figure out an elegant way for our visiting accountant to print from his
laptop.)

Any comments or questions?

Thanks Samba Team for the great server tool,
-John Broadhead