[Samba] Joining Domain Problem only with XP SP2

Robert robert at spotswood-computer.net
Wed Feb 20 09:22:22 GMT 2008 

On Sunday 17 February 2008, Rune Tønnesen wrote:
> Robert skrev:
> > On Saturday 16 February 2008, Doug VanLeuven wrote:
> >> Robert wrote:
> >>> I've having trouble getting XP SP2's to join a domain. Whenever I try
> >>> to join, at the point I'm asked for a user name and password with
> >>> permission to join the domain, I enter root and root's password, then
> >>> get the dreaded "Unknown user or bad password" error message.
> >>>
> >>> The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I
> >>> know, I know!, but it's not a priority to management who has me
> >>> fighting other fires), and the rest being XP SP2. I *ONLY* get the
> >>> error with XP SP2. The Win2K and SP1 all join no problem, so it
> >>> shouldn't be a problem with the Samba PDC or the config file else none
> >>> should be joining. The 98's aren't a problem of course. In fact, for
> >>> reasons I can't figure out, 2 of the SP2's joined too. What is stopping
> >>> the SP2's from joining?
> >>>
> >>> I've tried creating the machine accounts by hand, but that had no
> >>> effect. I cranked up the logging and it looks to me like root
> >>> authenticates correctly, but I still get the error.
> >>>
> >>> Background: The original Samba PDC machine was getting old so
> >>> management decided to trash it. I was tasked with putting together a
> >>> replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba
> >>> 3.0.26a. I disconnected the client machines from the domain (switched
> >>> them to workgroup), then tried to reconnect with the new server online.
> >>> The old server is physically gone.
> >>>
> >>> As I stated, only the XP SP2's are not joining. I'm including my
> >>> smb.conf, but considering the XP SP1's and the one Win2K (which is
> >>> actually running as a virtual machine with XP SP2 as a host OS; this XP
> >>> SP2 won't join) all join, the config file should be correct, and I have
> >>> a root user in my smbpassword file, and I'm typing the password
> >>> correctly. Therefore it has to be something to do with the SP2's.
> >>> Possibly some registry setting??? Right now the XP SP2's are running as
> >>> workgroup computers.
> >>>
> >>> Yes, the old domain and new domain name are the same, but I've already
> >>> tried changing the new name to something different then joining but
> >>> with no luck.
> >>>
> >>> #======================= Global Settings
> >>> ===================================== [global]
> >>> debug level = 2
> >>> workgroup = hap
> >>> netbios name = linuxII
> >>> hosts allow = 192.168.1. 127.
> >>> printcap name = cups
> >>> load printers = yes
> >>> printing = cups
> >>> guest account = pcguest
> >>> log file = /var/log/samba/log.%m
> >>> max log size = 50
> >>> security = user
> >>> encrypt passwords = true
> >>> passdb backend = tdbsam
> >>> unix password sync = yes
> >>> passwd program = /usr/bin/passwd %u
> >>> passwd chat = *New*UNIX*password* %n\n
> >>> *ReType*new*UNIX*password*
> >>> %n\n*passwd:*all*authentication*tokens*updated*successfully* username
> >>> map = /etc/samba/smbusers
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >>> interfaces = 192.168.1.8/32 127.0.0.1/32
> >>> bind interfaces only = true
> >>> local master = yes
> >>> os level = 34
> >>> domain master = yes
> >>> preferred master = yes
> >>> domain logons = yes
> >>> logon script =  home.bat
> >>> logon path = \\%L\profiles\%U
> >>> logon home = \\%L\%U
> >>> logon drive = H:
> >>> name resolve order = wins lmhosts bcast
> >>> wins support = yes
> >>> wins proxy = yes
> >>>  hide dot files = yes
> >>>  deadtime = 15
> >>>  disable spoolss = yes
> >>>  show add printer wizard = no
> >>>  add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
> >>>  time server = yes
> >>> #======================== Share Definitions =========================
> >>>
> >>> [homes]
> >>>    comment = Home Directory
> >>>    browseable = no
> >>>    writable = yes
> >>>
> >>> # Un-comment the following and create the netlogon directory for Domain
> >>> Logons [netlogon]
> >>>    comment = Net
> >>>
> >>>  Logon Service
> >>>    path = /home/netlogon
> >>>    guest ok = yes
> >>>    writable = no
> >>> #...Lots more shares...<snip>
> >>> #=========================end config file=============================
> >>
> >> Since it's just XP SP2, you might want to look at the XP firewall
> >> settings that were added by default during the SP2 update.  Get there
> >> Control Panel/Windows Firewall.  In there is file and printer sharing
> >> blocking on by default for notebooks and computers directly on the
> >> internet. Maybe you already looked at this.  Nothing else stands out.
> >>
> >> Regards, Doug
> >
> > It's a good thought. I'll check it, but I don't think that's the problem.
> > As I said, the XP SP2's are functioning as workgroup computers for now,
> > so the users can access their home shares just fine. Unless I'm badly
> > mistaken, file and printer sharing blocking, if on, should block this
> > too.
>
> Hi Robert
>
> I've think i found the solution to your problem. what is the name of the
> workgroup, it's not in your smb.conf?
> Since the SP2 pc's are in a workgroup with the same name as your
> domainname they need to be taken out of the that particular workgroup
> before you can join them to your domain. To join them to your domain do
> as follows:
>
>    1. Make a workstation member of a workgroup with a name differet to
>       your domainname e.g. testgroup
>          1. make sure it doesn't have any connection to file and
>             printershares in the old workgroup
>          2. restart
>    2. Join the domain you want.
>          1. restart to make the domain join work.

I finally got back there and tried this. No joy :( I don't think this is the 
problem anyway as I was there installing a new computer from Dell (an XP 
SP2), and the first thing I did after getting it up was to try and join the 
domain. Same error. As this computer had never been on the network before, I 
doubt it was a name clash.

If it helps anyone help me, I cranked up the logging. Here's what I got when 
trying to join the domain in the log.<computername> file:

[2008/02/19 22:48:58, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all 
old resources.
[2008/02/19 22:48:58, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all 
old resources.
[2008/02/19 22:48:58, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
[2008/02/19 22:48:58, 2] lib/access.c:check_access(323)
  Allowed connection from  (192.168.1.57)

Obviously, the "check_ntlm_password:  authentication for user [root] -> 
[root] -> [root] succeeded" tells me root does exist and I did enter the 
correct password...So why does XP SP2 lie to me and say I didn't?
-- 
Fail to learn history-repeat it.
Fail to learn rights-lose them.
Learn both-get screwed by previous two groups.

More information about the samba mailing list