Hello all. I've been checking out this forum for a while, and it's the best linux forum I've seen.

I've been a slackware user for a long time and have been unable to find a solution to this problem.

I'm currently using Slackware 8.1 in a network server role including it being a Primary Domain Controller for windows machines (for centralized user authentication). All versions of windows authenticate to the domain without any trouble (including Windows 2000 sp3), with one exception: Windows XP Professional. When I try to join it to the domain it just says access denied.

I've been searching for this solution (if there is one) and thought I may as well ask, since there are no previous threads dealing with this issue.

If need be, I can post my smb.conf file. Although, like I said, it's only XP that is having the problem. All my other windows machines have no problem logging onto the domain and accessing the domain shares, changing user passwords from windows, etc. Although I'm still trying to figure out a way for windows machines to change file permissions on server shares by using the right-click --> properties --> permission/security menu. This may, however, not be possible.

Ideas? Questions? Comments?

Thanks in advance.

...and please, no comments like "It's easy, eliminate windows machines on your network" etc.

hallo all, I am new to this forum and also to linux,
just now I am using Linux redhat-7.3 and Windows-XP,
I have changed some configurations, e.g. WORKGROUP, SHARE ... in the smb.conf, but unlucky smb isn't working, can anybody help me? Thanx!

Since you aren't using a domain, and you are just trying to get XP to access shares on you linux machine, you can use a pretty much default samba configuration.

Make sure they are both using the same "workgroup".

If you are using "security = user", you will need to add any users that will access samba.

# add a linux user account
useradd -g "groupid" -m "username"
passwd "username"

# add the user to samba
smbpasswd -a "username"

Any ideas?

Has no one else tried to get a windows xp machine to logon to a Linux Domain controller before?

Thanx, I have checked sam.conf, it shows that in some optional commands:
server string = Samba Server // ok?
....
[Share]
comment: samba test
path: /home/share
valid users = Echojin
public = no
writeable = yes
printable = no
create mask = 0765

I hope it helps.
greetings!

Yes, I have managed to get WinXP to browse and use files on a Linux Server.....

What you need to do is use "NetBeui" on the Windows XP box for it to see a Linux system. As Netbeui doesnt install standard with XP - you need to manually add it in. Take a look on the XP CD - the Netbeui protocol is there...
After this, you should be able to browse a Linux Netowrk.
If you have security = user or server, need encryption turned on for the Linux system.
Then manually add in the users from the Linux server using the smbadduser command....

Should be a goer after this....

I have been able to get XP Pro workstation to authenticate off a RedHat 7.2 PDC (which in turn uses OpenLDAP, by the way), but needed the following trick:

Registry Hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000

Or, though the GUI: Control Panel->Administrative Tools->Local Security Settings->Local Policies->Security Options->Domain Member: Digitally encrupt or sign... SET THIS TO DISABLED.

Cheers
Nick

Thank you for the above posts, but... The problem isn't that Windows XP can't browse the network and access the samba share. I have no problem access shares through the workgroup if I create a user on the XP box that has access. That is not the point of a PDC. It is used as a central point for authenticating any domain user from any machine.

Thanks NickPGSmith!

I'll try that right away...although, I hope samba has an update that resolves this issue so I won't have to do that on all future machines that run winxp.

(MS seems to be trying their best to disallow non-MS PDC's)

The problem I am having is similar, I think. When I try to join the XP PRo machines to the Linux PDC, XP asks for an account with permission to join the domain. What ever account name i try to use comes back with "Access Denied" on the XP box. I am running Red Hat 7.3. Are we on the same page, RON1N?

I have the exact same problem and if anybody sorts it out I would love to hear

lmillis : Yes, I think we are dealing with the same problem, as long as you can get a winnt or win2k box to join without a problem. I haven't gotten a chance to try the regedit yet on the XP machine yet. I was on vacation.

I got this from a news group but still having trouble if someone else can make it happen let us know

As you point out you have a PDC!!! set up on samba.
A PDC is a primary DOMAIN controller. So far so good. You can use this pdc
with win9x clients without any problem. The only thing is that win9x clients
aren't part of a DOMAIN. they just browse a workgroup.
In order for a win2k, winXP client to join the DOMAIN, the PDC must tell it
that it is allowed to.
For that you MUST have a machine trust account on the PDC.
With samba you just make a user with the machine name (add it to
/etc/passwd) but you must add a '$' on the end.
for the machine name XP_machine -> XP_machine$
Next step is to add the same user to the samba password file (if you use
encrypted passwords, which you should)
'smbpasswd -a -m XP_machine'
that should solve the problem on the samba pdc.

next you must join the xp machine to the domain (done from windows.
right-click My Computer, Properties, Network Identification, the Join the
domain)

Yes, I know. As I stated before... I have no problem getting the EVERY other version of windows to logon to this domain. I know all too well how to setup a Samba Primary Domain Controller and add machine names to the domain. That was not my question.
That is a false statement. Windows 95 and 98 CAN LOGON to a Samba or WindowsNT Domain. They are NOT limited to just workgroup access. WindowsXP is the only one that does not want to play nice with Samba by default. It appears you HAVE to edit the registry to make it possible.

gizbon : FYI
Why the hell do you think I said "PDC". I said PDC because that's what it is. It really pisses me off when people don't read the other posts on a thread and then try to be a smartass and post useless info.

RON1 I GOT IT!!!
Finally! Here are the mistakes i made and how i fixed them. First mistake was adding the machine account incorrectly. I needed to add it from the command line, not the gui. Here's the exact syntax i used:

/usr/sbin/useradd -d /dev/null -c "machine id" - s /bin/false machine_name$
Next passwd -l machine_name$

Make certain you have an entry for Root in the smbpasswd with the correct password. ( you probably already have done this).
Then restart the smb service.

On the XP Box: Go to control panel> Administrative Tools> Local Security Policy > Local Policies > Security Options > Then disable the six or seven items that have to do with "DOmain Member."

Then do the regedit > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000

Then go to join the domain. I almost cried when I got the message "Welcome the Student Domain"

If I forgot anything, email me and I'll be glad to help!!!

Looks good. Congrats lmillis