[Samba] XP machine wont join domain

Lachlan Musicman datakid at gmail.com
Thu Oct 20 18:24:38 MDT 2011

Hi all,

FWIW, I've solved this problem.

I saw here: lists.samba.org/archive/samba/2003-April/065870.html

that 'only root can add a machine to a domain'.

I thought this was odd and incorrect, and the post was from 2003, so I
didn't hold out hope, but at this stage, I'd try anything.

I "changed" the root passwd via smbldap-passwd and tried adding the
machine to the domain using the root user and viola, problem solved.

Out of interest though - is it still the case that only root can add a
machine to the domain?


On Fri, Oct 21, 2011 at 05:37, Preston Hagar <prestonh at gmail.com> wrote:
> On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <datakid at gmail.com> wrote:
>> Hi
>> I'm on ubuntu 10.04 LTS fully up to date.
>> Am running a samba-ldap server but for some reason I can't connect a
>> new fully updated XP machine to the domain.
>> I've added other machines (6 months ago now, none since) successfully.
>> I see a file /var/log/samba/log.machinename, but
>> /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have
>> anything of note.
>> Using 'net rpc rights list' I have confirmed that my user can add
>> users/machines to the domain.
>> There is no firewall problem - there is no firewall between these
>> machines, as they are on a local LAN together and the XP's firewall is
>> disabled.
>> I can successfully map a shared drive on the XP machine using the same
>> credentials. (and, in fact, if I don't disconnect that share, I get a
>> different error about not being able to have more than one connection
>> at the same time)
>> Samba conf is here: http://paste.ubuntu.com/713761/
>> I've tried changing security from user to domain and back, without success.
>> The error I get after entering the same credentials as above is
>> "Access is denied".
>> Any ideas? Even any pointers on how I might trace the network traffic
>> to see where the issues are, since there's no data in the logs of
>> note?
>> I'm not excellent at the smb/ldap, and while I did set this server up,
>> I didn't configure the smbldap part of the set up, so I'm not 100%
>> sure or certain about what is happening there - am I doing something
>> wrong in that regard?
>> Other machines and users are happily connected to the server over
>> smb/ldap, and when I look at their computer->properties, it says they
>> are on the domain SBLS, which is what I expected and what I am trying
>> to connect the current machine to.
>> Any help appreciated.
>> cheers
>> L.
> This may no longer be official Samba policy, so someone please correct
> me if I am wrong, but have you tried setting the registry/gpedit fixes
> before joining?
> Here is what I do on our XP machines:
> Start->Run, run gpedit.msc
> Change the following:
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\Security Options branch.
> Make sure to disable the following policies:
> Domain Member: Digitally encrypt or sign secure channel data (always)
> Domain Member: Digitally sign secure channel data (when possible)
> Computer Configuration\Administrative Templates\System\User Profiles
> Make sure to enable the following policy:
> Do not check for user ownership of Roaming Profile Folders
> After you make the changes, reboot (not sure if it is required, but
> always a good policy with Windows), then try to join the domain again.
>  Join the domain first before mapping any drives or anything like
> that.
> Anyway, just a thought.  Hope it helps.
> Preston

The politician’s syllogism, also known as the politician’s logic or
the politician’s fallacy, is a logical fallacy of the form:
- We must do something
- This is something
- Therefore, we must do this.
(via http://bestofwikipedia.tumblr.com/ )

More information about the samba mailing list