[Samba] Samba PDC - XP Client refuses to join!

James Tandy james at jamestandy.com
Sun May 4 10:16:40 GMT 2008

smc1:/var/lib/samba # cat /etc/samba/smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-12-04

        workgroup = SUSSEXMC
        netbios name = SMC1
        server string = Samba PDC
        time server = Yes
        domain logons = Yes
        domain master = Yes
        preferred master = Yes
        wins support = Yes
        os level = 65
        #map acl inherit = Yes
        passdb backend = ldapsam:ldap://localhost
        ldap suffix = dc=sussexmc,dc=com
        ldap admin dn = cn=admin,dc=sussexmc,dc=com
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        log file = /var/log/samba/log.%m
        log level = 1
        max log size = 50
        syslog = 0
        security = user
        encrypt passwords = true
        Dos charset = 850
        unix charset = LOCALE
        preserve case = yes
        short preserve case = yes
        case sensitive = no
        interfaces = eth0, lo
        bind interfaces only = Yes
        enable privileges = Yes
        username map = /etc/samba/smbusers
        name resolve order = wins bcast hosts
        printcap name = CUPS
        printing = cups
        printer admin = root
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        comment = '%u'
        browseable = no
        writable = yes
        public = no
        create mask = 0600
        directory mask = 0700
        path = /var/lib/samba/netlogon
        read only = no

        comment = Network Logon Service
        path = /var/lib/samba/netlogon/sussexmc.com/scripts
        guest ok = yes
        browsable = no
        writable = no
 ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon/sussexmc.com/scripts
 ;root postexec = rm -f /var/lib/samba/netlogon/sussexmc.com/scripts/%U.bat
        path = /var/lib/samba/profiles
        browseable = no
        guest ok = yes
        create mask = 0600
        directory mask = 0700

awilliam at mdah.state.ms.us wrote:
> paste your smb.conf
>> Hi all,
>> I have been setting up a samba3 domain controller, all seems to work
>> fins on the samba side, until i try to join a workstation to the domain.
>>  From a windows XP client, the following happens...
>> Enter computer properties, computer name tab... click Change...
>> Enter "SUSSEXMC.COM" in the domain box, click ok
>> Now is where things start going wrong..
>> XP waits for a little while, before responding with:
>> "A Domain Controller for the domain SUSSEXMC.COM could not be contacted"
>> Clicking details reveals:
>> "DNS was succesfully queried for the service location (SRV) resource
>> record used to locate a domain controller for the domain: SUSSEXMC.COM
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.SUSSEXMC.COM
>> The following domain controllers were identified by the query:
>> smc1.sussexmc.com
>> Common causes of this error include:
>> - Host (A) records that map the name of the domain controller to its IP
>> addresses are missing or contain incorrect addresses
>> - Domain controllers registered in DNS are not connected to the network
>> or are not running."
>> Now ALL using the same XP client...
>> I can verify that the A records are correct using nslookup (Server ip is
>>, reported by DNS server at (Also the machine gets
>> its IP address from DHCP on the same server, and this correctly updates
>> the forward and reverse dns zones to reflect this))
>> I can also verify the DC is running, as if i manually enter "\\smc1" or
>> "\\smc1.sussexmc.com" into windows explorer (the first time) i am
>> prompted for a username/password (and providing valid credntials allows
>> me to logon and see the main shares on the PDC (sysvol, netlogon,
>> printers), as well as the users home folder).
>> What am I missing??
>> James
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list