[Samba] Joining XP clients to a Samba PDC

Andrew depaan at bibleinfo.com
Wed Dec 8 18:19:52 GMT 2004 

>> As far as I can tell I should be able to join the domain with the  
>> root account (added with smbldap-useradd -a -G 512 -m -s /bin/false  
>> -d /dev/null -F "" -P root). But all I get for my efforts is an error  
>> dialog "The following error occurred attempting to join the domain  
>> 'BI': The network path was not found".
>
> If you're using the stock idealx setup (I believe) that you could be  
> using the Administrator account, make sure that you have the password  
> for that account, change it with smbpasswd if not.  Your root user may  
> or may not be set up right, I don't know the syntax of the command off  
> hand.
I've set the passwords for Administrator and for root with smbpassword  
and that doesn't seem to help.


> Try to change your double quotes to single quotes, I believe that has  
> been known to cause issues.
Do you mean the double quotes in the smbldap-useradd command above?


>
> Have you set the password for your manager DN?  Does your sambaDomain  
> object exist?
The sambaDomain object does exist and was created by the idealx setup  
script I believe. At any rate it shows up in my LDAP tree. From my gui  
LDAP browser, this is what my directory looks like:

World
	> iiw
		> bibleinfo
			> bi  #sambaDomain object?
			* Computers
			* Groups
			* Idmap
			% Manager
			% NextFreeUnixId
			* People
				% Administrator
				% User1
				% User2
				.
				.
				% nobody
				% proxyagent
				% root
				% user3
				.
				.
		
I'm using JXplorer and the symbols > * % above translate to icons as  
follows:
		
		> = small round circle (generic object icon I think)
		* = an icon looking like a cluster or tree of boxes (container for  
objects?)
		% = an icon consisting of a little face (user) and a sheet of paper  
(properties)
>
> Grasping at straws a bit here since your log doesn't seem to say  
> anything blatantly obvious.

Speaking of logs. I bumped the log level down to 2 and this is what was  
printed for two consecutive domain joining attempts (one with the root  
user, and one with the Administrator user)

[2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close  
all old resources.
[2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close  
all old resources.
[2004/12/08 09:03:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
   init_sam_from_ldap: Entry found for user: root
[2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902)
   init_group_from_ldap: Entry found for group: 512
[2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902)
   init_group_from_ldap: Entry found for group: 1000
[2004/12/08 09:03:35, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [root] -> [root] ->  
[root] succeeded
[2004/12/08 09:03:36, 2] smbd/server.c:exit_server(571)
   Closing connections


[2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close  
all old resources.
[2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close  
all old resources.
[2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
   init_sam_from_ldap: Entry found for user: Administrator
[2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902)
   init_group_from_ldap: Entry found for group: 512
[2004/12/08 09:10:53, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [Administrator] ->  
[Administrator] -> [Administrator] succeeded
[2004/12/08 09:10:54, 2] smbd/server.c:exit_server(571)
   Closing connections


A log level of 3 gives much more detail, but that's a lot to post here  
and I don't see anything that jumps out at me error-wise. Would it be a  
problem with an obscure setting on the XP machine somehow?

I've tried disabling "Domain member: Digitally encrypt or sign secure  
channel data (always)" as suggested by Chuck, but I still get the same  
error. ("The network path was not found")

I presume this is the same as another suggestion I found about changing  
the registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter 
s]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

So the bottom line is still no luck. Anyone have additional suggestions?

-Andrew

More information about the samba mailing list