XP clients as the member of the samba domain.
 

Hi All

I configured Samba on RH7.2 and its is working fine for Windows 95 and 98 clients.
The problem which i am facing is that i am unable to make XP machines as the member of the samba domain.

Kindly help.
Waiting for smart reply.

Regards
Bally

1. You need to Have Samba 2.2.1a, or greater.

2. Need XP Pro

3. Create a user on the Samba server than has the ability to join the Samba domain.

4. Create a machine account on the Samba server. More about this is in the Samba PDC HOWTO.

5. In XP pull up a command prompt and type "net use * /d" this will disconnect the XP machine from ALL shares on the Samba server, this is required.

6. Right click on the My Computer Icon. > Properties > Computer Name > Change > Domain, and Enter the domain name to join, It will prompt you for a username/password.

7. Reboot XP

8. Go into your registry and Change the following Value to "0" instead of "1". Such as: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters\ "RequireSignOrSeal"=dword:00000000

9. Reboot

10. Login to your Samba PDC





disable the Domain member: Digitally encrypt or sign secure channel data (always). You can find it somewhere (right click my computer) -> Computer Managament:> Local Security Policy-> Local Policies -> Security Options


this is all assuming you have samba set up right to be PDC.

Dear tyler

As per ur instructions i checked following things.

1. i checked Samba version. which is samba-2.2.1a-4.

2. Client is XP professional.

3. I did all the registery settings as you said and rebooted xp Machine.

4. I tried with "root" user to make the XP client as the member of my samba. No doubt it prompt for user name and password but is not authanticating. Massage stating " Bad user name and password" is displayed.

5. I tried with any other samba user to make the XP client as the member of my samba. Then message stating " Access is denied " is displayed.

Here i am little bit confused, whether root login will be able to put the xp client as the member of samba


Kindly Guide which appropriate user with what rights is required and how to Create a machine account on the Samba server

Regards
Bally

please send me your samba configuration file and i can tell you the changes to make. please make backup of your samba configuration file

at prompt type:

cp /etc/samba/smb.conf /etc/samba/smb.conf.backup

this is in case something goes wrong.

do you have the following in the file /etc/samba/smb.conf under global section:
netbios name = linuxmachinename
domain admin group = @wheel
domain logons = Yes
os level = 99
preferred master = True
domain master = True
local master = True

and the following under shares:
[netlogon]
##Store all Samba PDC overhead data in the directory
## /home/netlogon (or whatever you desire)
path = /home/netlogon
write list = root
guest ok = Yes

[profiles]
## Store user profiles in this directory
path = /home/ntprofile
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
browseable = No

also, do you have a samba user account set up for the root user?

command at bash prompt:

smbpasswd -a root

this will bring up prompt for root samba passwd

i highly suggest yo umake this different than the normal root password

also, the commands for adding a machine account are as follows:

first command, if you haven't done so already is to add a machine group. i will put a # from now on in front of any line that is a command to type at prompt.

#groupadd machines
#adduser -g machines -s /bin/false -d /dev/null machinename$

machinename$ being the netbios name of the machine you are adding, so if your domain is called domain, instead of putting machinename.domain just use machinename$ for this. be sure to put the $ at the end of the machinename.

#passwd -l machinename$

this will lock the machine account, the l in -l is a small L.
now add the machine as a samba account.

#smbpasswd -a -m machinename

i don't think you need the $ here. try without. it should say, even though you left out the $:
added machinename$

if doesn't work, then add the $ to the smbpasswd command above. it should definitely work then. now just to be certain the account is enabled.

#smbpasswd -e machinename$

make sure you restart samba to reread the config file before trying to join the machine to the domain.

#service smb restart

now try to add the xp machine to the domain. i may have forgot something. please let me know what happens.

good luck.

and do use the root samba password you created above when prompted for it when you try to join the domain.

once we get you joined i can tell you some other tricks to make things easier with profiles and logon scripts and so forth.

we will get this have no fear. it has been some time since i got mine going, but we will. then it will be a breeze.

Dear Tyler

Thankyou very much for your kind help. Ultimately it is done.

Still one problem which i am facing is for roming profile.

In ur previous reply U wrote to tell more tricks to make the things easier with profiles and logon scripts.

Please be kind to tell that

Regards

hey sorry for taking so long. if you still need help, please send me your smb.conf file, as much as can, and i will tell you changes needed.

Hi Tyler

It is done. Thankyou very much for ur kind help.

Is there any mathod to do these things more simpler?

Regards

well, for one, how do you have the logon script and profiles directory set up. i used a method similar to this. i have had a few beers so any questions or need better explanation let me know. okay, in samba i believe %g means teh group the use is in. so you can make users a memeber of the users group, then you can make a logon script for the wheel group (administrative group) and users group (regular users). so make a users folder and a wheel folder in the profiles directory. the logon xcript is then set to %g/logon.cmd. this will make it easier to make logon scripts for the different user types. for mapping folders.

anyway, for making joining the domain easier, there is an add user script. need to find that for you, and i have had not much success with it. here is waht i would do.

i made a script called newuser.

and a script called newpc.

it ask for computer name, send the computer name to memory with the $ added by the script, then it runs all the commands for you and adds to machine group, etc. this is for the linux bo0x of course. then run the join domain stuff with winxp

also, much easier to join domain if computer is initially member of a workgroup that has not the same name, unless do it on install, then not member of anythiign so don't matter.

anyway, if don't know know scripting, can find my scripts somewhere. haven't used windows for some time so will have to look. but will. let me know.