[Samba] Cannot join Win XP SP2 client to domain
Jim Hogan
jimh at u.washington.edu
Sun May 13 17:17:15 GMT 2007
Thomas,
Thomas Ußmüller wrote:
> Dear all,
>
> I have created two virtual machines on my computer (With Vmware
> 5.5.3). One is running SuSE Linux Enterprise Server 10 with Samba
> 3.0.22. The other one is runnung a WinXP SP2 client (name: test01).
>
> I can browse the shares of the Samba Server. Furthermore I can connect
> to them with different user names.
>
> When trying to join the client to the domain I get an error message
> that the user does not exist (although connecting to the shares works
> with this username). Furthermore the user has the
> SeMachineAccountPrivilege set.
I remember getting this "user does not exist" error message and
discovering that it was (like many Windows errors) a "red herring" --
did not reflect actual problem and was somewhat misleading.
With XP, our underlying problem was name resolution. We had to force
NetBIOS node type to "hybrid" and then things started working. See here:
http://www.windowsitlibrary.com/Content/386/10/5.html
To wit:
"To configure a machine to use h-node-type resolution, set the following
registry value to 8:
HKEY_LOCAL_MACHINE\CurrentControlSet\Services\NetBT\Parameters\NodeType "
I am "shooting from the hip" here and I do not have confidence that this
information will fix your problem, but it is a trivial change to make
and test, so I figured it might help.
Jim
>
> What might cause this error? I have added the log.test01, log.smbd and
> the smb.conf file.
>
> Hope somebody can help me
>
> Regards
> Thomas
>
>
> log.test01:
> -----------
>
> [2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap(2222)
> init_group_from_ldap: Entry found for group: 512
> [2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614)
> Closing connections
> [2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307)
> check_ntlm_password: authentication for user [root] -> [root] ->
> [root] succeeded
> [2007/05/16 17:51:41, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
> Returning domain sid for domain LTE ->
> S-1-5-21-4205727931-4131263253-1851132061
> [2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
> _samr_create_user: Running the command
> `/usr/local/sbin/smbldap-useradd -w "test01$"' gave 9
> [2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614)
> Closing connections
>
> the error message in smbldap-useradd script only means that the
> account has already been created in the LDAP directory (only unix
> attributes are set, no win or samba specific stuff). When deleting the
> user from the directory the message disappears, but nothing else changes.
>
>
> log.smbd:
> ---------
> [2007/05/16 17:51:36, 0] smbd/server.c:main(805)
> smbd version 3.0.22-13.16-SUSE-SLES10 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2006
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[homes]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[profiles]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[netlogon]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[intranet]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[literatur]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[projekte]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[software]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[transfer]"
> [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
> Processing section "[sekretariat]"
> [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
> Unable to connect to CUPS server localhost - Connection refused
> [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
> Unable to connect to CUPS server localhost - Connection refused
> [2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81)
> added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
> [2007/05/16 17:51:36, 2]
> lib/smbldap_util.c:smbldap_search_domain_info(228)
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LTE))]
> [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> Registered MSG_REQ_POOL_USAGE
> [2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
> smbldap_open_connection: connection opened
> [2007/05/16 17:51:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> init_sam_from_ldap: Entry found for user: root
> [2007/05/16 17:51:36, 2] smbd/server.c:open_sockets_smbd(336)
> waiting for a connection
>
> smb.conf:
> ---------
>
> [global]
> workgroup = LTE
> netbios name = david
> enable privileges = yes
> server string = LTE Datei-Server
> security = user
> encrypt passwords = yes
> domain logons = Yes
> domain master = Yes
> local master = Yes
> preferred master = Yes
> os level = 65
> wins support = no
>
> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> # hosts allow = 192.168.2.0/255.255.255.0, 127.0.0.1
> # interfaces = 192.168.2.240/255.255.255.0
> # vfs object = vscan-clamav
> # vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
> log level = 2
> syslog = 1
> log file = /var/log/samba/log.%m
> time server = yes
> Dos charset = 850
> Unix charset = UTF8
> # Unix charset = ISO8859-1
> username map = /etc/samba/smbusers
>
> # logon path = \\%L\profiles\.msprofile # falsch?
> logon path = \\%L\profiles\%U
> # logon home = \\%L\%U\.9xprofile
> logon drive = H:
> logon script = logon.bat
>
> ldap passwd sync = yes
> ldap ssl = Off
> passdb backend = ldapsam:ldap://127.0.0.1
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 14000-20000
> idmap gid = 14000-20000
> ldap admin dn = cn=manager,dc=lte,dc=local,dc=net
> # sollte noch geaendert werden
> # ldap admin dn = cn=samba,ou=Users,dc=lte,dc=local,dc=net
> ldap suffix = dc=lte,dc=local,dc=net
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> ldap delete dn = yes
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> # add machine script = /sbin/yast
> /usr/share/YaST2/data/add_machine.ycp %m$
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
> "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod
> -x "%u" "%g"
> set primary group script = /sr/local/sbin/smbldap-usermod -g "%g"
> "%u"
>
>
> printing = none
> # printing = cups
> # printcap name = cups
> # printcap cache time = 750
> # cups options = raw
> map to guest = Bad User
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
> create mask = 600
> directory mask = 700
> guest ok = No
> [profiles]
> comment = Network Profiles Service
> # path = %H
> path = /home/samba/profiles
> read only = No
> browseable = No
> guest ok = Yes
> profile acls = Yes
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> force user = %U
> valid users = %U @"Domain Admins"
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> read only = yes
> write list = root
> browseable = no
> ... (I have omitted the definition of the further shares)
More information about the samba
mailing list