[Samba] XP Joining domain

Derek Harkness dharknes at umd.umich.edu
Tue Jun 8 12:13:07 GMT 2004

How does pdbedit help me join a Windows XP client to my Samba domain?

I've read through all the howto section on domain membership.  
Unfortunately the online howto section doesn't have page numbers. :(  
According to the docs I can either add passwd backend = smbpasswd or 
just delete the option from the config file, if the option doesn't 
exist 3.0 falls back to smbpasswd used in 2.2.

The ultimate goal is to move to ldap.  But I can't do that until I get 
samba 3 working.  But why should the back prevent XP from properly 
setting the machine password?  NT 4 and 2K both happily join the domain 
set their password and play VERY nice.  On the client side XP tells me 
it joined the domain, but when I try and login it gives me a machine 
account error messages (see below).  If I login as the local 
Administrator I can even map a drive to the samba server.

Logon error
"Windows cannot connect to the domain, either because the domain 
controller is down or otherwise unavailable, or because your computer 
account was not found.  Please try again later."

Thanks for the help!

On Jun 7, 2004, at 3:31 PM, Jason Gray wrote:

> Have you tried pdbedit?  Also, If you read the pages 123 - 138 in the
> Samba-How-to Collection you will get a great trouble-shooting section 
> and
> methods to get your machines and users to connect to your PDC.  You 
> will
> also need to add the passwd backend = smbpasswd to your smb.conf
> file...among other things.  You might want to think about migrating to 
> the
> tdb password backend instead.  It's more reliable.
> Jason
> -----Original Message-----
> From: Derek Harkness [mailto:dharknes at umd.umich.edu]
> Sent: Monday, June 07, 2004 12:00 PM
> To: Jason Gray
> Subject: Re: [Samba] XP Joining domain
> More details...
> I'm not using ldap, currently using the smbpasswd backend.  I'm
> exploring the migration path from a samba 2.2 installation to samba
> 3.0.  I'm using the add machine script which is creating an account in
> the unix password file, then an account is created in the smbpasswd
> file but the account is disabled.
> /etc/samba/smbpasswd:xptest$:27652:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
> /etc/passwd:xptest$:x:27652:968:NTMachine:/dev/null:/bin/false
> My samba configure is more or less default.  Changed things like
> workgroup, load printers = no, and added the needed domain options.
> Thanks,
> Derek
> On Jun 7, 2004, at 2:40 PM, Jason Gray wrote:
>> There is a machine account and user account needed to login.  It
>> sounds like
>> you are using LDAP.  If this is the case you need to make sure that a
>> password is set for the user using smbpasswd <username>.  It would be
>> helpful to see your smb.conf file as well.  There are various tools
>> that you
>> can use to add both machine and user accounts in the LDAP backend.  If
>> you
>> are using something else as your password backend then let em know
>> what that
>> is too.
>> Jason
>> -----Original Message-----
>> From: samba-bounces+jgray=bardelanimation.com at lists.samba.org
>> [mailto:samba-bounces+jgray=bardelanimation.com at lists.samba.org]On
>> Behalf Of Derek Harkness
>> Sent: Monday, June 07, 2004 11:20 AM
>> To: samba at lists.samba.org
>> Subject: [Samba] XP Joining domain
>> I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, 
>> with
>> a Windows XP client.
>> Problems
>> 1) Can only get the join to work if I use the root account.  On Win2k 
>> I
>> can use any account in the Domain Admins group.
>> 2) The join succeeds, the unix account and the smb account are created
>> but the smb account is disabled, and the password contains all XXXXs.
>> Joining the domain works fine from Win2k.
>> I've tried adjusting the Signing entries.  I tried manually creating
>> the machine accounts, and I get a can't access machine account error 
>> on
>> login.
>> Any thoughts?
>> Thanks!
>> Derek
>> "This world is a comedy to those who think and a tragedy to those who
>> feel."
> My lack of knowledge is only exceeded by my lack of concern.
> --Anonymous GE Engineer
Isn't sanity just a one-trick pony anyway? I mean, all you get is that 
one trick, rational thinking, but when you're good and crazy, well, the 
sky's the limit!
"The Tick (comic book)"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040608/4c97e687/PGP.bin

More information about the samba mailing list