[Samba] Cannot join Win XP SP2 client to domain

Jason Baker jbaker at glastender.com
Tue May 15 19:22:43 GMT 2007


> Maybe you can tell me a bit more about your server. Which backend do 
> you use? Do you use the smbldap scripts as well? Maybe we can find the 
> similarities in our machines which cause the problem and fix it. 
Thomas,
I installed Samba 3.0.23d-30 from an RPM to a CentOS 4 server. This 
machine is running an LDAP backend (OpenLDAP 2.3).

When I first got the server configured and up and running for the first 
time, I was able to join a machine to the domain from the client being 
joined. I accomplished this though the Windows Network ID Wizard. But 
then after finishing up the configuration on the server and getting 
ready to join all my workstations it quit working.
Suddenly it complained that my root password had expired and I was no 
longer able to join any workstations remotely. I got the root password 
problem figured out, but still could not join machines remotely.
I have LDAP Account Manager installed and it is working just great. I 
also have the IdealX SMB-LDAP scripts installed. These no longer work 
either.
Maybe the problem is in the scripts. I will investigate further and post 
my findings.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



Thomas Ußmüller wrote:
> Dear Jason,
>
> Thanks a lot. This solved my problem.
>
> When creating the user and machine accounts directly with LDAP 
> everything works fine. But when either trying to directly connect the 
> machine (i.e. without creating the account manually) or when using the 
> User Manager for domains, it doesn't work.
>
> I have noticed that the smbldap script create the accounts in my 
> directory. But interestingly the SambaSamAccount objectclass is not 
> added by the scripts. Is this behaviour normal? Shall the scripts or 
> samba add the attributes?
>
> I think one possible solution might be to modify the scripts, so that 
> they add the needed objectclass/ attributes. What do the others in the 
> group think about that solution?
>
> Maybe you can tell me a bit more about your server. Which backend do 
> you use? Do you use the smbldap scripts as well? Maybe we can find the 
> similarities in our machines which cause the problem and fix it.
>
> Regards
> Thomas
>
> Jason Baker schrieb:
>>> When trying to join the client to the domain I get an error message 
>>> that the user does not exist (although connecting to the shares 
>>> works with this username). Furthermore the user has the 
>>> SeMachineAccountPrivilege set. 
>> I had this same problem. I ended up creating the machine accounts via 
>> the LDAP Account Manager. I never did figure out why I cannot add a 
>> machine to the domain through the Windows Network ID Wizard. Have you 
>> tried to create the machine account manually on the server, and then 
>> join the machine to the domain?


More information about the samba mailing list