I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, with a Windows XP client. Problems 1) Can only get the join to work if I use the root account. On Win2k I can use any account in the Domain Admins group. 2) The join succeeds, the unix account and the smb account are created but the smb account is disabled, and the password contains all XXXXs. Joining the domain works fine from Win2k. I've tried adjusting the Signing entries. I tried manually creating the machine accounts, and I get a can't access machine account error on login. Any thoughts? Thanks! Derek "This world is a comedy to those who think and a tragedy to those who feel." -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040607/818eaa69/PGP.bin
On Mon, 2004-06-07 at 14:19, Derek Harkness wrote:> I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, with > a Windows XP client. > > Problems > 1) Can only get the join to work if I use the root account. On Win2k I > can use any account in the Domain Admins group. > 2) The join succeeds, the unix account and the smb account are created > but the smb account is disabled, and the password contains all XXXXs. > Joining the domain works fine from Win2k. > > I've tried adjusting the Signing entries. I tried manually creating > the machine accounts, and I get a can't access machine account error on > login.I'd take a look at this quick and dirty. It works well if you use it as a guide: http://www.osnews.com/story.php?news_id=6684 That is all. :) -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040607/884a51a7/attachment.bin
How does pdbedit help me join a Windows XP client to my Samba domain? I've read through all the howto section on domain membership. Unfortunately the online howto section doesn't have page numbers. :( According to the docs I can either add passwd backend = smbpasswd or just delete the option from the config file, if the option doesn't exist 3.0 falls back to smbpasswd used in 2.2. The ultimate goal is to move to ldap. But I can't do that until I get samba 3 working. But why should the back prevent XP from properly setting the machine password? NT 4 and 2K both happily join the domain set their password and play VERY nice. On the client side XP tells me it joined the domain, but when I try and login it gives me a machine account error messages (see below). If I login as the local Administrator I can even map a drive to the samba server. Logon error "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later." Thanks for the help! Derek On Jun 7, 2004, at 3:31 PM, Jason Gray wrote:> Have you tried pdbedit? Also, If you read the pages 123 - 138 in the > Samba-How-to Collection you will get a great trouble-shooting section > and > methods to get your machines and users to connect to your PDC. You > will > also need to add the passwd backend = smbpasswd to your smb.conf > file...among other things. You might want to think about migrating to > the > tdb password backend instead. It's more reliable. > > Jason > > -----Original Message----- > From: Derek Harkness [mailto:dharknes@umd.umich.edu] > Sent: Monday, June 07, 2004 12:00 PM > To: Jason Gray > Subject: Re: [Samba] XP Joining domain > > > More details... > > I'm not using ldap, currently using the smbpasswd backend. I'm > exploring the migration path from a samba 2.2 installation to samba > 3.0. I'm using the add machine script which is creating an account in > the unix password file, then an account is created in the smbpasswd > file but the account is disabled. > > /etc/samba/smbpasswd:xptest$:27652:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DW ]:LCT-00000000: > > /etc/passwd:xptest$:x:27652:968:NTMachine:/dev/null:/bin/false > > My samba configure is more or less default. Changed things like > workgroup, load printers = no, and added the needed domain options. > > Thanks, > Derek > > On Jun 7, 2004, at 2:40 PM, Jason Gray wrote: > >> There is a machine account and user account needed to login. It >> sounds like >> you are using LDAP. If this is the case you need to make sure that a >> password is set for the user using smbpasswd <username>. It would be >> helpful to see your smb.conf file as well. There are various tools >> that you >> can use to add both machine and user accounts in the LDAP backend. If >> you >> are using something else as your password backend then let em know >> what that >> is too. >> >> Jason >> >> -----Original Message----- >> From: samba-bounces+jgray=bardelanimation.com@lists.samba.org >> [mailto:samba-bounces+jgray=bardelanimation.com@lists.samba.org]On >> Behalf Of Derek Harkness >> Sent: Monday, June 07, 2004 11:20 AM >> To: samba@lists.samba.org >> Subject: [Samba] XP Joining domain >> >> >> I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, >> with >> a Windows XP client. >> >> Problems >> 1) Can only get the join to work if I use the root account. On Win2k >> I >> can use any account in the Domain Admins group. >> 2) The join succeeds, the unix account and the smb account are created >> but the smb account is disabled, and the password contains all XXXXs. >> Joining the domain works fine from Win2k. >> >> I've tried adjusting the Signing entries. I tried manually creating >> the machine accounts, and I get a can't access machine account error >> on >> login. >> >> Any thoughts? >> >> Thanks! >> Derek >> >> "This world is a comedy to those who think and a tragedy to those who >> feel." >> >> > My lack of knowledge is only exceeded by my lack of concern. > --Anonymous GE Engineer > > >Isn't sanity just a one-trick pony anyway? I mean, all you get is that one trick, rational thinking, but when you're good and crazy, well, the sky's the limit! "The Tick (comic book)" -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040608/4c97e687/PGP.bin
Hi Derek. What's interesting about these errors is that the Join seems to succeed, but that the machine password in the smbpasswd file is not modified. We're still using the 2.2.x stream of samba, and I've been meaning to try the 3.0.x versions, but haven't gotten around to it yet. I hope my suggestions still apply to the version of samba you're using. At first blush, it looks like you're having some permissions problems editing the smbpasswd file and creating the machine account passwd for the XP machine joining the domain. Let me review items you've tried 1) Manually creating unix account and adding machine account to smbpasswd file with smbpasswd -am xptest$ (your unix passwd entry looked fine) 2) The unix root account has an smbpasswd, and you're using that when prompted. (We've never been able to get domain admins to join machines (because smbpasswd file is writable by only root) 3) It does look like the smbpasswd machine account has been disabled - have you tried re-enabling it and rejoining the machine? Smbpasswd -e xptest$ Because the smbpasswd file doesn't get modified, I suspect some kind of permissions problem. When trying to join the domain, have you already connected to the samba server using a different set of credentials? In our version of samba, only one set of credentials is allowed - try doing a 'net use /delete *' (or something like that) from the PC to be sure you haven't unwittingly opened a connection to the samba server before trying to join the domain. Good luck-- Sam Barasch Computer Systems Support Dept. of Biostatistics University of Wisconsin in Madison -----Original Message----->> From: samba-bounces+jgray=bardelanimation.com@lists.samba.org >> [mailto:samba-bounces+jgray=bardelanimation.com@lists.samba.org]On >> Behalf Of Derek Harkness >> Sent: Monday, June 07, 2004 11:20 AM >> To: samba@lists.samba.org >> Subject: [Samba] XP Joining domain >> >> >> I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, >> with >> a Windows XP client. >> >> Problems >> 1) Can only get the join to work if I use the root account. On Win2k >> I >> can use any account in the Domain Admins group. >> 2) The join succeeds, the unix account and the smb account are created >> but the smb account is disabled, and the password contains all XXXXs. >> Joining the domain works fine from Win2k. >> >> I've tried adjusting the Signing entries. I tried manually creating >> the machine accounts, and I get a can't access machine account error >> on >> login. >> >> Any thoughts? >> >> Thanks! >> Derek >> >> "This world is a comedy to those who think and a tragedy to those who >> feel." >> >> > My lack of knowledge is only exceeded by my lack of concern. > --Anonymous GE Engineer