[Samba] WinXP and Samba PDC Auth Problem

Aaron Smith aaron at pandora-net.com
Tue Dec 7 02:50:55 GMT 2004

Well, I never did get any replies on this, but I have, in the interim,
discovered the problem.  So, for posterity I'm posting the answer here
in case someone else comes along with a similar problem.  The original
smb.conf from the old server included a line setting the guest account
to "smbguest".  Whereas this account existed on my old system, I had
not created it on the new system.  As soon as I created this account,
BOOM, everything started working exactly as it had before.

On Sun, 5 Dec 2004, Aaron Smith wrote:

> 	I have been running a Samba PDC with Samba version 3.0.0
> on Redhat 7.3 for quite some time.  My WinXP Pro SP2 system is part
> of the domain and everything has been working just peachy.  And then,
> of course, I had to tinker with it.
> 	I upgraded the linux box to Whitebox Linux 3.0, a derivative
> of Redhat Enterprise Linux 3.0.  It comes with Samba 3.0.7.  After
> installing and updating everything, I brought over the entire contects
> of my /etc/samba directory and loaded a previously saved LDIF file for
> my LDAP server (which samba authenticates to).  No changes were made in
> any of these files and no changes were made on the WinXP box.  If I
> do an "smbclient -L <linux-box-name>" it prompts me for a password, which
> is accepted, and a list of shares is presented.  If I do the same thing
> using the WinXp's name, I get:
> If I attempt to log in with a domain account on the XP box, I get a dialog 
> box that says:
> "Windows could not connect to the domain, either because the domain 
> controller is down, of otherwise unavailable, or because your computer
> account was not found."
> I *AM* able to remove the XP machine from the domain and re-add it without
> incident.  Or at least, I get the "Welcome to the PANDORANET Domain" message 
> when adding it so I'm assuming the kali$ machine account is being properly 
> found.
> I suspect that this has something to do with the schannel settings.  Samba 
> reports that all 4 settings are currently set to "Auto" which seems to be the 
> ideal setting.  The first thing I tried was the registry change for 
> signorseal to 0, but that had no affect.  Currently, under the Local Security 
> settings, I have for what I believe are the pertinent settings:
> Domain member: Digitally encrypt or sign secure channel data (always): 
> Enabled
> Domain member: Digitally encrypt secure channel data (when possible): Enabled
> Domain member: Digitally sign secure channel data (when possible): Enabled
> Microsoft Network Client:  Digitally sign communications (always): Disabled
> Microsoft Network Client:  Digitally sign communications (if server agrees): 
> Enabled
> Microsoft Network Server: Digitally sign communications (always): Disabled
> Microsoft Network Server: Digitally sign communications (if server agrees): 
> Enabled
> Anyone have any ideas?  I've been tearing my hair out over this all weekend!
> -----------------------------------------------------------------
> Aaron Smith             		vox: 269.226.9550 ext.26
> Network Director        		fax: 269.349.9076 Nexcerpt, Inc. 
> http://www.nexcerpt.com
> 	...Nexcerpt... Extend Your Expertise
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list