[Samba] Joining Domain Problem only with XP SP2
robert at spotswood-computer.net
Sat Feb 16 18:57:25 GMT 2008
On Saturday 16 February 2008, Doug VanLeuven wrote:
> Robert wrote:
> > I've having trouble getting XP SP2's to join a domain. Whenever I try to
> > join, at the point I'm asked for a user name and password with permission
> > to join the domain, I enter root and root's password, then get the
> > dreaded "Unknown user or bad password" error message.
> > The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I
> > know, I know!, but it's not a priority to management who has me fighting
> > other fires), and the rest being XP SP2. I *ONLY* get the error with XP
> > SP2. The Win2K and SP1 all join no problem, so it shouldn't be a problem
> > with the Samba PDC or the config file else none should be joining. The
> > 98's aren't a problem of course. In fact, for reasons I can't figure out,
> > 2 of the SP2's joined too. What is stopping the SP2's from joining?
> > I've tried creating the machine accounts by hand, but that had no effect.
> > I cranked up the logging and it looks to me like root authenticates
> > correctly, but I still get the error.
> > Background: The original Samba PDC machine was getting old so management
> > decided to trash it. I was tasked with putting together a replacement
> > machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I
> > disconnected the client machines from the domain (switched them to
> > workgroup), then tried to reconnect with the new server online. The old
> > server is physically gone.
> > As I stated, only the XP SP2's are not joining. I'm including my
> > smb.conf, but considering the XP SP1's and the one Win2K (which is
> > actually running as a virtual machine with XP SP2 as a host OS; this XP
> > SP2 won't join) all join, the config file should be correct, and I have a
> > root user in my smbpassword file, and I'm typing the password correctly.
> > Therefore it has to be something to do with the SP2's. Possibly some
> > registry setting??? Right now the XP SP2's are running as workgroup
> > computers.
> > Yes, the old domain and new domain name are the same, but I've already
> > tried changing the new name to something different then joining but with
> > no luck.
> > #======================= Global Settings
> > ===================================== [global]
> > debug level = 2
> > workgroup = hap
> > netbios name = linuxII
> > hosts allow = 192.168.1. 127.
> > printcap name = cups
> > load printers = yes
> > printing = cups
> > guest account = pcguest
> > log file = /var/log/samba/log.%m
> > max log size = 50
> > security = user
> > encrypt passwords = true
> > passdb backend = tdbsam
> > unix password sync = yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*UNIX*password* %n\n
> > *ReType*new*UNIX*password*
> > %n\n*passwd:*all*authentication*tokens*updated*successfully* username map
> > = /etc/samba/smbusers
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > interfaces = 192.168.1.8/32 127.0.0.1/32
> > bind interfaces only = true
> > local master = yes
> > os level = 34
> > domain master = yes
> > preferred master = yes
> > domain logons = yes
> > logon script = home.bat
> > logon path = \\%L\profiles\%U
> > logon home = \\%L\%U
> > logon drive = H:
> > name resolve order = wins lmhosts bcast
> > wins support = yes
> > wins proxy = yes
> > hide dot files = yes
> > deadtime = 15
> > disable spoolss = yes
> > show add printer wizard = no
> > add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
> > time server = yes
> > #======================== Share Definitions =========================
> > [homes]
> > comment = Home Directory
> > browseable = no
> > writable = yes
> > # Un-comment the following and create the netlogon directory for Domain
> > Logons [netlogon]
> > comment = Network Logon Service
> > path = /home/netlogon
> > guest ok = yes
> > writable = no
> > #...Lots more shares...<snip>
> > #=========================end config file=============================
> Since it's just XP SP2, you might want to look at the XP firewall settings
> that were added by default during the SP2 update. Get there Control
> Panel/Windows Firewall. In there is file and printer sharing blocking on
> by default for notebooks and computers directly on the internet. Maybe you
> already looked at this. Nothing else stands out.
> Regards, Doug
It's a good thought. I'll check it, but I don't think that's the problem. As I
said, the XP SP2's are functioning as workgroup computers for now, so the
users can access their home shares just fine. Unless I'm badly mistaken, file
and printer sharing blocking, if on, should block this too.
Fail to learn history-repeat it.
Fail to learn rights-lose them.
Learn both-get screwed by previous two groups.
More information about the samba