[Samba] XP Joining domain

Derek Harkness dharknes at umd.umich.edu
Tue Jun 8 16:01:32 GMT 2004 

Okay more information...

XP can join my Samba 2.2 domain without any trouble.  But with my Samba 
3.0.4 PDC it join but it puts all Xs in the password file and the 
account is disabled.  I've turned the log level up but don't see any 
blatant error messages.

I'm not sure if this is a related problem but when I copied the 
smbpasswd file from my Samba 2.2 PDC to the 3.0.4 PDC, samba started 
disabling accounts when users logged in.  Again all Xs in the password 
file and a D flag to disable the account.  Why would it be disabling 
accounts?

Thanks,
Derek

On Jun 8, 2004, at 8:13 AM, Derek Harkness wrote:

> How does pdbedit help me join a Windows XP client to my Samba domain?
>
> I've read through all the howto section on domain membership.  
> Unfortunately the online howto section doesn't have page numbers. :(  
> According to the docs I can either add passwd backend = smbpasswd or 
> just delete the option from the config file, if the option doesn't 
> exist 3.0 falls back to smbpasswd used in 2.2.
>
> The ultimate goal is to move to ldap.  But I can't do that until I get 
> samba 3 working.  But why should the back prevent XP from properly 
> setting the machine password?  NT 4 and 2K both happily join the 
> domain set their password and play VERY nice.  On the client side XP 
> tells me it joined the domain, but when I try and login it gives me a 
> machine account error messages (see below).  If I login as the local 
> Administrator I can even map a drive to the samba server.
>
> Logon error
> "Windows cannot connect to the domain, either because the domain 
> controller is down or otherwise unavailable, or because your computer 
> account was not found.  Please try again later."
>
> Thanks for the help!
> Derek
>
> On Jun 7, 2004, at 3:31 PM, Jason Gray wrote:
>
>> Have you tried pdbedit?  Also, If you read the pages 123 - 138 in the
>> Samba-How-to Collection you will get a great trouble-shooting section 
>> and
>> methods to get your machines and users to connect to your PDC.  You 
>> will
>> also need to add the passwd backend = smbpasswd to your smb.conf
>> file...among other things.  You might want to think about migrating 
>> to the
>> tdb password backend instead.  It's more reliable.
>>
>> Jason
>>
>> -----Original Message-----
>> From: Derek Harkness [mailto:dharknes at umd.umich.edu]
>> Sent: Monday, June 07, 2004 12:00 PM
>> To: Jason Gray
>> Subject: Re: [Samba] XP Joining domain
>>
>>
>> More details...
>>
>> I'm not using ldap, currently using the smbpasswd backend.  I'm
>> exploring the migration path from a samba 2.2 installation to samba
>> 3.0.  I'm using the add machine script which is creating an account in
>> the unix password file, then an account is created in the smbpasswd
>> file but the account is disabled.
>>
>> /etc/samba/smbpasswd:xptest$:27652:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
>> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW         ]:LCT-00000000:
>>
>> /etc/passwd:xptest$:x:27652:968:NTMachine:/dev/null:/bin/false
>>
>> My samba configure is more or less default.  Changed things like
>> workgroup, load printers = no, and added the needed domain options.
>>
>> Thanks,
>> Derek
>>
>> On Jun 7, 2004, at 2:40 PM, Jason Gray wrote:
>>
>>> There is a machine account and user account needed to login.  It
>>> sounds like
>>> you are using LDAP.  If this is the case you need to make sure that a
>>> password is set for the user using smbpasswd <username>.  It would be
>>> helpful to see your smb.conf file as well.  There are various tools
>>> that you
>>> can use to add both machine and user accounts in the LDAP backend.  
>>> If
>>> you
>>> are using something else as your password backend then let em know
>>> what that
>>> is too.
>>>
>>> Jason
>>>
>>> -----Original Message-----
>>> From: samba-bounces+jgray=bardelanimation.com at lists.samba.org
>>> [mailto:samba-bounces+jgray=bardelanimation.com at lists.samba.org]On
>>> Behalf Of Derek Harkness
>>> Sent: Monday, June 07, 2004 11:20 AM
>>> To: samba at lists.samba.org
>>> Subject: [Samba] XP Joining domain
>>>
>>>
>>> I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, 
>>> with
>>> a Windows XP client.
>>>
>>> Problems
>>> 1) Can only get the join to work if I use the root account.  On 
>>> Win2k I
>>> can use any account in the Domain Admins group.
>>> 2) The join succeeds, the unix account and the smb account are 
>>> created
>>> but the smb account is disabled, and the password contains all XXXXs.
>>> Joining the domain works fine from Win2k.
>>>
>>> I've tried adjusting the Signing entries.  I tried manually creating
>>> the machine accounts, and I get a can't access machine account error 
>>> on
>>> login.
>>>
>>> Any thoughts?
>>>
>>> Thanks!
>>> Derek
>>>
>>> "This world is a comedy to those who think and a tragedy to those who
>>> feel."
>>>
>>>
>> My lack of knowledge is only exceeded by my lack of concern.
>> --Anonymous GE Engineer
>>
>>
>>
> Isn't sanity just a one-trick pony anyway? I mean, all you get is that 
> one trick, rational thinking, but when you're good and crazy, well, 
> the sky's the limit!
> "The Tick (comic book)"
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
0 and 1. Now what could be so hard about that?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040608/9d2bca9e/PGP.bin

More information about the samba mailing list