[Samba] problem authenticating win xp machine

David Bronson dbron at alsanet.us
Thu Nov 13 02:36:04 GMT 2003 

Ed,

We are successfully using hundreds XP's in various stages of updates with Samba
3.0 and ldap. 

Here are some notes that made my life more pleasant. These were
sent to me by someone else on the list.

I generally got a "Procedure Number is out of range" error on the XP
client.


I eventually figured out what was causing my problems.  I had applied 3 
registry changes to the XP box:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal 
= 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\signsecurechannel 
= 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel 
= 0

I had seen these referenced on the samba list by people who had had
success so 
I appled them as well.

Turns out, the last 2 (signsecurechannel and sealsecurechannel) were my 
problem I set them back to their original values of 1 and things began
to work.

Hope that helps,

David Bronson
Network Admin
http://linux.alsanet.us


On Wed, Nov 12, 2003 at 06:27:19PM -0500, Ed Holden wrote:
> There definitely is something odd with XP.  I was able to join an XP 
> client to my organization's Samba 2.2.x domain, but had problems 
> thereafter.  The signorseal patch was installed, and I tried other 
> tweaks as well.  I suspect that installing Service Pack 1 or a patch 
> might have "broken" it - have you tried this on an unpatched XP 
> installation?  Dangerous as this is, I'd be interested to know if anyone 
> has compared using virgin XP with patched XP on a Samba domain.
> 
> Ultimately I fixed this problem by upgrading the XP client to Windows 
> 2000.  Hate to say it, but if you find yourself investing a lot of time 
> in tweaking XP your best option might be a rollback, since 2000 seems to 
> cause the least problems, but supports basically the same software and 
> hardware as XP.
> 
> :: Ed Holden
> :: Administrator, Research Information Systems
> :: McLean Hospital
> 
> George Farris wrote:
> >This seems quite common.  I have an associate that can join the machine
> >to the domain but can't login with XP.  Window 200 works fine and yes
> >all the registry patches are in.
> >
> >I suggest there might be something screwy with 3.0.0. and XP.
> >
> >
> >On Wed, 2003-11-12 at 05:52, kyle wrote:
> >
> >>On Wed, 12 Nov 2003 15:08:07 +0200
> >>Bart Bekker wrote:
> >>
> >>
> >>>Sounds like a typical misstake; did you apply the signorseal patch in 
> >>>the windows xp registry?
> >>>
> >>>from the how-to I quote:
> >>>
> >>>To join a Samba Domain, you will need to first make the following 
> >>>changes to your registry and reboot:
> >>>
> >>>   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parame
> >>>   ters]
> >>>
> >>>   "requiresignorseal"=dword:00000000
> >>>   "signsecurechannel"=dword:00000000
> >>
> >>yep, already did this... :-)
> >>
> >>I am successfully welcome on the domain when I change form workgroup
> >>(previous setting) to the domain Domaula (using the root account).
> >>
> >>The odd thing is I get this error :
> >>
> >>[2003/11/12 12:41:25, 2] auth/auth.c:check_ntlm_password(309)
> >> check_ntlm_password:  Authentication for user [] -> [] FAILED with error
> >>NT_STATUS_NO_SUCH_USER
> >>
> >>there should be an user name on "Authentication for user [FOO]", shouldn't
> >>it? :-)
> >>
> >>
> >>
> >>(Bart, watch out that you answered me directly, and did not include the
> >>samba list :-) tnx! )
> >>
> >>
> >>
> >>-- 
> >>Window$ Macht Frei!
> 
> 
> 
> Any information, including protected health information (PHI), transmitted
> in this email is intended only for the person or entity to which it is
> addressed and may contain information that is privileged, confidential and 
> or
> exempt from disclosure under applicable Federal or State law. Any review,
> retransmission, dissemination or other use of or taking of any action in
> reliance upon, protected health information (PHI) by persons or entities 
> other
> than the intended recipient is prohibited. If you received this email in 
> error,
> please contact the sender and delete the material from any computer.

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list