samba - Feb 2008 - Joining Domain Problem only with XP SP2

I've having trouble getting XP SP2's to join a domain. Whenever I try to
join,
at the point I'm asked for a user name and password with permission to join 
the domain, I enter root and root's password, then get the dreaded
"Unknown
user or bad password" error message.

The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I know,
I
know!, but it's not a priority to management who has me fighting other 
fires), and the rest being XP SP2. I *ONLY* get the error with XP SP2. The 
Win2K and SP1 all join no problem, so it shouldn't be a problem with the 
Samba PDC or the config file else none should be joining. The 98's
aren't a
problem of course. In fact, for reasons I can't figure out, 2 of the
SP2's
joined too. What is stopping the SP2's from joining?

I've tried creating the machine accounts by hand, but that had no effect. I 
cranked up the logging and it looks to me like root authenticates correctly, 
but I still get the error.

Background: The original Samba PDC machine was getting old so management 
decided to trash it. I was tasked with putting together a replacement 
machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I disconnected 
the client machines from the domain (switched them to workgroup), then tried 
to reconnect with the new server online. The old server is physically gone.

As I stated, only the XP SP2's are not joining. I'm including my
smb.conf, but
considering the XP SP1's and the one Win2K (which is actually running as a 
virtual machine with XP SP2 as a host OS; this XP SP2 won't join) all join, 
the config file should be correct, and I have a root user in my smbpassword 
file, and I'm typing the password correctly. Therefore it has to be
something
to do with the SP2's. Possibly some registry setting??? Right now the XP 
SP2's are running as workgroup computers.

Yes, the old domain and new domain name are the same, but I've already tried
changing the new name to something different then joining but with no luck.

#======================= Global Settings
====================================[global]
debug level = 2
workgroup = hap
netbios name = linuxII
hosts allow = 192.168.1. 127.
printcap name = cups
load printers = yes
printing = cups
guest account = pcguest
log file = /var/log/samba/log.%m
max log size = 50
security = user
encrypt passwords = true
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n 
*ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 192.168.1.8/32 127.0.0.1/32
bind interfaces only = true
local master = yes
os level = 34
domain master = yes
preferred master = yes
domain logons = yes
logon script =  home.bat
logon path = \\%L\profiles\%U
logon home = \\%L\%U
logon drive = H:
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = yes
 hide dot files = yes
 deadtime = 15
 disable spoolss = yes
 show add printer wizard = no
 add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
 time server = yes
#======================== Share Definitions ========================
[homes]
   comment = Home Directory
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
#...Lots more shares...<snip>
#=========================end config file============================-- 
Fail to learn history-repeat it.
Fail to learn rights-lose them.
Learn both-get screwed by previous two groups.

Robert wrote:
> I've having trouble getting XP SP2's to join a domain. Whenever I
try to join,
> at the point I'm asked for a user name and password with permission to
join
> the domain, I enter root and root's password, then get the dreaded
"Unknown
> user or bad password" error message.
> 
> The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I
know, I
> know!, but it's not a priority to management who has me fighting other 
> fires), and the rest being XP SP2. I *ONLY* get the error with XP SP2. The 
> Win2K and SP1 all join no problem, so it shouldn't be a problem with
the
> Samba PDC or the config file else none should be joining. The 98's
aren't a
> problem of course. In fact, for reasons I can't figure out, 2 of the
SP2's
> joined too. What is stopping the SP2's from joining?
> 
> I've tried creating the machine accounts by hand, but that had no
effect. I
> cranked up the logging and it looks to me like root authenticates
correctly,
> but I still get the error.
> 
> Background: The original Samba PDC machine was getting old so management 
> decided to trash it. I was tasked with putting together a replacement 
> machine. I am using Kubuntu 7.10 (Gutsy) with Samba 3.0.26a. I disconnected
> the client machines from the domain (switched them to workgroup), then
tried
> to reconnect with the new server online. The old server is physically gone.
> 
> As I stated, only the XP SP2's are not joining. I'm including my
smb.conf, but
> considering the XP SP1's and the one Win2K (which is actually running
as a
> virtual machine with XP SP2 as a host OS; this XP SP2 won't join) all
join,
> the config file should be correct, and I have a root user in my smbpassword
> file, and I'm typing the password correctly. Therefore it has to be
something
> to do with the SP2's. Possibly some registry setting??? Right now the
XP
> SP2's are running as workgroup computers.
> 
> Yes, the old domain and new domain name are the same, but I've already
tried
> changing the new name to something different then joining but with no luck.
> 
> #======================= Global Settings
====================================> [global]
> debug level = 2
> workgroup = hap
> netbios name = linuxII
> hosts allow = 192.168.1. 127.
> printcap name = cups
> load printers = yes
> printing = cups
> guest account = pcguest
> log file = /var/log/samba/log.%m
> max log size = 50
> security = user
> encrypt passwords = true
> passdb backend = tdbsam
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n 
> *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba/smbusers
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = 192.168.1.8/32 127.0.0.1/32
> bind interfaces only = true
> local master = yes
> os level = 34
> domain master = yes
> preferred master = yes
> domain logons = yes
> logon script =  home.bat
> logon path = \\%L\profiles\%U
> logon home = \\%L\%U
> logon drive = H:
> name resolve order = wins lmhosts bcast
> wins support = yes
> wins proxy = yes
>  hide dot files = yes
>  deadtime = 15
>  disable spoolss = yes
>  show add printer wizard = no
>  add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
>  time server = yes
> #======================== Share Definitions ========================> 
> [homes]
>    comment = Home Directory
>    browseable = no
>    writable = yes
> 
> # Un-comment the following and create the netlogon directory for Domain
Logons
> [netlogon]
>    comment = Network Logon Service
>    path = /home/netlogon
>    guest ok = yes
>    writable = no
> #...Lots more shares...<snip>
> #=========================end config file============================
Since it's just XP SP2, you might want to look at the XP firewall settings
that were added by
default during the SP2 update.  Get there Control Panel/Windows Firewall.  In
there is file and
printer sharing blocking on by default for notebooks and computers directly on
the internet.
Maybe you already looked at this.  Nothing else stands out.

Regards, Doug