samba - Apr 2003 - My Problems with XP and Samba Domain (and how I fixed it)

I had previously posted twice concerning problems I was having. I assume
that because I didn't get any answers that perhaps no one knew what was the
matter. Now that I figured it out maybe someone else has the same problem
and I can help to fix it.

After having already applied the proper registry hacks and policy edits
required for Windows XP (This is one area of John Terpstra's PDF that could
use some clarification. Perhaps explaining exactly which registry hacks and
policy edits that are required to join XP to a domain. In fact, I feel there
should be an XP section describing all the potential problems with joining
XP to a domain. Of course, I'm using 2.2.7 so the encryption issues might be
fixed for 3). I attempted to join the machine to my domain. After being
prompted for an administrator user, I entered in my root-mapped ntadmin
user. After several seconds I got an error saying that the Domain couldn't
be found or does not exist.

After viewing an Ethereal packet trace, I figured out that because my main
machine name goldengate is the same name as the main netbios name. But
because goldengate.americanconsultants.com maps to an internet accessible
address and the netbios name goldengate maps to an internal 192.168.0.1
address. Windows XP got confused and used the external address for the last
half of its communication. This is a potential big caveat (Especially if you
use the "bind interfaces only" option. Even though it wasn't
really the
problem in my case). If I had it to do over again, I would set a netbios
name different than the main machine name.

I created an LMHOSTS file on the XP machine to fix the name issue. Now when
attempting to join, the packet trace didn't have the communication with the
external IP address. BUT I still got exactly the same error message!!

My Samba machine had a really strange setup with three smb.conf files:
smb.conf smb.conf.goldengate and smb.conf.printer
smb.conf essentially just made the netbios alias printer and then included
the other two with "include = /etc/samba/smb.conf.%I".
File smb.conf.printer used share level security and set up a server with no
passwords for our printer (for network guests to use). File
smb.conf.goldengate set up our domain and was user level security.

In the packet trace there was a LookupDomain request for our domain. The
server replied back with STATUS_NO_SUCH_DOMAIN. I think this is because
somehow it was communicating with PRINTER instead of GOLDENGATE because of
confusion since they both had the same IP address. Since smb.conf.printer
had no information about our domain it replied back that there was no such
domain. Of course this is just a guess about what the problem was. Either
way, my fix was to simplify our setup and remove the included smb.conf files
and just stick with security=user over the whole thing. (Now I just need to
figure out an elegant way for our visiting accountant to print from his
laptop.)

Any comments or questions?

Thanks Samba Team for the great server tool,
-John Broadhead

On Fri, Apr 25, 2003 at 05:35:41PM -0600, John Broadhead wrote about
'[Samba] My Problems with XP and Samba Domain (and how I fixed
it)':
> After having already applied the proper registry hacks and policy edits
> required for Windows XP (This is one area of John Terpstra's PDF that
could
> use some clarification. Perhaps explaining exactly which registry hacks and
> policy edits that are required to join XP to a domain.
There used to be exactly one registry hack required, but that won't be 
necessary in the next alpha (thanks to Volker, Jeremy and Tridge). 
> In fact, I feel there
> should be an XP section describing all the potential problems with joining
> XP to a domain. Of course, I'm using 2.2.7 so the encryption issues
might be
> fixed for 3). I attempted to join the machine to my domain. After being
> prompted for an administrator user, I entered in my root-mapped ntadmin
> user. After several seconds I got an error saying that the Domain
couldn't
> be found or does not exist.
> After viewing an Ethereal packet trace, I figured out that because my main
> machine name goldengate is the same name as the main netbios name. But
> because goldengate.americanconsultants.com maps to an internet accessible
> address and the netbios name goldengate maps to an internal 192.168.0.1
> address. Windows XP got confused and used the external address for the last
> half of its communication.
IIRC netbios names have to be unique. You can't have a domain and a
workstation with the same name. 
> My Samba machine had a really strange setup with three smb.conf files:
> smb.conf smb.conf.goldengate and smb.conf.printer
> smb.conf essentially just made the netbios alias printer and then included
> the other two with "include = /etc/samba/smb.conf.%I".
> File smb.conf.printer used share level security and set up a server with no
> passwords for our printer (for network guests to use). File
> smb.conf.goldengate set up our domain and was user level security.
You can't use two smb.conf files with different values for 'security
'. One of the two will get overridden.

Jelmer

-- 
Jelmer Vernooij <jelmer@nl.linux.org> - http://nl.linux.org/~jelmer/
 03:37:21 up  3:06,  5 users,  load average: 0.05, 0.10, 0.09
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20030503/390184ea/attachment.bin