Glenn Arnold
2004-Jun-10 00:58 UTC
[Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
Hi all, I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I can not add my XP machines. Existing XP machines work fine, but when I try to add new XP machine it does not work. Here is my smb.conf and pc from the log.smbd Thanks -Glenn [global] netbios name = HSFNP01 workgroup = MTHCS security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes ;passdb backend = tdbsam passdb backend = tdbsam unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%U logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = no wins server = 10.100.0.10 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printer admin = Administrator, @ntadmin idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = - winbind use default domain = No [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] read only = no path = /smbsrvr/Apps [Students] path = /smbsrvr/Students read only = no create mask = 0770 directory mask = 0770 force group = +HSSTUDENTS force create mode = 0770 force directory mode = 0770 dos filetimes = yes [AdminTools$] path = /smbsrvr/AdminTools read only = no create mask = 0770 directory mask = 0770 force group = Domain Administrators force create mode = 0770 force directory mode = 0770 dos filetimes = yes [printers] comment = All Printers path = /var/spool/samba printable = yes browseable = no guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, @ntadmin [%G] path = /home/groups/%G/ read only = no force group = %G [home$] writeable = yes write list = +ntadmin,@"MTHS-Domain Admins",@ntadmin,@root path = /home force directory mode = 0770 force group = +ntadmin dos file times = yes create mask = 0770 directory mask = 0770 valid users = +ntadmins,+root,@"MTHS-Domain Admins",@ntadmin,@root [ezaudit] path = /smbsrvr/ezaudit read only = no browseable = yes available = yes write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS admin users = +ntadmin,+wheel [HSGUIDANCE] path = /smbsrvr/Guidance writelist = +HSGUIDANCE read only = no create mask = 0770 directory mask = 0770 force group = +HSGUIDANCE force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HS PRINCIPAL] path = /smbsrvr/hsprincipal writelist = +HSPRINCIPAL read only = no create mask = 0770 directory mask = 0770 force group = +HSPRINCIPAL force create mode = 0770 force directory mode = 0770 dos filetimes = yes [CIP] path = /smbsrvr/CIP writelist = +HSSTAFF read only = no create mask = 0770 directory mask = 0770 force group = +HSSTAFF force create mode = 0770 force directory mode = 0770 dos filetimes = yes [POISE ISSUES] path = /smbsrvr/Poise Issues writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HSDISCIPLINE] path = /smbsrvr/Discipline writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [YEARBOOK] path = /smbsrvr/yearbook writelist = +HSYEARBOOK read only = no create mask = 0770 directory mask = 0770 force group = +HSYEARBOOK force create mode = 0770 force directory mode = 0770 dos filetimes = yes [INSTALL] comment = Mt. Healthy Software path = /smbsrvr/Install read only = No guest only = Yes [ADMINTOOLS$] path = /smbsrvr/AdminTools writelist = +ntadmin read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force create mode = 0770 dos filetimes = yes [2004/06/09 20:34:13, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/09 20:37:41, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/09 20:38:02, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1400) failed to decode PDU [2004/06/09 20:38:02, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing.
Tom Hibbert
2004-Jun-10 20:54 UTC
[Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
There is a registry file included in the Samba distribution that disables the local policy entry requiring server side "sealing" of the join process. I believe Samba does not support this process yet so the only way to go is disable it through policy. The file is named something like "WinXPSignOrSeal.reg". Merge it, reboot, and you should be good to go (provided your mechanisms for creating machine accounts are working correctly). Tom -----Original Message----- From: samba-bounces+tom=nsp.co.nz@lists.samba.org [mailto:samba-bounces+tom=nsp.co.nz@lists.samba.org] On Behalf Of Glenn Arnold Sent: Thursday, 10 June 2004 12:58 p.m. To: samba@lists.samba.org Subject: [Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain Hi all, I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I can not add my XP machines. Existing XP machines work fine, but when I try to add new XP machine it does not work. Here is my smb.conf and pc from the log.smbd Thanks -Glenn [global] netbios name = HSFNP01 workgroup = MTHCS security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes ;passdb backend = tdbsam passdb backend = tdbsam unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%U logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = no wins server = 10.100.0.10 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printer admin = Administrator, @ntadmin idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = - winbind use default domain = No [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] read only = no path = /smbsrvr/Apps [Students] path = /smbsrvr/Students read only = no create mask = 0770 directory mask = 0770 force group = +HSSTUDENTS force create mode = 0770 force directory mode = 0770 dos filetimes = yes [AdminTools$] path = /smbsrvr/AdminTools read only = no create mask = 0770 directory mask = 0770 force group = Domain Administrators force create mode = 0770 force directory mode = 0770 dos filetimes = yes [printers] comment = All Printers path = /var/spool/samba printable = yes browseable = no guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, @ntadmin [%G] path = /home/groups/%G/ read only = no force group = %G [home$] writeable = yes write list = +ntadmin,@"MTHS-Domain Admins",@ntadmin,@root path = /home force directory mode = 0770 force group = +ntadmin dos file times = yes create mask = 0770 directory mask = 0770 valid users = +ntadmins,+root,@"MTHS-Domain Admins",@ntadmin,@root [ezaudit] path = /smbsrvr/ezaudit read only = no browseable = yes available = yes write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS admin users = +ntadmin,+wheel [HSGUIDANCE] path = /smbsrvr/Guidance writelist = +HSGUIDANCE read only = no create mask = 0770 directory mask = 0770 force group = +HSGUIDANCE force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HS PRINCIPAL] path = /smbsrvr/hsprincipal writelist = +HSPRINCIPAL read only = no create mask = 0770 directory mask = 0770 force group = +HSPRINCIPAL force create mode = 0770 force directory mode = 0770 dos filetimes = yes [CIP] path = /smbsrvr/CIP writelist = +HSSTAFF read only = no create mask = 0770 directory mask = 0770 force group = +HSSTAFF force create mode = 0770 force directory mode = 0770 dos filetimes = yes [POISE ISSUES] path = /smbsrvr/Poise Issues writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HSDISCIPLINE] path = /smbsrvr/Discipline writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [YEARBOOK] path = /smbsrvr/yearbook writelist = +HSYEARBOOK read only = no create mask = 0770 directory mask = 0770 force group = +HSYEARBOOK force create mode = 0770 force directory mode = 0770 dos filetimes = yes [INSTALL] comment = Mt. Healthy Software path = /smbsrvr/Install read only = No guest only = Yes [ADMINTOOLS$] path = /smbsrvr/AdminTools writelist = +ntadmin read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force create mode = 0770 dos filetimes = yes [2004/06/09 20:34:13, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/09 20:37:41, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/09 20:38:02, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1400) failed to decode PDU [2004/06/09 20:38:02, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. -- To unsubscribe from this list go to the following URL and read the instructions: lists.samba.org/mailman/listinfo/samba
Reasonably Related Threads
- User Manger for Domains can not reset user password.
- smbldap_search_suffix: Problem during the LDAP search
- Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
- Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-)
- share write access