security@zule.ne.mediaone.net
2002-Jan-09 05:35 UTC
Unable to join Win2k Pro SP2 to Samba 2.2.2 PDC
Hello, I have Samba 2.2.2 running on RedHat 7.1 acting as a PDC. I have successfully joined Win98 as well as NT4.0 stations into this domain but have been unable join any w2k devices. I have attempted both Pro and Server, with and without service packs. A sniffer trace shows that everytime the w2k machine tries to join the domain the PDC responds with NetLogon command 15 "Station not in Domain's Computer List". The win2k device just responds with a generic message along the lines of incorrect password or the domain cannot be contacted. Now I have been actively following the mailing lists and have attempted just about every suggestion that anyone has made in the past, but to no avail. If anyone has any suggestions I would greatly appreciate it. Best Regards, -Mark Persons # Global parameters [global] workgroup = XX netbios name = kane wins server = 172.16.200.203 # wins server = 172.16.200.208 interfaces = 172.16.200.203 127.0.0.1 bind interfaces only = yes preferred master = yes domain master = yes local master = yes # OS Level = 34 OS Level = 64 # remote announce = zeus server string = Unix SMB Server on %h v%v security = USER # password server = apollo encrypt passwords = yes password level = 2 max log size = 100 dns proxy = No restrict anonymous = no name resolve order = lmhosts wins host bcast create mask = 0777 force directory mode = 0777 locking = yes log level = 2 log file = /var/log/samba/samba.log.%m domain admin group = @wheel domain logons = yes # These are the things I added from Dejanews # max xmit = 65535 # strict sync = no # strict locking = no # hide files = no # read raw = yes # write raw = yes # oplocks = yes # dead time = 15 status = yes socket options = TCP_NODELAY IPTOS_LOWDELAY ; Security and file integrity related options ; Strict locking is available for paranoid locking situations only ; enabling this severely degrades read / write performance. ; strict locking = yes ; fake oplocks = yes #share modes = yes #veto files = /lost*/ #local master = no [netlogon] path=/usr/local/samba/lib/netlogon writeable = no write list = ntadmin # # This is for automounted home dir's to appear in explorer windows # homedir map = auto.home # NIS homedir = yes [homes] comment = Home Directories read only = No browseable = No ######################################################################################### smbpasswd file: PC16$:602:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:PC16 PDCacct. NT1$:606:5AA6327063FA3C030040A3697CF771AB:5AA6327063FA3C030040A3697CF771AB:[W ]:LCT-3C027E47: PEPSI$:608:6FD92534BFEC8274AAD3B435B51404EE:6FC5929356B92633861B4610B93BDF61:[W ]:LCT-3C02A4A7: WPI1$:611:1AA2440BF558D6DB6B04BED96CEF7A9A:1AA2440BF558D6DB6B04BED96CEF7A9A:[W ]:LCT-3C0C030F: mark123456789123456789:613:36F821466A974D4DAAD3B435B51404EE:E95F5EE42AB18DC4D888C0E01185EDDF:[UX ]:LCT-3C1693D2: NT8$:615:AD8B1B2EBCC270E14BBF4C76B543B521:AD8B1B2EBCC270E14BBF4C76B543B521:[W ]:LCT-3C17B697: NT4$:616:E756DE8A52AB0E43A2C5E4312B855720:E756DE8A52AB0E43A2C5E4312B855720:[W ]:LCT-3C17B682: test1:617:E88D94D6EBD10FC7AAD3B435B51404EE:AACD12D27C87CAC8FC0B8538AED6F058:[UX ]:LCT-3C18CE62: NAS1$:621:CDB971CFC905E273B8AE461DCB9ABAB3:CDB971CFC905E273B8AE461DCB9ABAB3:[W ]:LCT-3C3A2631: NAS3$:622:78F0B678048D3E85945A9FB83D0882C9:78F0B678048D3E85945A9FB83D0882C9:[W ]:LCT-3C3A2B6B: NAS2$:623:4A6C776B39FDD6B42B5C67ABC85AAE9C:4A6C776B39FDD6B42B5C67ABC85AAE9C:[W ]:LCT-3C3A1E4C: test2:624:E3FDADCB358C2967AAD3B435B51404EE:0E8231621F574D3636255FF36DD86C9C:[UX ]:LCT-3C3A1FFB: test3:625:3DB7B914FAE75EC0AAD3B435B51404EE:ED78E4BEE2001D143286284067C3BE3F:[UX ]:LCT-3C3A299D: ACTON$:626:83E65F76765BC107AAD3B435B51404EE:5C0598D154404189430AECE40C351C50:[W ]:LCT-00000000:
On Wed, 2002-01-09 at 08:31, security@zule.ne.mediaone.net wrote:> Hello, > I have Samba 2.2.2 running on RedHat 7.1 acting as a PDC. I have > successfully joined Win98 as well as NT4.0 stations into this domain but > have been unable join any w2k devices. I have attempted both Pro and > Server, with and without service packs. A sniffer trace shows that > everytime the w2k machine tries to join the domain the PDC responds with > NetLogon command 15 "Station not in Domain's Computer List". The win2k > device just responds with a generic message along the lines of > incorrect password or the domain cannot be contacted. Now I have been > actively following > the mailing lists and have attempted just about every suggestion that > anyone has made in the past, but to no avail. If anyone has any > suggestions I would greatly appreciate it. > > Best Regards, > -Mark PersonsI found at least two things that are lacking here. One is "add user script" parameter in your global section, and a password entry for root in your smbpasswd file (the password doesn't have to match the one in /etc/passwd). IIRC these two things are not necessary to have Win9x/ME or WinNt clients, but you need them for win2k clients. In other words, you can't manually create machine accounts for win2k. For details go to http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html#SAMBA-PDC and look under section 8.4.2. Kohei> # Global parameters > [global] > workgroup = XX > netbios name = kane > wins server = 172.16.200.203 > # wins server = 172.16.200.208 > interfaces = 172.16.200.203 127.0.0.1 > bind interfaces only = yes > preferred master = yes > domain master = yes > local master = yes > # OS Level = 34 > OS Level = 64 > # remote announce = zeus > server string = Unix SMB Server on %h v%v > security = USER > # password server = apollo > encrypt passwords = yes > password level = 2 > max log size = 100 > dns proxy = No > restrict anonymous = no > name resolve order = lmhosts wins host bcast > create mask = 0777 > force directory mode = 0777 > locking = yes > log level = 2 > log file = /var/log/samba/samba.log.%m > domain admin group = @wheel > domain logons = yes > # These are the things I added from Dejanews > # max xmit = 65535 > # strict sync = no > # strict locking = no > # hide files = no > # read raw = yes > # write raw = yes > # oplocks = yes > # dead time = 15 > status = yes > > > socket options = TCP_NODELAY IPTOS_LOWDELAY > ; Security and file integrity related options > ; Strict locking is available for paranoid locking > situations only > ; enabling this severely degrades read / write performance. > ; strict locking = yes > ; fake oplocks = yes > #share modes = yes > #veto files = /lost*/ > #local master = no > > [netlogon] > path=/usr/local/samba/lib/netlogon > writeable = no > write list = ntadmin > > # > # This is for automounted home dir's to appear in explorer windows > # homedir map = auto.home > # NIS homedir = yes > [homes] > comment = Home Directories > read only = No > browseable = No > > ######################################################################################### > smbpasswd file: > > > PC16$:602:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:PC16 PDCacct. > NT1$:606:5AA6327063FA3C030040A3697CF771AB:5AA6327063FA3C030040A3697CF771AB:[W > ]:LCT-3C027E47: > PEPSI$:608:6FD92534BFEC8274AAD3B435B51404EE:6FC5929356B92633861B4610B93BDF61:[W > ]:LCT-3C02A4A7: > WPI1$:611:1AA2440BF558D6DB6B04BED96CEF7A9A:1AA2440BF558D6DB6B04BED96CEF7A9A:[W > ]:LCT-3C0C030F: > mark123456789123456789:613:36F821466A974D4DAAD3B435B51404EE:E95F5EE42AB18DC4D888C0E01185EDDF:[UX > ]:LCT-3C1693D2: > NT8$:615:AD8B1B2EBCC270E14BBF4C76B543B521:AD8B1B2EBCC270E14BBF4C76B543B521:[W > ]:LCT-3C17B697: > NT4$:616:E756DE8A52AB0E43A2C5E4312B855720:E756DE8A52AB0E43A2C5E4312B855720:[W > ]:LCT-3C17B682: > test1:617:E88D94D6EBD10FC7AAD3B435B51404EE:AACD12D27C87CAC8FC0B8538AED6F058:[UX > ]:LCT-3C18CE62: > NAS1$:621:CDB971CFC905E273B8AE461DCB9ABAB3:CDB971CFC905E273B8AE461DCB9ABAB3:[W > ]:LCT-3C3A2631: > NAS3$:622:78F0B678048D3E85945A9FB83D0882C9:78F0B678048D3E85945A9FB83D0882C9:[W > ]:LCT-3C3A2B6B: > NAS2$:623:4A6C776B39FDD6B42B5C67ABC85AAE9C:4A6C776B39FDD6B42B5C67ABC85AAE9C:[W > ]:LCT-3C3A1E4C: > test2:624:E3FDADCB358C2967AAD3B435B51404EE:0E8231621F574D3636255FF36DD86C9C:[UX > ]:LCT-3C3A1FFB: > test3:625:3DB7B914FAE75EC0AAD3B435B51404EE:ED78E4BEE2001D143286284067C3BE3F:[UX > ]:LCT-3C3A299D: > ACTON$:626:83E65F76765BC107AAD3B435B51404EE:5C0598D154404189430AECE40C351C50:[W > ]:LCT-00000000: > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >