[Samba] XP machine wont join domain

Thu Oct 20 18:54:54 MDT 2011

We are able to join with any account in "Domain Admins"

Here is what I use:

net -S MyServerName rpc rights grant "MyDomain\Domain Admins" SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SePrintOperatorPrivilege SeRemoteShutdownPrivilege

Scot

On Oct 20, 2011, at 7:24 PM, Lachlan Musicman <datakid at gmail.com> wrote:

> Hi all,
> 
> FWIW, I've solved this problem.
> 
> I saw here: lists.samba.org/archive/samba/2003-April/065870.html
> 
> that 'only root can add a machine to a domain'.
> 
> I thought this was odd and incorrect, and the post was from 2003, so I
> didn't hold out hope, but at this stage, I'd try anything.
> 
> I "changed" the root passwd via smbldap-passwd and tried adding the
> machine to the domain using the root user and viola, problem solved.
> 
> Out of interest though - is it still the case that only root can add a
> machine to the domain?
> 
> cheers
> L.
> 
> 
> On Fri, Oct 21, 2011 at 05:37, Preston Hagar <prestonh at gmail.com> wrote:
>> On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <datakid at gmail.com> wrote:
>>> Hi
>>> 
>>> I'm on ubuntu 10.04 LTS fully up to date.
>>> 
>>> Am running a samba-ldap server but for some reason I can't connect a
>>> new fully updated XP machine to the domain.
>>> 
>>> I've added other machines (6 months ago now, none since) successfully.
>>> 
>>> I see a file /var/log/samba/log.machinename, but
>>> /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have
>>> anything of note.
>>> 
>>> Using 'net rpc rights list' I have confirmed that my user can add
>>> users/machines to the domain.
>>> 
>>> There is no firewall problem - there is no firewall between these
>>> machines, as they are on a local LAN together and the XP's firewall is
>>> disabled.
>>> 
>>> I can successfully map a shared drive on the XP machine using the same
>>> credentials. (and, in fact, if I don't disconnect that share, I get a
>>> different error about not being able to have more than one connection
>>> at the same time)
>>> 
>>> Samba conf is here: http://paste.ubuntu.com/713761/
>>> 
>>> I've tried changing security from user to domain and back, without success.
>>> 
>>> The error I get after entering the same credentials as above is
>>> "Access is denied".
>>> 
>>> Any ideas? Even any pointers on how I might trace the network traffic
>>> to see where the issues are, since there's no data in the logs of
>>> note?
>>> 
>>> I'm not excellent at the smb/ldap, and while I did set this server up,
>>> I didn't configure the smbldap part of the set up, so I'm not 100%
>>> sure or certain about what is happening there - am I doing something
>>> wrong in that regard?
>>> 
>>> Other machines and users are happily connected to the server over
>>> smb/ldap, and when I look at their computer->properties, it says they
>>> are on the domain SBLS, which is what I expected and what I am trying
>>> to connect the current machine to.
>>> 
>>> Any help appreciated.
>>> 
>>> cheers
>>> L.
>>> 
>> 
>> This may no longer be official Samba policy, so someone please correct
>> me if I am wrong, but have you tried setting the registry/gpedit fixes
>> before joining?
>> 
>> Here is what I do on our XP machines:
>> 
>> Start->Run, run gpedit.msc
>> 
>> Change the following:
>> 
>> Computer Configuration\Windows Settings\Security Settings\Local
>> Policies\Security Options branch.
>> 
>> Make sure to disable the following policies:
>> 
>> Domain Member: Digitally encrypt or sign secure channel data (always)
>> 
>> Domain Member: Digitally sign secure channel data (when possible)
>> 
>> Computer Configuration\Administrative Templates\System\User Profiles
>> 
>> Make sure to enable the following policy:
>> 
>> Do not check for user ownership of Roaming Profile Folders
>> 
>> 
>> After you make the changes, reboot (not sure if it is required, but
>> always a good policy with Windows), then try to join the domain again.
>>  Join the domain first before mapping any drives or anything like
>> that.
>> 
>> Anyway, just a thought.  Hope it helps.
>> 
>> Preston
>> 
> 
> 
> 
> -- 
> The politician’s syllogism, also known as the politician’s logic or
> the politician’s fallacy, is a logical fallacy of the form:
> - We must do something
> - This is something
> - Therefore, we must do this.
> (via http://bestofwikipedia.tumblr.com/ )
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

This message may contain confidential and/or proprietary
information, and is intended for the person/entity to
whom it was originally addressed. Any use by others is
strictly prohibited.