Glenn Arnold
2004-Jun-10 00:58 UTC
[Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
Hi all,
I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I
can not add my XP machines. Existing XP machines work fine, but when I
try to add new XP machine it does not work. Here is my smb.conf and pc
from the log.smbd
Thanks
-Glenn
[global]
netbios name = HSFNP01
workgroup = MTHCS
security = user
os level = 64
domain master = yes
local master = yes
preferred master = yes
time server = yes
;passdb backend = tdbsam
passdb backend = tdbsam
unix extensions = yes
encrypt passwords = yes
domain logons = yes
logon script = logon.bat
logon drive = H:
logon home = \\%L\%U
logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_RCVBUF=8192
SO_SNDBUF=8192
wins support = no
wins server = 10.100.0.10
veto files = /*.eml/*.nws/riched20.dll/
lanman auth = yes
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine
Account' -s /bin/false -M %u
oplocks = yes
load printers = yes
printing = cups
printer admin = Administrator, @ntadmin
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = -
winbind use default domain = No
[netlogon]
path = /smbsrvr/netlogon/scripts
guest ok = yes
write list = ntadmin
[homes]
comment = Home Directories
browseable = no
read only = no
hide dot files = yes
veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/
dos file times = yes
[C$]
valid users = @root
path = /smbsrvr
read only = no
create mask = 0770
directory mask = 0770
force group = +ntadmin
force directory mode = 0770
dos file times = yes
[Apps]
read only = no
path = /smbsrvr/Apps
[Students]
path = /smbsrvr/Students
read only = no
create mask = 0770
directory mask = 0770
force group = +HSSTUDENTS
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[AdminTools$]
path = /smbsrvr/AdminTools
read only = no
create mask = 0770
directory mask = 0770
force group = Domain Administrators
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
browseable = no
guest ok = yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = root, @ntadmin
[%G]
path = /home/groups/%G/
read only = no
force group = %G
[home$]
writeable = yes
write list = +ntadmin,@"MTHS-Domain Admins",@ntadmin,@root
path = /home
force directory mode = 0770
force group = +ntadmin
dos file times = yes
create mask = 0770
directory mask = 0770
valid users = +ntadmins,+root,@"MTHS-Domain
Admins",@ntadmin,@root
[ezaudit]
path = /smbsrvr/ezaudit
read only = no
browseable = yes
available = yes
write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS
admin users = +ntadmin,+wheel
[HSGUIDANCE]
path = /smbsrvr/Guidance
writelist = +HSGUIDANCE
read only = no
create mask = 0770
directory mask = 0770
force group = +HSGUIDANCE
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[HS PRINCIPAL]
path = /smbsrvr/hsprincipal
writelist = +HSPRINCIPAL
read only = no
create mask = 0770
directory mask = 0770
force group = +HSPRINCIPAL
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[CIP]
path = /smbsrvr/CIP
writelist = +HSSTAFF
read only = no
create mask = 0770
directory mask = 0770
force group = +HSSTAFF
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[POISE ISSUES]
path = /smbsrvr/Poise Issues
writelist = +BUILDING SECRETARIES
read only = no
create mask = 0770
directory mask = 0770
force group = +BUILDING SECRETARIES
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[HSDISCIPLINE]
path = /smbsrvr/Discipline
writelist = +BUILDING SECRETARIES
read only = no
create mask = 0770
directory mask = 0770
force group = +BUILDING SECRETARIES
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[YEARBOOK]
path = /smbsrvr/yearbook
writelist = +HSYEARBOOK
read only = no
create mask = 0770
directory mask = 0770
force group = +HSYEARBOOK
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[INSTALL]
comment = Mt. Healthy Software
path = /smbsrvr/Install
read only = No
guest only = Yes
[ADMINTOOLS$]
path = /smbsrvr/AdminTools
writelist = +ntadmin
read only = no
create mask = 0770
directory mask = 0770
force group = +ntadmin
force create mode = 0770
dos filetimes = yes
[2004/06/09 20:34:13, 0] lib/util_sock.c:send_smb(630)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978)
getpeername failed. Error was Transport endpoint is not connected
[2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978)
getpeername failed. Error was Transport endpoint is not connected
[2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket_data(413)
write_socket_data: write failure. Error = Connection reset by peer
[2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket(438)
write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection
reset by peer
[2004/06/09 20:37:41, 0] lib/util_sock.c:send_smb(630)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2004/06/09 20:38:02, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1400)
failed to decode PDU
[2004/06/09 20:38:02, 0]
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
Tom Hibbert
2004-Jun-10 20:54 UTC
[Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
There is a registry file included in the Samba distribution that
disables the local policy entry requiring server side "sealing" of the
join process. I believe Samba does not support this process yet so the
only way to go is disable it through policy.
The file is named something like "WinXPSignOrSeal.reg". Merge it,
reboot, and you should be good to go (provided your mechanisms for
creating machine accounts are working correctly).
Tom
-----Original Message-----
From: samba-bounces+tom=nsp.co.nz@lists.samba.org
[mailto:samba-bounces+tom=nsp.co.nz@lists.samba.org] On Behalf Of Glenn
Arnold
Sent: Thursday, 10 June 2004 12:58 p.m.
To: samba@lists.samba.org
Subject: [Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
Hi all,
I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I
can not add my XP machines. Existing XP machines work fine, but when I
try to add new XP machine it does not work. Here is my smb.conf and pc
from the log.smbd
Thanks
-Glenn
[global]
netbios name = HSFNP01
workgroup = MTHCS
security = user
os level = 64
domain master = yes
local master = yes
preferred master = yes
time server = yes
;passdb backend = tdbsam
passdb backend = tdbsam
unix extensions = yes
encrypt passwords = yes
domain logons = yes
logon script = logon.bat
logon drive = H:
logon home = \\%L\%U
logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_RCVBUF=8192
SO_SNDBUF=8192
wins support = no
wins server = 10.100.0.10
veto files = /*.eml/*.nws/riched20.dll/
lanman auth = yes
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine
Account' -s /bin/false -M %u
oplocks = yes
load printers = yes
printing = cups
printer admin = Administrator, @ntadmin
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = -
winbind use default domain = No
[netlogon]
path = /smbsrvr/netlogon/scripts
guest ok = yes
write list = ntadmin
[homes]
comment = Home Directories
browseable = no
read only = no
hide dot files = yes
veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/
dos file times = yes
[C$]
valid users = @root
path = /smbsrvr
read only = no
create mask = 0770
directory mask = 0770
force group = +ntadmin
force directory mode = 0770
dos file times = yes
[Apps]
read only = no
path = /smbsrvr/Apps
[Students]
path = /smbsrvr/Students
read only = no
create mask = 0770
directory mask = 0770
force group = +HSSTUDENTS
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[AdminTools$]
path = /smbsrvr/AdminTools
read only = no
create mask = 0770
directory mask = 0770
force group = Domain Administrators
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
browseable = no
guest ok = yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = root, @ntadmin
[%G]
path = /home/groups/%G/
read only = no
force group = %G
[home$]
writeable = yes
write list = +ntadmin,@"MTHS-Domain Admins",@ntadmin,@root
path = /home
force directory mode = 0770
force group = +ntadmin
dos file times = yes
create mask = 0770
directory mask = 0770
valid users = +ntadmins,+root,@"MTHS-Domain
Admins",@ntadmin,@root
[ezaudit]
path = /smbsrvr/ezaudit
read only = no
browseable = yes
available = yes
write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS
admin users = +ntadmin,+wheel
[HSGUIDANCE]
path = /smbsrvr/Guidance
writelist = +HSGUIDANCE
read only = no
create mask = 0770
directory mask = 0770
force group = +HSGUIDANCE
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[HS PRINCIPAL]
path = /smbsrvr/hsprincipal
writelist = +HSPRINCIPAL
read only = no
create mask = 0770
directory mask = 0770
force group = +HSPRINCIPAL
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[CIP]
path = /smbsrvr/CIP
writelist = +HSSTAFF
read only = no
create mask = 0770
directory mask = 0770
force group = +HSSTAFF
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[POISE ISSUES]
path = /smbsrvr/Poise Issues
writelist = +BUILDING SECRETARIES
read only = no
create mask = 0770
directory mask = 0770
force group = +BUILDING SECRETARIES
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[HSDISCIPLINE]
path = /smbsrvr/Discipline
writelist = +BUILDING SECRETARIES
read only = no
create mask = 0770
directory mask = 0770
force group = +BUILDING SECRETARIES
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[YEARBOOK]
path = /smbsrvr/yearbook
writelist = +HSYEARBOOK
read only = no
create mask = 0770
directory mask = 0770
force group = +HSYEARBOOK
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[INSTALL]
comment = Mt. Healthy Software
path = /smbsrvr/Install
read only = No
guest only = Yes
[ADMINTOOLS$]
path = /smbsrvr/AdminTools
writelist = +ntadmin
read only = no
create mask = 0770
directory mask = 0770
force group = +ntadmin
force create mode = 0770
dos filetimes = yes
[2004/06/09 20:34:13, 0] lib/util_sock.c:send_smb(630)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978)
getpeername failed. Error was Transport endpoint is not connected
[2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978)
getpeername failed. Error was Transport endpoint is not connected
[2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket_data(413)
write_socket_data: write failure. Error = Connection reset by peer
[2004/06/09 20:37:41, 0] lib/util_sock.c:write_socket(438)
write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection
reset by peer
[2004/06/09 20:37:41, 0] lib/util_sock.c:send_smb(630)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2004/06/09 20:38:02, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1400)
failed to decode PDU
[2004/06/09 20:38:02, 0]
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba