LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-03-2005, 04:20 PM   #1
AZ_Rider
LQ Newbie
 
Registered: Aug 2003
Distribution: Red Hat 9
Posts: 12

Rep: Reputation: 0
XP Pro SP2 client won't logon to SAMBA PDC


I cannot for the life of me get this XP client to logon to my Samba domain. The error is:

"Windows cannot connect to the domain, either because the dmain controller is down or otherwise unreachable, or because your computer account was not found....."

The machine joins the domain with no problems at all, and is able to access shares just fine when logged on with a local account.

Most of what I find on the web is along these lines:
---------------------------------------------------------------------------------
Cannot Log onto Domain Member Workstation After Joining Domain

After successfully joining the domain, user logons fail with one of two messages: one to the effect that the Domain Controller cannot be found; the other claims that the account does not exist in the domain or that the password is incorrect. This may be due to incompatible settings between the Windows client and the Samba-3 server for schannel (secure channel) settings or smb signing settings. Check your Samba settings for client schannel, server schannel, client signing, server signing by executing:

testparm -v | more and looking for the value of these parameters.

Also use the Microsoft Management Console Local Security Settings. This tool is available from the Control Panel. The Policy settings are found in the Local Policies/Securty Options area and are prefixed by Secure Channel: ..., and Digitally sign .....

It is important that these be set consistently with the Samba-3 server settings.
---------------------------------------------------------------------------------

I have tried many combinations of these settings on both client and server and still no luck, anyone have a known working set of settings for this OR anything else it could be? Client is XP Pro SP2 and Server is Samba 3.0.10-2 configured as a PDC running on Fedora Core 3. Here is my smb.conf file:

[global]
workgroup = AZ
server string = Fedora3 Linux Samba Server
update encrypted = Yes
min password length = 7
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
unix password sync = Yes
restrict anonymous = 2
log file = /var/log/samba/%m.log
max log size = 50
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/adduser -n -g machines -c 'Windows Machine Domain Account' -d /dev/null -s /bin/false %m$
logon script = %U.bat
logon path = \\%L\%U\profile
logon drive = Y:
logon home = \\%L\%U\profile9x
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = 192.168.2.101
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
admin users = rob, root
hosts allow = 192.168.1., 192.168.2., 127.
cups options = raw
case sensitive = No

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/netlogon

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[test]
path = /share/test
read only = No
 
Old 02-12-2005, 09:22 PM   #2
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
Are you using smbpasswd and if so, did you export the passwd file to smbpasswd? Did you happen to create machine accounts on the server in passwd and smbpasswd?
 
Old 02-12-2005, 09:33 PM   #3
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
XP Pro SP2 Client Won't Logon to SAMBA PDC

admin users = rob, root

Also... The above won't work anymore. You have to use the net groupmap command.

You can view your current settings with: net groupmap list.
To use Domain Users use: net groupmap modify ntgroup="Domain Users" unixgroup=<unixgroup>.
To use Domain Admins use: net groupmap modify ntgroup="Domain Admins" unixgroup=<unixgroup>.

Obviously the groups must match the users. Ex: rob would be a part of group admins.

I tried the admin users but when I would logon to the Windows workstation I still didn't have admin rights.
 
Old 02-13-2005, 01:37 PM   #4
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
Also, when I had Samba 2.2.5 as a PDC I had to make a registry change. Go to the registry. Go to HKLM\System\CurrentControlSet\Services\netlogon\parameters. Look for "RequireSignOrSeal"=dword:00000000. Change the value from "0" to "1". Reboot. And you should be able to logon to your domain.
 
Old 03-01-2005, 02:48 PM   #5
gregrh
LQ Newbie
 
Registered: Feb 2005
Posts: 7

Rep: Reputation: 0
???

admin users = rob, root

Also... The above won't work anymore. You have to use the net groupmap command.

You can view your current settings with: net groupmap list.
To use Domain Users use: net groupmap modify ntgroup="Domain Users" unixgroup=<unixgroup>.
To use Domain Admins use: net groupmap modify ntgroup="Domain Admins" unixgroup=<unixgroup>.

Obviously the groups must match the users. Ex: rob would be a part of group admins.

I tried the admin users but when I would logon to the Windows workstation I still didn't have admin rights.



Forgive me, but I would to know in the above what are the values for <unixgroup>
 
Old 03-01-2005, 02:55 PM   #6
gregrh
LQ Newbie
 
Registered: Feb 2005
Posts: 7

Rep: Reputation: 0
one more ???

How do you export the passwords from passwd to smbpasswd ??
 
Old 03-01-2005, 06:49 PM   #7
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
I believe it's /usr/bin/mksmbpasswd.sh. Or I was also successfull with smbpasswd -a <user>
 
Old 03-01-2005, 06:52 PM   #8
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
actually no it's not. sorry... I can't remember the command.
 
Old 03-01-2005, 06:54 PM   #9
rajbaxi
Member
 
Registered: Jul 2003
Location: MI
Distribution: redhat,mandrake,debian
Posts: 68

Rep: Reputation: 15
the value of <unixgroup> would be a group you want to use that exists in /etc/group. Ex: Domain Users = users (unix group).
 
Old 03-02-2005, 12:19 AM   #10
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
hey i'm not sure if you tryed this yet, but if your running fedora core 3 sometimes iptables gets in the way, i've got a samba domain controller and rather than work out what was going wrong with it i just shutdown iptables ... give that a go maybe it'll work

hwy if that helps and you feel like helping me out, i'm trying to get my samba domain controller to apply NT4 policies to to an XP machine i've called them NTconfig.pol and placed them in my netlogon drive, but it's not working and i can't figure out why

Last edited by paul_mat; 03-02-2005 at 12:22 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Joining XP Pro SP2 to Samba domain PDC Les62 Linux - Networking 13 10-09-2005 08:00 AM
xp pro can not logon samba PDC brianlee Linux - Networking 2 07-15-2005 02:53 AM
Samba PDC XP Pro client and Outlook Express user accts alans Linux - Networking 2 11-27-2004 02:02 PM
Logon to Samba- PDC TY2K4 Linux - Networking 0 12-01-2003 12:51 PM
WinXp Pro slow to logon to samba PDC seanfitz *BSD 2 03-10-2003 07:15 AM


All times are GMT -5. The time now is 09:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration