[Samba] XP machine wont join domain
prestonh at gmail.com
Thu Oct 20 12:37:14 MDT 2011
On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <datakid at gmail.com> wrote:
> I'm on ubuntu 10.04 LTS fully up to date.
> Am running a samba-ldap server but for some reason I can't connect a
> new fully updated XP machine to the domain.
> I've added other machines (6 months ago now, none since) successfully.
> I see a file /var/log/samba/log.machinename, but
> /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have
> anything of note.
> Using 'net rpc rights list' I have confirmed that my user can add
> users/machines to the domain.
> There is no firewall problem - there is no firewall between these
> machines, as they are on a local LAN together and the XP's firewall is
> I can successfully map a shared drive on the XP machine using the same
> credentials. (and, in fact, if I don't disconnect that share, I get a
> different error about not being able to have more than one connection
> at the same time)
> Samba conf is here: http://paste.ubuntu.com/713761/
> I've tried changing security from user to domain and back, without success.
> The error I get after entering the same credentials as above is
> "Access is denied".
> Any ideas? Even any pointers on how I might trace the network traffic
> to see where the issues are, since there's no data in the logs of
> I'm not excellent at the smb/ldap, and while I did set this server up,
> I didn't configure the smbldap part of the set up, so I'm not 100%
> sure or certain about what is happening there - am I doing something
> wrong in that regard?
> Other machines and users are happily connected to the server over
> smb/ldap, and when I look at their computer->properties, it says they
> are on the domain SBLS, which is what I expected and what I am trying
> to connect the current machine to.
> Any help appreciated.
This may no longer be official Samba policy, so someone please correct
me if I am wrong, but have you tried setting the registry/gpedit fixes
Here is what I do on our XP machines:
Start->Run, run gpedit.msc
Change the following:
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options branch.
Make sure to disable the following policies:
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)
Computer Configuration\Administrative Templates\System\User Profiles
Make sure to enable the following policy:
Do not check for user ownership of Roaming Profile Folders
After you make the changes, reboot (not sure if it is required, but
always a good policy with Windows), then try to join the domain again.
Join the domain first before mapping any drives or anything like
Anyway, just a thought. Hope it helps.
More information about the samba