[Samba] Windows XP cannot join Samba 4AD but win 7 can.

Sébastien Degouzon sebastien.degouzon at univ-brest.fr
Mon Jul 21 15:27:40 MDT 2014

Le 21/07/2014 20:02, Marc Muehlfeld a écrit :
> Hello Sébastien,
> Am 21.07.2014 11:58, schrieb Sébastien Degouzon:
>> I've got some troubles making Win XP join my samba4 AD, and, well, i'm
>> kind of stuck !
>> I use the binary distribution of Samba 4 for Ubuntu Trusty Server
>> (4.1.6), with bind9 DLZ as a DNS backend.
>> Everything works fine with Win7 workstations, but I get a message
>> "Internal Error" on Win XP workstation during the domain join.
>> The machine account is created on the server, but stated "disabled", and
>> the DNS entry is missing...
> Which account do you use to join the machine? The domain admin or have
> you delegated the permission to a different account/group?
> Domain Admin should always work.
> If delegated, then have a look here:
> https://wiki.samba.org/index.php/Delegating_Administration_Permissions#Delegating_.27Joining_Computers_to_the_domain.27-permissions
> In an earlier version of that HowTo I forgot to grant permissions to a
> few attributes, what caused that I could join XP, but not Win7 (or was
> it the other way around?).
> In this context: You haven't changed ACLs on containers?
> One more idea: If you provisioned/upgraded your domain with an early 4.0
> version, you should fix the ACLs:
> https://wiki.samba.org/index.php/Updating_Samba#Updates_of_early_Samba_4_version_on_Samba_Active_Directory_DCs
> It doessn't hurt, if you check your AD with the two 'samba-tool dbcheck'
> commands without the '--fix', anyway.
> Regards,
> Marc
Ok, thank you, I currently use the "administrator" account and I didn't 
modify ACL on the containers.

But today, great news :
I built a brand new AD controller from scratch, using the official samba 
Howto - and guess what ? Everything works ! (the same windows XP boxes 
where able to join the domain, apply GPOs etc).

I guess I'll stick with this method (build from sources) as I've got the 
feeling there's something wrong with the Ubuntu packages. I've not been 
able to determine what's the issue, but I may investigate furthermore.
I was very surprised as I never had any problems of this kind during my 
early tests (always with compiled samba). I guess it began with the 
switch to the repo version of Samba (as of ubuntu 14.04).

Anyway, thank you for your tip, and I hope I can help somehow !


More information about the samba mailing list