[Samba] problem authenticating win xp machine

Ed Holden eholden at mclean.harvard.edu
Thu Nov 13 15:00:51 GMT 2003 

David,

Thanks for the info.  While XP is currently absent from the domain I'll 
hold on to this and give it a try next time it comes up.  Perhaps the 
problem was related to the multiple subnets we (temprarily) have on our 
network - I had fixed this by using an Lmhosts file on the XP machine 
and using the nbtstat command to reset the machine.

Thanks again,
Ed

David Bronson wrote:

> Ed,
> 
> We are successfully using hundreds XP's in various stages of updates with Samba
> 3.0 and ldap. 
> 
> Here are some notes that made my life more pleasant. These were
> sent to me by someone else on the list.
> 
> I generally got a "Procedure Number is out of range" error on the XP
> client.
> 
> 
> I eventually figured out what was causing my problems.  I had applied 3 
> registry changes to the XP box:
> 
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal 
> = 0
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\signsecurechannel 
> = 0
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel 
> = 0
> 
> I had seen these referenced on the samba list by people who had had
> success so 
> I appled them as well.
> 
> Turns out, the last 2 (signsecurechannel and sealsecurechannel) were my 
> problem I set them back to their original values of 1 and things began
> to work.
> 
> Hope that helps,
> 
> David Bronson
> Network Admin
> http://linux.alsanet.us
> 
> 
> On Wed, Nov 12, 2003 at 06:27:19PM -0500, Ed Holden wrote:
> 
>>There definitely is something odd with XP.  I was able to join an XP 
>>client to my organization's Samba 2.2.x domain, but had problems 
>>thereafter.  The signorseal patch was installed, and I tried other 
>>tweaks as well.  I suspect that installing Service Pack 1 or a patch 
>>might have "broken" it - have you tried this on an unpatched XP 
>>installation?  Dangerous as this is, I'd be interested to know if anyone 
>>has compared using virgin XP with patched XP on a Samba domain.
>>
>>Ultimately I fixed this problem by upgrading the XP client to Windows 
>>2000.  Hate to say it, but if you find yourself investing a lot of time 
>>in tweaking XP your best option might be a rollback, since 2000 seems to 
>>cause the least problems, but supports basically the same software and 
>>hardware as XP.
>>
>>:: Ed Holden
>>:: Administrator, Research Information Systems
>>:: McLean Hospital
>>
>>George Farris wrote:
>>
>>>This seems quite common.  I have an associate that can join the machine
>>>to the domain but can't login with XP.  Window 200 works fine and yes
>>>all the registry patches are in.
>>>
>>>I suggest there might be something screwy with 3.0.0. and XP.
>>>
>>>
>>>On Wed, 2003-11-12 at 05:52, kyle wrote:
>>>
>>>
>>>>On Wed, 12 Nov 2003 15:08:07 +0200
>>>>Bart Bekker wrote:
>>>>
>>>>
>>>>
>>>>>Sounds like a typical misstake; did you apply the signorseal patch in 
>>>>>the windows xp registry?
>>>>>
>>>>
>>>>>from the how-to I quote:
>>>>
>>>>>To join a Samba Domain, you will need to first make the following 
>>>>>changes to your registry and reboot:
>>>>>
>>>>>  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parame
>>>>>  ters]
>>>>>
>>>>>  "requiresignorseal"=dword:00000000
>>>>>  "signsecurechannel"=dword:00000000
>>>>
>>>>yep, already did this... :-)
>>>>
>>>>I am successfully welcome on the domain when I change form workgroup
>>>>(previous setting) to the domain Domaula (using the root account).
>>>>
>>>>The odd thing is I get this error :
>>>>
>>>>[2003/11/12 12:41:25, 2] auth/auth.c:check_ntlm_password(309)
>>>>check_ntlm_password:  Authentication for user [] -> [] FAILED with error
>>>>NT_STATUS_NO_SUCH_USER
>>>>
>>>>there should be an user name on "Authentication for user [FOO]", shouldn't
>>>>it? :-)
>>>>
>>>>
>>>>
>>>>(Bart, watch out that you answered me directly, and did not include the
>>>>samba list :-) tnx! )
>>>>
>>>>
>>>>
>>>>-- 
>>>>Window$ Macht Frei!
>>
>>
>>
>>Any information, including protected health information (PHI), transmitted
>>in this email is intended only for the person or entity to which it is
>>addressed and may contain information that is privileged, confidential and 
>>or
>>exempt from disclosure under applicable Federal or State law. Any review,
>>retransmission, dissemination or other use of or taking of any action in
>>reliance upon, protected health information (PHI) by persons or entities 
>>other
>>than the intended recipient is prohibited. If you received this email in 
>>error,
>>please contact the sender and delete the material from any computer.
> 
> 
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba



Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.

More information about the samba mailing list