Win2K and Samba 3.0 PDC -- can't join domain - SMB

This is a discussion on Win2K and Samba 3.0 PDC -- can't join domain - SMB ; OK, I give up. I have been reading this newsgroup, as well as linux.samba, and have seen a lot of good suggestions. I have two Win2K clients in a very mixed network, including '95, '98 and 'Me as well, with ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Win2K and Samba 3.0 PDC -- can't join domain

  1. Win2K and Samba 3.0 PDC -- can't join domain

    OK, I give up.

    I have been reading this newsgroup, as well as linux.samba, and have
    seen a lot of good suggestions.

    I have two Win2K clients in a very mixed network, including '95, '98 and
    'Me as well, with a Linux machine designed to be the PDC running Samba
    3.0. I upgraded to 3.0 when I wasn't able to use the native Debian
    Samba 2.2. What's interesting is that all of the other machines had no
    problem with converting from Workgroup to Domain, which is similar to
    what other people have been describing.

    I went into the Registry on the Win2K machine that I started with, and
    made the adjustments recommended. ( "requiresignorseal" was already 0,
    I changed "signsecurechannel" from 1 to 0 )

    I made sure that there was a machine account ( should I try deleting it
    an re-creating it? ) in smbpasswd for the Win2K client. I made sure
    that root had an account in smbpasswd.

    When I try to join the domain from the Win2K client, I get the classic
    "Unknown logon or password" message, and the Samba log, which I have
    neglected to show here, shows something like "NT_BAD_PASSWORD".

    I did have some success when I followed one instruction, and corrected
    the Guest account, because at that point Network Neighborhood on the
    Win2K machine was finally able to see the Samba machine.

    When I do smbclient -L Win2K -U valid_user, I get a listing of all of
    the shares on the Win2K machine, but nothing in the servers and domains
    / workgroups section at the bottom.

    The same command on the Samba host shows everything that I would expect.

    Here is my smb.conf ( most of it ) for your pleasure.

    I hope that there is something obvious that someone can see and get me
    out of this hole.

    Thanks,
    Brian


    # Samba config file created using SWAT
    # from 127.0.0.1 (127.0.0.1)
    # Date: 2003/11/04 10:37:28

    # Global parameters
    [global]
    workgroup = TRISURV
    server string = %h server (Samba %v)
    interfaces = 127.0.0.1, 192.168.0.10/255.255.255.0
    bind interfaces only = Yes
    null passwords = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
    *Retype\snew\sUNIX\spassword:* %n\n
    unix password sync = Yes
    client plaintext auth = No
    log level = 2
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 50
    time server = Yes
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=4096 SO_RCVBUF=4096
    add user script = /usr/sbin/useradd -d /dev/null -g 101 -s /bin/false %u
    logon script = %u\logon.bat
    logon path = \\%L\profiles\%u\%m
    logon drive = H:
    logon home = \\%L\%u\.win_profile\%m
    domain logons = Yes
    os level = 67
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap ssl = no
    winbind use default domain = Yes
    read only = No
    printing = cups

    [homes]
    comment = Home Directories
    create mask = 0700
    directory mask = 0700
    browseable = No

    [netlogon]
    comment = Network Logon Service
    path = /usr/local/samba/lib/netlogon
    write list = bdmc, administrator
    read only = Yes
    browseable = No

    [profiles]
    path = /home/samba-ntprof
    create mask = 0600
    directory mask = 0700
    browseable = No

    [temp]
    comment = Temporary file space
    path = /tmp
    guest ok = Yes


  2. Re: Win2K and Samba 3.0 PDC -- can't join domain


    "Brian McCullough" wrote in message
    news:newscache$43tvnh$h06$1@naidheachd2.bdmcc-us.com...
    > OK, I give up.
    >
    > I have been reading this newsgroup, as well as linux.samba, and have
    > seen a lot of good suggestions.
    >
    > I have two Win2K clients in a very mixed network, including '95, '98 and
    > 'Me as well, with a Linux machine designed to be the PDC running Samba
    > 3.0. I upgraded to 3.0 when I wasn't able to use the native Debian
    > Samba 2.2. What's interesting is that all of the other machines had no
    > problem with converting from Workgroup to Domain, which is similar to
    > what other people have been describing.
    >
    > I went into the Registry on the Win2K machine that I started with, and
    > made the adjustments recommended. ( "requiresignorseal" was already 0,
    > I changed "signsecurechannel" from 1 to 0 )
    >


    Win2K shouldn't need any registry tweaks (XP does)

    > I made sure that there was a machine account ( should I try deleting it
    > an re-creating it? ) in smbpasswd for the Win2K client. I made sure
    > that root had an account in smbpasswd.


    These will be created on the fly. Try deleting it from smbpasswd, but you
    require a machine$ account in passwd.

    >
    > When I try to join the domain from the Win2K client, I get the classic
    > "Unknown logon or password" message, and the Samba log, which I have
    > neglected to show here, shows something like "NT_BAD_PASSWORD".
    >
    > I did have some success when I followed one instruction, and corrected
    > the Guest account, because at that point Network Neighborhood on the
    > Win2K machine was finally able to see the Samba machine.
    >
    > When I do smbclient -L Win2K -U valid_user, I get a listing of all of
    > the shares on the Win2K machine, but nothing in the servers and domains
    > / workgroups section at the bottom.
    >
    > The same command on the Samba host shows everything that I would expect.
    >
    > Here is my smb.conf ( most of it ) for your pleasure.
    >
    > I hope that there is something obvious that someone can see and get me
    > out of this hole.
    >
    > Thanks,
    > Brian
    >
    >


    You have a winbind and a null password statement which may cause problems,
    plus you are missing encrypt passwords = Yes and security = user. Try
    starting with a basic smb.conf file and then add the extras later.

    [global]
    workgroup = TRISURV
    encrypt passwords = Yes *required*
    security = user *required*
    domain logons = Yes *required*
    os level = 67
    preferred master = Yes
    domain master = Yes *required*
    local master = Yes


    > # Samba config file created using SWAT
    > # from 127.0.0.1 (127.0.0.1)
    > # Date: 2003/11/04 10:37:28
    >
    > # Global parameters
    > [global]
    > workgroup = TRISURV
    > server string = %h server (Samba %v)
    > interfaces = 127.0.0.1, 192.168.0.10/255.255.255.0
    > bind interfaces only = Yes
    > null passwords = Yes
    > passwd program = /usr/bin/passwd %u
    > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
    > *Retype\snew\sUNIX\spassword:* %n\n
    > unix password sync = Yes
    > client plaintext auth = No
    > log level = 2
    > syslog = 0
    > log file = /var/log/samba/log.%m
    > max log size = 50
    > time server = Yes
    > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=4096 SO_RCVBUF=4096
    > add user script = /usr/sbin/useradd -d /dev/null -g 101 -s /bin/false %u
    > logon script = %u\logon.bat
    > logon path = \\%L\profiles\%u\%m
    > logon drive = H:
    > logon home = \\%L\%u\.win_profile\%m
    > domain logons = Yes
    > os level = 67
    > preferred master = Yes
    > domain master = Yes
    > wins support = Yes
    > ldap ssl = no
    > winbind use default domain = Yes
    > read only = No
    > printing = cups
    >
    > [homes]
    > comment = Home Directories
    > create mask = 0700
    > directory mask = 0700
    > browseable = No
    >
    > [netlogon]
    > comment = Network Logon Service
    > path = /usr/local/samba/lib/netlogon
    > write list = bdmc, administrator
    > read only = Yes
    > browseable = No
    >
    > [profiles]
    > path = /home/samba-ntprof
    > create mask = 0600
    > directory mask = 0700
    > browseable = No
    >
    > [temp]
    > comment = Temporary file space
    > path = /tmp
    > guest ok = Yes
    >




  3. Re: Win2K and Samba 3.0 PDC -- can't join domain

    m.marien wrote:
    > "Brian McCullough" wrote in message
    > news:newscache$43tvnh$h06$1@naidheachd2.bdmcc-us.com...
    >
    >>I made sure that there was a machine account ( should I try deleting it
    >>an re-creating it? ) in smbpasswd for the Win2K client. I made sure
    >>that root had an account in smbpasswd.

    >
    >
    > These will be created on the fly. Try deleting it from smbpasswd, but you
    > require a machine$ account in passwd.
    >
    >
    > You have a winbind and a null password statement which may cause problems,
    > plus you are missing encrypt passwords = Yes and security = user. Try
    > starting with a basic smb.conf file and then add the extras later.



    That's strange -- Swat insisted that both of those items were set and I
    didn't check the text version.


    I'll reset those values and try again.


    Brian


    > [global]
    > workgroup = TRISURV
    > encrypt passwords = Yes *required*
    > security = user *required*
    > domain logons = Yes *required*
    > os level = 67
    > preferred master = Yes
    > domain master = Yes *required*
    > local master = Yes



  4. Re: Win2K and Samba 3.0 PDC -- can't join domain


    "Brian McCullough" wrote in message
    news:newscache$7yywnh$416$1@naidheachd2.bdmcc-us.com...
    > m.marien wrote:
    > > "Brian McCullough" wrote in message
    > > news:newscache$43tvnh$h06$1@naidheachd2.bdmcc-us.com...
    > >
    > >>I made sure that there was a machine account ( should I try deleting it
    > >>an re-creating it? ) in smbpasswd for the Win2K client. I made sure
    > >>that root had an account in smbpasswd.

    > >
    > >
    > > These will be created on the fly. Try deleting it from smbpasswd, but

    you
    > > require a machine$ account in passwd.
    > >
    > >
    > > You have a winbind and a null password statement which may cause

    problems,
    > > plus you are missing encrypt passwords = Yes and security = user. Try
    > > starting with a basic smb.conf file and then add the extras later.

    >
    >
    > That's strange -- Swat insisted that both of those items were set and I
    > didn't check the text version.
    >


    I think security = user is the default and could be the same with encrypted
    passwords = yes. Never hurts to explicitly set them.

    >
    > I'll reset those values and try again.
    >
    >
    > Brian
    >
    >
    > > [global]
    > > workgroup = TRISURV
    > > encrypt passwords = Yes *required*
    > > security = user *required*
    > > domain logons = Yes *required*
    > > os level = 67
    > > preferred master = Yes
    > > domain master = Yes *required*
    > > local master = Yes

    >




+ Reply to Thread