[Samba] PDC SAMBA + WIN2K problem join domain.

georgi sotirov soteks at gmail.com
Tue Jun 21 17:26:30 GMT 2005 

piaff33z wrote:

> Hi,
>
> I had success to join a samba domain with a win2K Station a few days
> ago. But today when a try to log with an another account, my station
> win2K say me she can't contact my PDC. I does not know what occurred
> since the last time.
>
> I disjoin my domain and after i has try to join again but with no 
> success.
>
> The client Win2K and serveur PDC samba are on same network and switch
> thus no problem of network.
> The samba server starts and his logs says to me that is the PDC of my
> domain, but Win2K does no want to see it.
>
> somebody has an idea ?

Are you sure to do this follows, before try join win2k pc in your SAMBA PDC:

[source http://nic.phys.ethz.ch/readme/145]

    *Changes for Windows 2000 to join the Samba Domain
    The following steps have to be done with an local administrator or a
    member of the local Administrators group.

    This steps must be done before joining the Samba Domain (D-PHYS
    Domain Logon):

    Changes for Windows 2000 (Service Pack 4 and later)
    To re-enable writing back the Roaming Profile to the home drive on
    our samba file server in the Group Policy Editor
    (C:\WINNT\system32\gpedit.msc) under Local Computer Policy/Computer
    Configuration/Administrative Templates/System/Logon the settings for
    Do not check for user ownership of Roaming Profiles Folders has to
    be enabled. It can also be done with the following script:

        * On X:\D-PHYS\Domain-Logon\ (How to connect to the X: drive)
    double click the Win2kXP-fix.cmd


    Now Windows 2000 is ready to join the Samba Domain (D-PHYS Domain
    Logon).
    *

And check this just for prevent future problems with WinXP Pro machines:

    Changes for Windows XP to join the Samba Domain
    The following steps have to be done with an local administrator or a
    member of the local Administrators group.

    This steps must be done before joining the Samba Domain (D-PHYS
    Domain Logon):

    Changes for Windows XP (all versions)

        * Start the Administrative Tools (Start / Settings / Control
    Panel / Administrative Tools). From there start the Local Security
    Policy.
        * In the Local Security Policy open Local Policies and then
    Security Options.
        * Disable the following entries:
              o Domain member: Digitally encrypt or sign secure channel
    data (Always)
              o Domain member: Digitally encrypt secure channel data
    (when possible)
              o Domain member: Digitally sign secure channel data (when
    possible)
              o Domain member: Require strong (Windows 2000 or later)
    session key


        * In the Group Policy Editor (C:\windows\system32\gpedit.msc)
    enable the following entry:
              o Computer Configuration\Administrative
    Templates\System\User Profiles\do not check for user ownership of
    roaming profiles folders


    Now Windows XP is ready to join the Samba Domain (D-PHYS Domain Logon).

More information about the samba mailing list