samba - Jan 2002 - Unable to join Win2k Pro SP2 to Samba 2.2.2 PDC

Hello,
	I have Samba 2.2.2 running on RedHat 7.1 acting as a PDC. I have
successfully joined Win98 as well as NT4.0 stations into this domain but
have been unable join any w2k devices. I have attempted both Pro and
Server, with and without service packs. A sniffer trace shows that
everytime the w2k machine tries to join the domain the PDC responds with
NetLogon command 15 "Station not in Domain's Computer List". The
win2k
device just responds with a generic message along the lines of
incorrect password or the domain cannot be contacted. Now I have been
actively following
the mailing lists and have attempted just about every suggestion that
anyone has made in the past, but to no avail. If anyone has any
suggestions I would greatly appreciate it. 

Best Regards,
-Mark Persons


# Global parameters
[global]
        workgroup = XX
        netbios name = kane
        wins server = 172.16.200.203
#       wins server = 172.16.200.208
        interfaces = 172.16.200.203 127.0.0.1
        bind interfaces only = yes
        preferred master = yes
        domain master = yes
        local master = yes
#       OS Level = 34
        OS Level = 64
       # remote announce = zeus
        server string = Unix SMB Server on %h v%v
        security = USER
       # password server = apollo
        encrypt passwords = yes
        password level = 2
        max log size = 100
        dns proxy = No
        restrict anonymous = no
        name resolve order = lmhosts wins host bcast
        create mask = 0777
        force directory mode = 0777
        locking = yes
        log level = 2
        log file = /var/log/samba/samba.log.%m
        domain admin group = @wheel
        domain logons = yes
# These are the things I added from Dejanews
#       max xmit = 65535
#       strict sync = no
#       strict locking = no
#       hide files = no
#       read raw = yes
#       write raw = yes
#       oplocks = yes
#       dead time = 15
        status = yes


        socket options = TCP_NODELAY IPTOS_LOWDELAY
        ; Security and file integrity related options
        ;       Strict locking is available for paranoid locking
situations only
        ;        enabling this severely degrades read / write performance.
        ;       strict locking = yes
        ;       fake oplocks = yes
        #share modes = yes
        #veto files = /lost*/
        #local master = no

[netlogon]
        path=/usr/local/samba/lib/netlogon
        writeable = no
        write list = ntadmin

#
# This is for automounted home dir's to appear in explorer windows
#        homedir map = auto.home
#        NIS homedir = yes
[homes]
comment = Home Directories
read only = No
browseable = No

#########################################################################################
smbpasswd file:


PC16$:602:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:PC16 PDCacct.
NT1$:606:5AA6327063FA3C030040A3697CF771AB:5AA6327063FA3C030040A3697CF771AB:[W
]:LCT-3C027E47:
PEPSI$:608:6FD92534BFEC8274AAD3B435B51404EE:6FC5929356B92633861B4610B93BDF61:[W
]:LCT-3C02A4A7:
WPI1$:611:1AA2440BF558D6DB6B04BED96CEF7A9A:1AA2440BF558D6DB6B04BED96CEF7A9A:[W
]:LCT-3C0C030F:
mark123456789123456789:613:36F821466A974D4DAAD3B435B51404EE:E95F5EE42AB18DC4D888C0E01185EDDF:[UX
]:LCT-3C1693D2:
NT8$:615:AD8B1B2EBCC270E14BBF4C76B543B521:AD8B1B2EBCC270E14BBF4C76B543B521:[W
]:LCT-3C17B697:
NT4$:616:E756DE8A52AB0E43A2C5E4312B855720:E756DE8A52AB0E43A2C5E4312B855720:[W
]:LCT-3C17B682:
test1:617:E88D94D6EBD10FC7AAD3B435B51404EE:AACD12D27C87CAC8FC0B8538AED6F058:[UX
]:LCT-3C18CE62:
NAS1$:621:CDB971CFC905E273B8AE461DCB9ABAB3:CDB971CFC905E273B8AE461DCB9ABAB3:[W
]:LCT-3C3A2631:
NAS3$:622:78F0B678048D3E85945A9FB83D0882C9:78F0B678048D3E85945A9FB83D0882C9:[W
]:LCT-3C3A2B6B:
NAS2$:623:4A6C776B39FDD6B42B5C67ABC85AAE9C:4A6C776B39FDD6B42B5C67ABC85AAE9C:[W
]:LCT-3C3A1E4C:
test2:624:E3FDADCB358C2967AAD3B435B51404EE:0E8231621F574D3636255FF36DD86C9C:[UX
]:LCT-3C3A1FFB:
test3:625:3DB7B914FAE75EC0AAD3B435B51404EE:ED78E4BEE2001D143286284067C3BE3F:[UX
]:LCT-3C3A299D:
ACTON$:626:83E65F76765BC107AAD3B435B51404EE:5C0598D154404189430AECE40C351C50:[W
]:LCT-00000000:

On Wed, 2002-01-09 at 08:31, security@zule.ne.mediaone.net
wrote:
> Hello,
> 	I have Samba 2.2.2 running on RedHat 7.1 acting as a PDC. I have
> successfully joined Win98 as well as NT4.0 stations into this domain but
> have been unable join any w2k devices. I have attempted both Pro and
> Server, with and without service packs. A sniffer trace shows that
> everytime the w2k machine tries to join the domain the PDC responds with
> NetLogon command 15 "Station not in Domain's Computer List".
The win2k
> device just responds with a generic message along the lines of
> incorrect password or the domain cannot be contacted. Now I have been
> actively following
> the mailing lists and have attempted just about every suggestion that
> anyone has made in the past, but to no avail. If anyone has any
> suggestions I would greatly appreciate it. 
> 
> Best Regards,
> -Mark Persons
I found at least two things that are lacking here.  One is "add user
script" parameter in your global section, and a password entry for root
in your smbpasswd file (the password doesn't have to match the one in
/etc/passwd).  IIRC these two things are not necessary to have Win9x/ME
or WinNt clients, but you need them for win2k clients.  In other words,
you can't manually create machine accounts for win2k.

For details go to

http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html#SAMBA-PDC

and look under section 8.4.2.

Kohei
> # Global parameters
> [global]
>         workgroup = XX
>         netbios name = kane
>         wins server = 172.16.200.203
> #       wins server = 172.16.200.208
>         interfaces = 172.16.200.203 127.0.0.1
>         bind interfaces only = yes
>         preferred master = yes
>         domain master = yes
>         local master = yes
> #       OS Level = 34
>         OS Level = 64
>        # remote announce = zeus
>         server string = Unix SMB Server on %h v%v
>         security = USER
>        # password server = apollo
>         encrypt passwords = yes
>         password level = 2
>         max log size = 100
>         dns proxy = No
>         restrict anonymous = no
>         name resolve order = lmhosts wins host bcast
>         create mask = 0777
>         force directory mode = 0777
>         locking = yes
>         log level = 2
>         log file = /var/log/samba/samba.log.%m
>         domain admin group = @wheel
>         domain logons = yes
> # These are the things I added from Dejanews
> #       max xmit = 65535
> #       strict sync = no
> #       strict locking = no
> #       hide files = no
> #       read raw = yes
> #       write raw = yes
> #       oplocks = yes
> #       dead time = 15
>         status = yes
> 
> 
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
>         ; Security and file integrity related options
>         ;       Strict locking is available for paranoid locking
> situations only
>         ;        enabling this severely degrades read / write performance.
>         ;       strict locking = yes
>         ;       fake oplocks = yes
>         #share modes = yes
>         #veto files = /lost*/
>         #local master = no
> 
> [netlogon]
>         path=/usr/local/samba/lib/netlogon
>         writeable = no
>         write list = ntadmin
> 
> #
> # This is for automounted home dir's to appear in explorer windows
> #        homedir map = auto.home
> #        NIS homedir = yes
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
> 
>
#########################################################################################
> smbpasswd file:
> 
> 
>
PC16$:602:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
> ]:LCT-00000000:PC16 PDCacct.
>
NT1$:606:5AA6327063FA3C030040A3697CF771AB:5AA6327063FA3C030040A3697CF771AB:[W
> ]:LCT-3C027E47:
>
PEPSI$:608:6FD92534BFEC8274AAD3B435B51404EE:6FC5929356B92633861B4610B93BDF61:[W
> ]:LCT-3C02A4A7:
>
WPI1$:611:1AA2440BF558D6DB6B04BED96CEF7A9A:1AA2440BF558D6DB6B04BED96CEF7A9A:[W
> ]:LCT-3C0C030F:
>
mark123456789123456789:613:36F821466A974D4DAAD3B435B51404EE:E95F5EE42AB18DC4D888C0E01185EDDF:[UX
> ]:LCT-3C1693D2:
>
NT8$:615:AD8B1B2EBCC270E14BBF4C76B543B521:AD8B1B2EBCC270E14BBF4C76B543B521:[W
> ]:LCT-3C17B697:
>
NT4$:616:E756DE8A52AB0E43A2C5E4312B855720:E756DE8A52AB0E43A2C5E4312B855720:[W
> ]:LCT-3C17B682:
>
test1:617:E88D94D6EBD10FC7AAD3B435B51404EE:AACD12D27C87CAC8FC0B8538AED6F058:[UX
> ]:LCT-3C18CE62:
>
NAS1$:621:CDB971CFC905E273B8AE461DCB9ABAB3:CDB971CFC905E273B8AE461DCB9ABAB3:[W
> ]:LCT-3C3A2631:
>
NAS3$:622:78F0B678048D3E85945A9FB83D0882C9:78F0B678048D3E85945A9FB83D0882C9:[W
> ]:LCT-3C3A2B6B:
>
NAS2$:623:4A6C776B39FDD6B42B5C67ABC85AAE9C:4A6C776B39FDD6B42B5C67ABC85AAE9C:[W
> ]:LCT-3C3A1E4C:
>
test2:624:E3FDADCB358C2967AAD3B435B51404EE:0E8231621F574D3636255FF36DD86C9C:[UX
> ]:LCT-3C3A1FFB:
>
test3:625:3DB7B914FAE75EC0AAD3B435B51404EE:ED78E4BEE2001D143286284067C3BE3F:[UX
> ]:LCT-3C3A299D:
>
ACTON$:626:83E65F76765BC107AAD3B435B51404EE:5C0598D154404189430AECE40C351C50:[W
> ]:LCT-00000000:
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>