Hi all, I'm trying to configure Samba as a PDC. I'm running Debian Woody, hence Samba version 3.0.0final-1. We have no Windows servers anywhere on the network (yay!). I have done an smbpasswd for root, and add machine script is setup (see attached smb.conf). From the XP Pro workstation, when I fill in the domain name, log in as root, and click ok, I eventually get: "The following error occurred when attempting to join the domain CHHAUSMANN: access denied". I know that something is working, because if I type in the wrong root password, I get a different error - "unknown username or bad password". In /var/log/samba/log.nmbd, I get things like: [2004/01/13 00:27:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.0.101: code = 0x12 [2004/01/13 00:27:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.0.101: code = 0x7 I'm about to use the source, but can anyone give me any pointers? I also looked at <http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=utf-8&threadm=2d947vo q7e1rlatse397lr7sh6hosu8f6g%404ax.com&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D% 26ie%3DUTF-8%26oe%3Dutf-8%26q%3Dxp%2Bpro%2Bsamba%2Bjoin%2Bdomain%2B%2522digi tally%2Bencrypt%2522%26btnG%3DGoogle%2BSearch> and followed the instructions there, but trying to join the domain as machineadmin just returns "The user name could not be found.". A
In XP, you have to make some changes to the security policy. On the XP client, go to the "Control Panel" and then "Administrative Tools" and then open the "Local Security Settings" and the open the "Local Options" and then the "Security Options" folder. The following should be DISABLED: Domain Member: Digitally encrypt or sign secure channel data Domain Member: Digitally encrypt secure data channel Domain Member: Digitally sign secure data channel. Reboot your machine, and it should now be able to join the domain. This was a problem in SAMBA 2.x. Let me know if it works, I am interested to see if it is still a problem in SAMBA 3.x (my guess is yes, due to difference in the way XP authenticates.). Art Powell Adalante Network Solutions Inc. 9410-C Anderson Mill Road Austin, TX 78729 Off: 1-512-918-2672 Cel: 1-512-633-7577 -----Original Message----- From: Antony Gelberg [mailto:antony@antgel.co.uk] Sent: Monday, January 12, 2004 10:47 AM To: samba@lists.samba.org Subject: [Samba] Win XP Pro / Linux PDC Hi all, I'm trying to configure Samba as a PDC. I'm running Debian Woody, hence Samba version 3.0.0final-1. We have no Windows servers anywhere on the network (yay!). I have done an smbpasswd for root, and add machine script is setup (see attached smb.conf). From the XP Pro workstation, when I fill in the domain name, log in as root, and click ok, I eventually get: "The following error occurred when attempting to join the domain CHHAUSMANN: access denied". I know that something is working, because if I type in the wrong root password, I get a different error - "unknown username or bad password". In /var/log/samba/log.nmbd, I get things like: [2004/01/13 00:27:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.0.101: code = 0x12 [2004/01/13 00:27:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.0.101: code = 0x7 I'm about to use the source, but can anyone give me any pointers? I also looked at <http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=utf-8&threadm=2d9 47vo q7e1rlatse397lr7sh6hosu8f6g%404ax.com&rnum=1&prev=/groups%3Fhl%3Den%26lr %3D% 26ie%3DUTF-8%26oe%3Dutf-8%26q%3Dxp%2Bpro%2Bsamba%2Bjoin%2Bdomain%2B%2522 digi tally%2Bencrypt%2522%26btnG%3DGoogle%2BSearch> and followed the instructions there, but trying to join the domain as machineadmin just returns "The user name could not be found.". A
On Tue, 2004-01-13 at 09:52, Art Powell wrote:> In XP, you have to make some changes to the security policy. On the XP > client, go to the "Control Panel" and then "Administrative Tools" and > then open the "Local Security Settings" and the open the "Local Options" > and then the "Security Options" folder. The following should be > DISABLED: > > Domain Member: Digitally encrypt or sign secure channel data > Domain Member: Digitally encrypt secure data channel > Domain Member: Digitally sign secure data channel. > > Reboot your machine, and it should now be able to join the domain. > > This was a problem in SAMBA 2.x. Let me know if it works, I am > interested to see if it is still a problem in SAMBA 3.x (my guess is > yes, due to difference in the way XP authenticates.).---- actually, the answer is no on my setup Samba 3.0.0 PDC, this is not necessary (hooray) but on Samba 2.2.x PDC, it is necessary. Craig
Damn details will get you everytime in this business :). ------Original Message------ From: "Antony Gelberg" <antony@antgel.co.uk> Date: Wednesday, January 14th, 2004 7:48 AM CST To: "Antony Gelberg" <antony@antgel.co.uk>,"Craig White" <craigwhite@azapple.com> Subject: Re: [Samba] Win XP Pro / Linux PDC Ok, fixed it! It was a typo in my addmachine script - the group was machines, not machine. I found it after starting the daemons with -d 3. Antony