[Samba] XP Client cannot join Samba3 PDC
gpalmer at lganet.com
gpalmer at lganet.com
Wed Apr 14 18:46:49 GMT 2004
Migrating a working Samba 2.2.8a Domain Controller to 3.0.2a
Using smbpasswd file
compiled using gcc 3.2.2
----------------------------------------------------------------------------
--------
Used working 2.2.8 configuration
----------------------------------------------------------------------------
--------
#authentication as PDC
workgroup = XNET
domain logons = yes
domain master = yes
preferred master = yes
security = user
password level = 8
username level = 8
smb passwd file = /usr/local/samba/lbin/smbpasswd
logon script = logon.bat
encrypt passwords = yes
----------------------------------------------------------------------------
--------
Added automation scripts
----------------------------------------------------------------------------
--------
#user group scripts
add user script=/usr/sbin/useradd -d /dev/null -g machines -c
"Machine a
ccount %u" -s /bin/false -M %u
delete user script=/usr/sbin/userdel -r %u
add group script=/usr/sbin/groupadd %g
delete group script=/usr/sbin/groupdel %g
add user to group script=/usr/sbin/usermod -G %g %u
add machine script=/usr/sbin/useradd -s /bin/false -d /dev/null %u
----------------------------------------------------------------------------
--------
Disabled the following items in the Local Security Policy
----------------------------------------------------------------------------
--------
Domain member: Digitally encrypt or sign secure channel data (Always)
domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key
----------------------------------------------------------------------------
--------
Added the following Registry Hacks
----------------------------------------------------------------------------
--------
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000000 If you still have changes, you may want
to change the following
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"sealsecurechannel"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"signsecurechannel"=dword:00000000
----------------------------------------------------------------------------
--------
Deleted existing machine entries in smbpasswd
----------------------------------------------------------------------------
--------
vi smbpasswd
delete machine user line
restart smb
----------------------------------------------------------------------------
--------
Added machine entries
----------------------------------------------------------------------------
--------
smbpasswd -a -m WORKSTATION_NAME
----------------------------------------------------------------------------
--------
SYMPTOMS
----------------------------------------------------------------------------
--------
CAN authenticate from domain members added prior to migration
CAN use shares from 95/XP/Samba using share based authentication
username/password
CAN join domain form another Samba3 box
CANNOT join domain from XP
XP client reports: Access is denied
(logged in on XP as Administrator)
Samba reports (level 10 logging): _samr_open_domain: ACCESS DENIED
Both root and nobody appear to authenticate
Logs indicate insufficient privilege to continue
Looks like it might be something on the client?? There are no warnings or
errors in any of the XP logs.
Symptoms are the same from multiple installs of XP to multiple installs of
samba
I have racked my brain for the last week and have even resorted to reading
the manual.
Thank you for any guidance in advance!
More information about the samba
mailing list