[Samba] Problem joining XP SP2 Machines to the domain

Marshall Buschman mbuschman at gmail.com
Tue Apr 29 16:29:03 GMT 2008 

Dale:

I'm continuing to investigate - ipconfig /all shows both WINS servers.
/var/cache/samba/wins.dat contains the xp machines.
I do have a local DNS server, and it does resolve typical addresses (
google.com) as expected.
My PDC and BDC have A and PTR records that resolve properly, but nothing
special other than that.

Nothing appears in the logs on either the PDC or BDC.

I've recently tried using the ForensiT User Profile Wizard, which tries to
join the domain as part of it's process.
It's interesting that using this tool, when auth fails, wireshark shows no
conversation between the XP box and the DC - it looks like the XP isn't even
trying to connect to the PDC.

I've seen similar results using wireshark and the normal domain joining
facilities.
I've attempted to disable the signorseal requirements, which have no effect.

The only effective solution is adding an entry to the lmhosts file, which is
undesirable.

-Marshall

On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder <
dale at briannassaladdressing.com> wrote:

> Marshall,
>
> Running out of ideas, but:
> Have you checked the wins.dat file to see if it is actually being
> populated with the xp machines?
> Does "ipconfig /all" on the xp machines list the wins server?
> If using it, is DNS working properly?
> Any other clues in the logs?
>
> In "name resolve order =" I list wins first to give it the first chance at
> name resolution.
> I also don't have the multi-subnet issue to deal with, but some admins put
> a wins server on each subnet.
>
> Dale
>
>
>
> Marshall Buschman wrote:
>
> > Dale:
> >
> > Correct. I've implemented this option on all of the relevant subnets.
> > I'm doing something like this:
> >
> > -----------------------------------------------------------------------------------------
> > option                          netbios-name-servers 1.2.3.4, 1.3.3.7;
> >
> > -----------------------------------------------------------------------------------------
> >
> > Where 1.2.3.4 is the old windows 2000 DC that we're migrating away from,
> > and
> > 1.3.3.7 is the samba PDC.
> >
> > I tested this, and found it to work appropriately under Windows 2000
> > clients, but not Windows XP clients.
> >
> > I've even statically assigned an XP client an IP and WINS server, and it
> > still does not work consistently.
> >
> > I still get the following error most of the time:
> >
> > The following error occurred attempting to join the domain "FOO":
> > Logon failure: unknown user name or bad password.
> >
> > Windows 2000 clients function perfectly.
> >
> > Any ideas? Especially why only the XP clients have an issue?
> >
> > -Marshall
> >
> >
> > On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder <
> > dale at briannassaladdressing.com> wrote:
> >
> >
> >
> > > Marshall,
> > >
> > > Since you have many clients, I'm guessing you have a dhcp server
> > > running.
> > >  If so, do you have a netbios nameserver option enabled in the dhcp
> > > config?
> > > In ISC's dhcp3 server it is "option netbios-name-servers
> > > xxx.xxx.xxx.xxx;"
> > >
> > > Of course, on clients with static ip's, wins config must be done
> > > manually,
> > > and IIRC, the options changed somewhat in XP.  The default is to get
> > > netbios
> > > info from the dhcp server.
> > >
> > > Good luck,
> > > Dale
> > >
> > >
> > >
> > >
> > > Marshall Buschman wrote:
> > >
> > >
> > >
> > > > Hey All:
> > > >
> > > > I've got a working samba/ldap domain with a PDC in a datacenter and
> > > > a BDC
> > > > in
> > > > my local office.
> > > >
> > > > I'm not able to reliably join a windows XP Pro machine to the domain
> > > > by
> > > > specifying the PDC as a wins server.
> > > >
> > > > I get the following error 90% of the time or more, with no
> > > > discernible
> > > > patterns or errors in any logs:
> > > > ---------------------------------
> > > > The following error occurred attempting to join the domain "FOO":
> > > > Logon failure: unknown user name or bad password.
> > > > ---------------------------------
> > > >
> > > > Windows 2000 machines join the domain 100% of the time.
> > > >
> > > > Adding a line to the lmhosts file like this:
> > > > ---------------------------
> > > > 1.2.3.4       foopdc     #PRE #DOM:FOO #net group's DC
> > > > ---------------------------
> > > > Causes the XP machine to be able to join the domain 100% of the
> > > > time.
> > > >
> > > > I have many clients, and adding this file to the lmhosts file
> > > > everywhere
> > > > isn't feasible.
> > > >
> > > > The real question is - why doesn't WINS work?
> > > > I can run net view and see all the machines..
> > > >
> > > > I'd really appreciate any help you guys can provide.
> > > >
> > > > -Marshall
> > > >
> > > >
> > > >
> > > >
> > >

More information about the samba mailing list