Mont Rothstein
2007-Jun-12 19:30 UTC
[Fedora-directory-users] Going insane (can''t logon from Windows)
I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL 4) with Samba (3.0.10-1.4E.12.2). I have a Windows XP box that I have successfully joined to the domain. When I go to login with a domain user I get the following error: "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found." In the Windows system event log there is the following entry: "Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 3210 Date: 6/12/2007 Time: 10:08:02 AM User: N/A Computer: WINXP-CLEAN Description: This computer could not authenticate with \\RHEL-CLEAN2, a Windows domain controller for domain FORAYADAMS2, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c0000022" The only thing in smb.log is: [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected The only thing in the machine''s samba log is: [2007/06/12 11:41:09, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2007/06/12 11:41:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2007/06/12 11:41:09, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) There is nothing in the Fedora log near to when the workstation boots or the user tries to login. I can connect to a share on the server from the Windows computer, when logged in as a local user, using "net view" or entering the path directly (\\rhel-clean2\sharename\). I can ping the server from the workstation and vis-a-versa. I''ve explicitly added the workstation to the forward and reverse DNS zone files. The time of the server and workstation is less than 5 min apart. I have explicitly added the linux server as a WINS server on the Windows box (just in case). When I lookup the Windows system error on Google at I get stuff about the machine''s password being out of sync or various things about group policies for encryption and such. I tried turning off all of the related group policies with no effect. I am pulling my hair out trying to figure this out. Any and all help is appreciated. Thanks, -Mont
Jérôme Fenal
2007-Jun-12 19:48 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
2007/6/12, Mont Rothstein <mont.rothstein@gmail.com>: Hi Mont,> I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL 4) > with Samba (3.0.10-1.4E.12.2). > > I have a Windows XP box that I have successfully joined to the domain. > > When I go to login with a domain user I get the following error: > > "Windows cannot connect to the domain, either because the domain controller > is down or otherwise unavailable, or because your computer account was not > found."Did you add/change the following registry key on the XP machine : <signorseal.reg> REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000001 "signsecurechannel"=dword:00000001 </signorseal.reg> Regards, J. -- Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ Paris.pm - http://paris.mongueurs.net/
Mont Rothstein
2007-Jun-12 20:50 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
We''ll I tried disabling those policies via gpedit.msc (it changes those registry settings) but it had not effect. -Mont On 6/12/07, Jérôme Fenal <jfenal@gmail.com> wrote:> > 2007/6/12, Mont Rothstein <mont.rothstein@gmail.com>: > > Hi Mont, > > > I have Fedora Directory Server (1.0.4) running on a Red Hat Linux (RHEL > 4) > > with Samba (3.0.10-1.4E.12.2). > > > > I have a Windows XP box that I have successfully joined to the domain. > > > > When I go to login with a domain user I get the following error: > > > > "Windows cannot connect to the domain, either because the domain > controller > > is down or otherwise unavailable, or because your computer account was > not > > found." > > Did you add/change the following registry key on the XP machine : > > <signorseal.reg> > REGEDIT4 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] > "requiresignorseal"=dword:00000001 > "signsecurechannel"=dword:00000001 > </signorseal.reg> > > Regards, > > J. > -- > Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ > Paris.pm - http://paris.mongueurs.net/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Mont Rothstein
2007-Jun-13 17:58 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
A little more info on this. Everything I can find says that Windows believes the computer password is out of sync. It tries to use the password and fails. Adding and removing the computer from the domain (including deleting the account in FDS) does not help. Add the computer, reboot, try and login, no dice. Does anyone have any idea what might be happening here? Thanks, -Mont On 6/12/07, Mont Rothstein <mont.rothstein@gmail.com> wrote:> > We''ll I tried disabling those policies via gpedit.msc (it changes those > registry settings) but it had not effect. > > -Mont > > > On 6/12/07, Jérôme Fenal <jfenal@gmail.com> wrote: > > > > 2007/6/12, Mont Rothstein < mont.rothstein@gmail.com>: > > > > Hi Mont, > > > > > I have Fedora Directory Server (1.0.4) running on a Red Hat Linux > > (RHEL 4) > > > with Samba (3.0.10-1.4E.12.2). > > > > > > I have a Windows XP box that I have successfully joined to the domain. > > > > > > When I go to login with a domain user I get the following error: > > > > > > "Windows cannot connect to the domain, either because the domain > > controller > > > is down or otherwise unavailable, or because your computer account was > > not > > > found." > > > > Did you add/change the following registry key on the XP machine : > > > > <signorseal.reg> > > REGEDIT4 > > > > > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] > > "requiresignorseal"=dword:00000001 > > "signsecurechannel"=dword:00000001 > > </signorseal.reg> > > > > Regards, > > > > J. > > -- > > Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ > > Paris.pm - http://paris.mongueurs.net/ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Jérôme Fenal
2007-Jun-13 19:36 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
2007/6/13, Mont Rothstein <mont.rothstein@gmail.com>:> A little more info on this. > > Everything I can find says that Windows believes the computer password is > out of sync. It tries to use the password and fails. Adding and removing > the computer from the domain (including deleting the account in FDS) does > not help. Add the computer, reboot, try and login, no dice. > > Does anyone have any idea what might be happening here?this does seem to be related directly to the directory server, but more to Samba. Maybe it will be more relevant to ask your question on samba@samba.org https://lists.samba.org/mailman/listinfo/samba Regards, J. -- Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ Paris.pm - http://paris.mongueurs.net/
Mont Rothstein
2007-Jun-13 20:22 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
I''ll try there, thanks. -Mont On 6/13/07, Jérôme Fenal <jfenal@gmail.com> wrote:> > 2007/6/13, Mont Rothstein <mont.rothstein@gmail.com>: > > A little more info on this. > > > > Everything I can find says that Windows believes the computer password > is > > out of sync. It tries to use the password and fails. Adding and > removing > > the computer from the domain (including deleting the account in FDS) > does > > not help. Add the computer, reboot, try and login, no dice. > > > > Does anyone have any idea what might be happening here? > > this does seem to be related directly to the directory server, but > more to Samba. > Maybe it will be more relevant to ask your question on samba@samba.org > https://lists.samba.org/mailman/listinfo/samba > > Regards, > > J. > -- > Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ > Paris.pm - http://paris.mongueurs.net/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Mont Rothstein
2007-Jun-25 15:21 UTC
Re: [Fedora-directory-users] Going insane (can''t logon from Windows)
I found the problem. I had "restrict anonymous = 2" in my smb.conf. This causes WinXP logins to fail. I don''t know if this is because I am using Fedora Directory Server or just a Samba problem. -Mont On 6/13/07, Mont Rothstein <mont.rothstein@gmail.com> wrote:> > I''ll try there, thanks. > > -Mont > > > On 6/13/07, Jérôme Fenal <jfenal@gmail.com> wrote: > > > > 2007/6/13, Mont Rothstein <mont.rothstein@gmail.com>: > > > A little more info on this. > > > > > > Everything I can find says that Windows believes the computer password > > is > > > out of sync. It tries to use the password and fails. Adding and > > removing > > > the computer from the domain (including deleting the account in FDS) > > does > > > not help. Add the computer, reboot, try and login, no dice. > > > > > > Does anyone have any idea what might be happening here? > > > > this does seem to be related directly to the directory server, but > > more to Samba. > > Maybe it will be more relevant to ask your question on samba@samba.org > > https://lists.samba.org/mailman/listinfo/samba > > > > Regards, > > > > J. > > -- > > Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ > > Paris.pm - http://paris.mongueurs.net/ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >