[Samba] WinXP and Samba PDC Auth Problem
Aaron Smith
aaron at pandora-net.com
Mon Dec 6 00:28:49 GMT 2004
I have been running a Samba PDC with Samba version 3.0.0
on Redhat 7.3 for quite some time. My WinXP Pro SP2 system is part
of the domain and everything has been working just peachy. And then,
of course, I had to tinker with it.
I upgraded the linux box to Whitebox Linux 3.0, a derivative
of Redhat Enterprise Linux 3.0. It comes with Samba 3.0.7. After
installing and updating everything, I brought over the entire contects
of my /etc/samba directory and loaded a previously saved LDIF file for
my LDAP server (which samba authenticates to). No changes were made in
any of these files and no changes were made on the WinXP box. If I
do an "smbclient -L <linux-box-name>" it prompts me for a password, which
is accepted, and a list of shares is presented. If I do the same thing
using the WinXp's name, I get:
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
If I attempt to log in with a domain account on the XP box, I get a dialog
box that says:
"Windows could not connect to the domain, either because the domain
controller is down, of otherwise unavailable, or because your computer
account was not found."
I *AM* able to remove the XP machine from the domain and re-add it without
incident. Or at least, I get the "Welcome to the PANDORANET Domain"
message when adding it so I'm assuming the kali$ machine account is being
properly found.
I suspect that this has something to do with the schannel settings. Samba
reports that all 4 settings are currently set to "Auto" which seems to be
the ideal setting. The first thing I tried was the registry change for
signorseal to 0, but that had no affect. Currently, under the Local
Security settings, I have for what I believe are the pertinent settings:
Domain member: Digitally encrypt or sign secure channel data (always):
Enabled
Domain member: Digitally encrypt secure channel data (when possible):
Enabled
Domain member: Digitally sign secure channel data (when possible): Enabled
Microsoft Network Client: Digitally sign communications (always):
Disabled
Microsoft Network Client: Digitally sign communications (if server
agrees): Enabled
Microsoft Network Server: Digitally sign communications (always): Disabled
Microsoft Network Server: Digitally sign communications (if server
agrees): Enabled
Anyone have any ideas? I've been tearing my hair out over this all
weekend!
-----------------------------------------------------------------
Aaron Smith vox: 269.226.9550 ext.26
Network Director fax: 269.349.9076
Nexcerpt, Inc. http://www.nexcerpt.com
...Nexcerpt... Extend Your Expertise
More information about the samba
mailing list