[Samba] Can not register W2K computer (WXP and W98 without problems)

Reiner Buehl reiner at buehl.net
Wed Sep 17 18:28:45 GMT 2003


Hi,

I had the same problem and the following steps executed on the Win2K system
as Administrator did it for me:

Start the Administrative Tools (Start / Settings / Control Panel /
Administrative Tools). From there start the Local Security Policy. 
In the Local Security Policy open Local Policies and then Security Options. 
Disable the following entries: 
Domain member: Digitally encrypt or sign secure channel data (Always) 
Domain member: Digitally encrypt secure channel data (when possible) 
Domain member: Digitally sign secure channel data (when possible) 
Domain member: Require strong (Windows 2000 or later) session key 

In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
following entry: 
Computer Configuration\Administrative Templates\System\User Profiles\do not
check for user ownership of roaming profiles folders 

Best regards,
Reiner.

> -----Original Message-----
> From: samba-bounces+reiner=buehl.net at lists.samba.org 
> [mailto:samba-bounces+reiner=buehl.net at lists.samba.org] On 
> Behalf Of Ricardo Martinezgarza
> Sent: Tuesday, September 16, 2003 10:26 PM
> To: samba at lists.samba.org
> Subject: [Samba] Can not register W2K computer (WXP and W98 
> without problems)
> 
> 
> I can NOT have a W2KPro computer to reconnect to a RH9 Samba 
> PDC server
> domain after initial "registration". (I don't have any 
> problems with WXPPro)
> 
> NetBios name of the W2KPro computer: PRUEBA
> RH9 PDC Samba domain name: SAMBA
> 
> When "registering" the W2KPro computer to the domain for the 
> first time,
> everything seems to work fine (even though it takes longer 
> than usual to get
> the "Welcome to domain Samba" window). The entries in /etc/passwd,
> /etc/shadow and /etc/samba/smbpasswd get created:
> 
> prueba$:x:504:100::/dev/null:/bin/false (/etc/passwd)
> prueba$:!!:12311:0:99999:7:::  (/etc/shadow)
> prueba$:504:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyy
> yyyyyyyyyyyyyy
> y:[W         ]:LCT-3F6761AE: (/etc/samba/smbpasswd)
> 
> The Samba log (prueba.log) for the W2K computer does not report any
> problems.
> 
> After reboot, after typing a valid domain user and password, 
> I get the error
> message "The system can not initiate a session because either 
> there is no
> account for this computer in the primary domain or the 
> password for this
> account is incorrect"
> 
> To add to my perplexity, if I log into the W2KPro computer using a
> local(windows) username/password identical to a valid samba 
> account I can
> browse through the domain via the windows Network Neighborhood without
> having to supply any further username or password. I can even 
> browse through
> the Samba "home" directory (linux box) of such username/password.
> 
> I´m using the "add user script = /usr/sbin/useradd -d 
> /dev/null -g 100 -s
> /bin/false -M %u" on-the-fly method in smb.conf (which, by 
> the way, has been
> working just fine for WXPPro computers)
> 
> I've also tried manual creation of the /etc/passwd and 
> /etc/samba/smbpasswd
> entries with the same results
> 
> I've even tried modifying the W2KPro registry parameters in
> [HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Service|Netlogon|
> Parameters] as
> I did for WXPPro, no luck either.
> 
> Further yet, I´ve tried to "sniffer-debug" the unsuccessful 
> re-registration
> of the W2KPro box vs. a successful re-registration of a 
> WXPPro box and can
> not find what the problem is.
> 
> Any ideas why this is happening and what else could/should I 
> do/try ????
> 
> Thanks gals and guys !!!!
> 
> _________________________
> Ricardo Martinezgarza F.
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 





More information about the samba mailing list