[Samba] WinXP and Samba PDC Auth Problem

Aaron Smith aaron at pandora-net.com
Mon Dec 6 15:13:45 GMT 2004 

Some further information.  If I go on to the XP machine, and
pull up the Security and Sharing information for the
Documents and Settings directory for my domain user, instead
of seeing the normal blue user icon and a name like DOMAIN\user
I see a greyed out icon with a red question mark and then the
SID for my domain user account.  If I try to Add a user, and tell
XP to list all available objects, I get a list of all the various
users and groups so it *CAN* read the information from the
Samba server.  Curiouser and curiouser...

-----------------------------------------------------------------
Aaron Smith             		vox: 269.226.9550 ext.26
Network Director        		fax: 269.349.9076 
Nexcerpt, Inc.          		http://www.nexcerpt.com

 	...Nexcerpt... Extend Your Expertise

On Sun, 5 Dec 2004, Aaron Smith wrote:

> 	I have been running a Samba PDC with Samba version 3.0.0
> on Redhat 7.3 for quite some time.  My WinXP Pro SP2 system is part
> of the domain and everything has been working just peachy.  And then,
> of course, I had to tinker with it.
> 	I upgraded the linux box to Whitebox Linux 3.0, a derivative
> of Redhat Enterprise Linux 3.0.  It comes with Samba 3.0.7.  After
> installing and updating everything, I brought over the entire contects
> of my /etc/samba directory and loaded a previously saved LDIF file for
> my LDAP server (which samba authenticates to).  No changes were made in
> any of these files and no changes were made on the WinXP box.  If I
> do an "smbclient -L <linux-box-name>" it prompts me for a password, which
> is accepted, and a list of shares is presented.  If I do the same thing
> using the WinXp's name, I get:
>
> session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
>
> If I attempt to log in with a domain account on the XP box, I get a dialog 
> box that says:
> "Windows could not connect to the domain, either because the domain 
> controller is down, of otherwise unavailable, or because your computer
> account was not found."
>
> I *AM* able to remove the XP machine from the domain and re-add it without
> incident.  Or at least, I get the "Welcome to the PANDORANET Domain" message 
> when adding it so I'm assuming the kali$ machine account is being properly 
> found.
>
> I suspect that this has something to do with the schannel settings.  Samba 
> reports that all 4 settings are currently set to "Auto" which seems to be the 
> ideal setting.  The first thing I tried was the registry change for 
> signorseal to 0, but that had no affect.  Currently, under the Local Security 
> settings, I have for what I believe are the pertinent settings:
>
> Domain member: Digitally encrypt or sign secure channel data (always): 
> Enabled
>
> Domain member: Digitally encrypt secure channel data (when possible): Enabled
>
> Domain member: Digitally sign secure channel data (when possible): Enabled
>
> Microsoft Network Client:  Digitally sign communications (always): Disabled
>
> Microsoft Network Client:  Digitally sign communications (if server agrees): 
> Enabled
>
> Microsoft Network Server: Digitally sign communications (always): Disabled
> Microsoft Network Server: Digitally sign communications (if server agrees): 
> Enabled
>
>
> Anyone have any ideas?  I've been tearing my hair out over this all weekend!
>
> -----------------------------------------------------------------
> Aaron Smith             		vox: 269.226.9550 ext.26
> Network Director        		fax: 269.349.9076 Nexcerpt, Inc. 
> http://www.nexcerpt.com
>
> 	...Nexcerpt... Extend Your Expertise
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list