[Samba] XP Client cannot join Samba3 PDC

gpalmer at lganet.com gpalmer at lganet.com
Wed Apr 14 18:46:49 GMT 2004


Migrating a working Samba 2.2.8a Domain Controller to 3.0.2a
Using smbpasswd file
compiled using gcc 3.2.2

----------------------------------------------------------------------------
--------
Used working 2.2.8 configuration
----------------------------------------------------------------------------
--------
#authentication as PDC
	workgroup = XNET
	domain logons = yes
	domain master = yes
	preferred master = yes
	security = user
	password level = 8
username level = 8
smb passwd file = /usr/local/samba/lbin/smbpasswd
logon script = logon.bat
encrypt passwords = yes

----------------------------------------------------------------------------
--------
Added automation scripts 
----------------------------------------------------------------------------
--------
#user group scripts
        add user script=/usr/sbin/useradd -d /dev/null -g machines -c
"Machine a
ccount %u" -s /bin/false -M %u
        delete user script=/usr/sbin/userdel -r %u
        add group script=/usr/sbin/groupadd %g
        delete group script=/usr/sbin/groupdel %g
        add user to group script=/usr/sbin/usermod -G %g %u
        add machine script=/usr/sbin/useradd -s /bin/false -d /dev/null %u

----------------------------------------------------------------------------
--------
Disabled the following items in the Local Security Policy
----------------------------------------------------------------------------
--------
Domain member: Digitally encrypt or sign secure channel data (Always) 
domain member: Digitally encrypt secure channel data (when possible) 
Domain member: Digitally sign secure channel data (when possible) 
Domain member: Require strong (Windows 2000 or later) session key 

----------------------------------------------------------------------------
--------
Added the following Registry Hacks
----------------------------------------------------------------------------
--------
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000000 If you still have changes, you may want
to change the following
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"sealsecurechannel"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"signsecurechannel"=dword:00000000 

----------------------------------------------------------------------------
--------
Deleted existing machine entries in smbpasswd
----------------------------------------------------------------------------
--------
vi smbpasswd 
delete machine user line
restart smb

----------------------------------------------------------------------------
--------
Added machine entries 
----------------------------------------------------------------------------
--------
smbpasswd -a -m WORKSTATION_NAME


----------------------------------------------------------------------------
--------
SYMPTOMS
----------------------------------------------------------------------------
--------
CAN authenticate from domain members added prior to migration
CAN use shares from 95/XP/Samba using share based authentication
username/password
CAN join domain form another Samba3 box

CANNOT join domain from XP
XP client reports: Access is denied
(logged in on XP as Administrator)
Samba reports (level 10 logging): _samr_open_domain: ACCESS DENIED 
Both root and nobody appear to authenticate
Logs indicate insufficient privilege to continue 

Looks like it might be something on the client?? There are no warnings or
errors in any of the XP logs.

Symptoms are the same from multiple installs of XP to multiple installs of
samba

I have racked my brain for the last week and have even resorted to reading
the manual.
Thank you for any guidance in advance!



More information about the samba mailing list