Adrian Levi
2010-Feb-28 10:39 UTC
[Samba] Standalone PDC XP-Win7 clients can't join domain.
I have setup a Samba PDC Version 3.4.3 under Debian. I have read the TOSHARG and By Example chapters regarding domain logins as well as anything else I could find. The machines (seem) to join the domain successfully but when the machines requre a domain administrator account privilege escalation fails. The Win7 machine fails with the message "The machine trust account failed" I suspect the problem lies with the domain setup on the PDC but I am unable to trouble shoot further on my own. Another thing to note is that there is no ADMIN$ IPC share on the server and I am unable to find information regarding when it should be present or not. It is worth noting that the server otherwise works as a workgroup server. Please suggest any information that would be useful to troubleshoot further. Yours humbly, Adrian -- 24x7x365 != 24x7x52 Stupid or bad maths? <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
John Drescher
2010-Feb-28 14:23 UTC
[Samba] Standalone PDC XP-Win7 clients can't join domain.
On Sun, Feb 28, 2010 at 5:39 AM, Adrian Levi <adrian.levi at gmail.com> wrote:> I have setup a Samba PDC Version 3.4.3 under Debian. > > I have read the TOSHARG and By Example chapters regarding domain > logins as well as anything else I could find. > > The machines (seem) to join the domain successfully but when the > machines requre a domain administrator account privilege escalation > fails. > The Win7 machine fails with the message "The machine trust account failed" > > I suspect the problem lies with the domain setup on the PDC but I am > unable to trouble shoot further on my own. > > Another thing to note is that there is no ADMIN$ IPC share on the > server and I am unable to find information regarding when it should be > present or not. > > It is worth noting that the server otherwise works as a workgroup server. > > Please suggest any information that would be useful to troubleshoot further. >Did you set the registry keys in windows7 as suggested in the wiki? http://wiki.samba.org/index.php/Windows7 John
Dale Schroeder
2010-Mar-01 19:18 UTC
[Samba] Standalone PDC XP-Win7 clients can't join domain.
Adrian,
I had the same issue with Debian 3.4.3. I eventually found an old post
that mentioned adding the "-i" option (if using ldap) to the "add
machine script" entry like this:
add machine script = /usr/sbin/smbldap-useradd -i -w '%u'
I don't know which backend you're using, but smbpasswd also supports
this option if adding machine accounts manually.
I'm unaware of why it is needed or how a non-ldap PDC could use this
option with an on-the-fly "add machine script" entry. I only know
that
XP and Win7 systems could now join the domain.
Dale
On 02/28/2010 4:39 AM, Adrian Levi wrote:> I have setup a Samba PDC Version 3.4.3 under Debian.
>
> I have read the TOSHARG and By Example chapters regarding domain
> logins as well as anything else I could find.
>
> The machines (seem) to join the domain successfully but when the
> machines requre a domain administrator account privilege escalation
> fails.
> The Win7 machine fails with the message "The machine trust account
failed"
>
> I suspect the problem lies with the domain setup on the PDC but I am
> unable to trouble shoot further on my own.
>
> Another thing to note is that there is no ADMIN$ IPC share on the
> server and I am unable to find information regarding when it should be
> present or not.
>
> It is worth noting that the server otherwise works as a workgroup server.
>
> Please suggest any information that would be useful to troubleshoot
further.
>
> Yours humbly,
>
> Adrian
>
>