[Samba] XP machine wont join domain
Scot Hollingsworth
scoth at rcsd.ms
Thu Oct 20 18:54:54 MDT 2011
We are able to join with any account in "Domain Admins"
Here is what I use:
net -S MyServerName rpc rights grant "MyDomain\Domain Admins" SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SePrintOperatorPrivilege SeRemoteShutdownPrivilege
Scot
On Oct 20, 2011, at 7:24 PM, Lachlan Musicman <datakid at gmail.com> wrote:
> Hi all,
>
> FWIW, I've solved this problem.
>
> I saw here: lists.samba.org/archive/samba/2003-April/065870.html
>
> that 'only root can add a machine to a domain'.
>
> I thought this was odd and incorrect, and the post was from 2003, so I
> didn't hold out hope, but at this stage, I'd try anything.
>
> I "changed" the root passwd via smbldap-passwd and tried adding the
> machine to the domain using the root user and viola, problem solved.
>
> Out of interest though - is it still the case that only root can add a
> machine to the domain?
>
> cheers
> L.
>
>
> On Fri, Oct 21, 2011 at 05:37, Preston Hagar <prestonh at gmail.com> wrote:
>> On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <datakid at gmail.com> wrote:
>>> Hi
>>>
>>> I'm on ubuntu 10.04 LTS fully up to date.
>>>
>>> Am running a samba-ldap server but for some reason I can't connect a
>>> new fully updated XP machine to the domain.
>>>
>>> I've added other machines (6 months ago now, none since) successfully.
>>>
>>> I see a file /var/log/samba/log.machinename, but
>>> /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have
>>> anything of note.
>>>
>>> Using 'net rpc rights list' I have confirmed that my user can add
>>> users/machines to the domain.
>>>
>>> There is no firewall problem - there is no firewall between these
>>> machines, as they are on a local LAN together and the XP's firewall is
>>> disabled.
>>>
>>> I can successfully map a shared drive on the XP machine using the same
>>> credentials. (and, in fact, if I don't disconnect that share, I get a
>>> different error about not being able to have more than one connection
>>> at the same time)
>>>
>>> Samba conf is here: http://paste.ubuntu.com/713761/
>>>
>>> I've tried changing security from user to domain and back, without success.
>>>
>>> The error I get after entering the same credentials as above is
>>> "Access is denied".
>>>
>>> Any ideas? Even any pointers on how I might trace the network traffic
>>> to see where the issues are, since there's no data in the logs of
>>> note?
>>>
>>> I'm not excellent at the smb/ldap, and while I did set this server up,
>>> I didn't configure the smbldap part of the set up, so I'm not 100%
>>> sure or certain about what is happening there - am I doing something
>>> wrong in that regard?
>>>
>>> Other machines and users are happily connected to the server over
>>> smb/ldap, and when I look at their computer->properties, it says they
>>> are on the domain SBLS, which is what I expected and what I am trying
>>> to connect the current machine to.
>>>
>>> Any help appreciated.
>>>
>>> cheers
>>> L.
>>>
>>
>> This may no longer be official Samba policy, so someone please correct
>> me if I am wrong, but have you tried setting the registry/gpedit fixes
>> before joining?
>>
>> Here is what I do on our XP machines:
>>
>> Start->Run, run gpedit.msc
>>
>> Change the following:
>>
>> Computer Configuration\Windows Settings\Security Settings\Local
>> Policies\Security Options branch.
>>
>> Make sure to disable the following policies:
>>
>> Domain Member: Digitally encrypt or sign secure channel data (always)
>>
>> Domain Member: Digitally sign secure channel data (when possible)
>>
>> Computer Configuration\Administrative Templates\System\User Profiles
>>
>> Make sure to enable the following policy:
>>
>> Do not check for user ownership of Roaming Profile Folders
>>
>>
>> After you make the changes, reboot (not sure if it is required, but
>> always a good policy with Windows), then try to join the domain again.
>> Join the domain first before mapping any drives or anything like
>> that.
>>
>> Anyway, just a thought. Hope it helps.
>>
>> Preston
>>
>
>
>
> --
> The politician’s syllogism, also known as the politician’s logic or
> the politician’s fallacy, is a logical fallacy of the form:
> - We must do something
> - This is something
> - Therefore, we must do this.
> (via http://bestofwikipedia.tumblr.com/ )
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
This message may contain confidential and/or proprietary
information, and is intended for the person/entity to
whom it was originally addressed. Any use by others is
strictly prohibited.
More information about the samba
mailing list