[Samba] WinXP and Samba PDC Auth Problem
Aaron Smith
aaron at pandora-net.com
Mon Dec 6 15:13:45 GMT 2004
Some further information. If I go on to the XP machine, and
pull up the Security and Sharing information for the
Documents and Settings directory for my domain user, instead
of seeing the normal blue user icon and a name like DOMAIN\user
I see a greyed out icon with a red question mark and then the
SID for my domain user account. If I try to Add a user, and tell
XP to list all available objects, I get a list of all the various
users and groups so it *CAN* read the information from the
Samba server. Curiouser and curiouser...
-----------------------------------------------------------------
Aaron Smith vox: 269.226.9550 ext.26
Network Director fax: 269.349.9076
Nexcerpt, Inc. http://www.nexcerpt.com
...Nexcerpt... Extend Your Expertise
On Sun, 5 Dec 2004, Aaron Smith wrote:
> I have been running a Samba PDC with Samba version 3.0.0
> on Redhat 7.3 for quite some time. My WinXP Pro SP2 system is part
> of the domain and everything has been working just peachy. And then,
> of course, I had to tinker with it.
> I upgraded the linux box to Whitebox Linux 3.0, a derivative
> of Redhat Enterprise Linux 3.0. It comes with Samba 3.0.7. After
> installing and updating everything, I brought over the entire contects
> of my /etc/samba directory and loaded a previously saved LDIF file for
> my LDAP server (which samba authenticates to). No changes were made in
> any of these files and no changes were made on the WinXP box. If I
> do an "smbclient -L <linux-box-name>" it prompts me for a password, which
> is accepted, and a list of shares is presented. If I do the same thing
> using the WinXp's name, I get:
>
> session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
>
> If I attempt to log in with a domain account on the XP box, I get a dialog
> box that says:
> "Windows could not connect to the domain, either because the domain
> controller is down, of otherwise unavailable, or because your computer
> account was not found."
>
> I *AM* able to remove the XP machine from the domain and re-add it without
> incident. Or at least, I get the "Welcome to the PANDORANET Domain" message
> when adding it so I'm assuming the kali$ machine account is being properly
> found.
>
> I suspect that this has something to do with the schannel settings. Samba
> reports that all 4 settings are currently set to "Auto" which seems to be the
> ideal setting. The first thing I tried was the registry change for
> signorseal to 0, but that had no affect. Currently, under the Local Security
> settings, I have for what I believe are the pertinent settings:
>
> Domain member: Digitally encrypt or sign secure channel data (always):
> Enabled
>
> Domain member: Digitally encrypt secure channel data (when possible): Enabled
>
> Domain member: Digitally sign secure channel data (when possible): Enabled
>
> Microsoft Network Client: Digitally sign communications (always): Disabled
>
> Microsoft Network Client: Digitally sign communications (if server agrees):
> Enabled
>
> Microsoft Network Server: Digitally sign communications (always): Disabled
> Microsoft Network Server: Digitally sign communications (if server agrees):
> Enabled
>
>
> Anyone have any ideas? I've been tearing my hair out over this all weekend!
>
> -----------------------------------------------------------------
> Aaron Smith vox: 269.226.9550 ext.26
> Network Director fax: 269.349.9076 Nexcerpt, Inc.
> http://www.nexcerpt.com
>
> ...Nexcerpt... Extend Your Expertise
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list