Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
10-03-2002, 11:47 PM
|
#1
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Rep:
|
Samba PDC and WindowsXP Professional
Hello all. I've been checking out this forum for a while, and it's the best linux forum I've seen.
I've been a slackware user for a long time and have been unable to find a solution to this problem.
I'm currently using Slackware 8.1 in a network server role including it being a Primary Domain Controller for windows machines (for centralized user authentication). All versions of windows authenticate to the domain without any trouble (including Windows 2000 sp3), with one exception: Windows XP Professional. When I try to join it to the domain it just says access denied.
I've been searching for this solution (if there is one) and thought I may as well ask, since there are no previous threads dealing with this issue.
If need be, I can post my smb.conf file. Although, like I said, it's only XP that is having the problem. All my other windows machines have no problem logging onto the domain and accessing the domain shares, changing user passwords from windows, etc. Although I'm still trying to figure out a way for windows machines to change file permissions on server shares by using the right-click --> properties --> permission/security menu. This may, however, not be possible.
Ideas? Questions? Comments?
Thanks in advance.
...and please, no comments like "It's easy, eliminate windows machines on your network" etc.
|
|
|
10-04-2002, 07:53 AM
|
#2
|
LQ Newbie
Registered: Oct 2002
Distribution: redhat-7.3
Posts: 9
Rep:
|
hallo all, I am new to this forum and also to linux,
just now I am using Linux redhat-7.3 and Windows-XP,
I have changed some configurations, e.g. WORKGROUP, SHARE ... in the smb.conf, but unlucky smb isn't working, can anybody help me? Thanx!
|
|
|
10-04-2002, 09:25 AM
|
#3
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
Since you aren't using a domain, and you are just trying to get XP to access shares on you linux machine, you can use a pretty much default samba configuration.
Make sure they are both using the same "workgroup".
If you are using "security = user", you will need to add any users that will access samba.
# add a linux user account
useradd -g "groupid" -m "username"
passwd "username"
# add the user to samba
smbpasswd -a "username"
|
|
|
10-04-2002, 05:28 PM
|
#4
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
Any ideas?
Has no one else tried to get a windows xp machine to logon to a Linux Domain controller before?
|
|
|
10-05-2002, 06:15 AM
|
#5
|
LQ Newbie
Registered: Oct 2002
Distribution: redhat-7.3
Posts: 9
Rep:
|
Thanx, I have checked sam.conf, it shows that in some optional commands:
server string = Samba Server // ok?
....
[Share]
comment: samba test
path: /home/share
valid users = Echojin
public = no
writeable = yes
printable = no
create mask = 0765
I hope it helps.
greetings!
|
|
|
10-06-2002, 04:13 AM
|
#6
|
LQ Newbie
Registered: Oct 2002
Location: Australia
Distribution: Mandrake 8.X & Redhat 7.X
Posts: 7
Rep:
|
Yes, I have managed to get WinXP to browse and use files on a Linux Server.....
What you need to do is use "NetBeui" on the Windows XP box for it to see a Linux system. As Netbeui doesnt install standard with XP - you need to manually add it in. Take a look on the XP CD - the Netbeui protocol is there...
After this, you should be able to browse a Linux Netowrk.
If you have security = user or server, need encryption turned on for the Linux system.
Then manually add in the users from the Linux server using the smbadduser command....
Should be a goer after this....
|
|
|
10-06-2002, 12:15 PM
|
#7
|
LQ Newbie
Registered: Oct 2002
Location: Lingfield, Surrey, UK.
Posts: 1
Rep:
|
XP Pro w/s, RHat 7.2 PDC
I have been able to get XP Pro workstation to authenticate off a RedHat 7.2 PDC (which in turn uses OpenLDAP, by the way), but needed the following trick:
Registry Hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000
Or, though the GUI: Control Panel->Administrative Tools->Local Security Settings->Local Policies->Security Options->Domain Member: Digitally encrupt or sign... SET THIS TO DISABLED.
Cheers
Nick
|
|
|
10-09-2002, 12:34 AM
|
#8
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
Thank you for the above posts, but... The problem isn't that Windows XP can't browse the network and access the samba share. I have no problem access shares through the workgroup if I create a user on the XP box that has access. That is not the point of a PDC. It is used as a central point for authenticating any domain user from any machine.
Thanks NickPGSmith!
Quote:
Registry Hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000
Or, though the GUI: Control Panel->Administrative Tools->Local Security Settings->Local Policies->Security Options->Domain Member: Digitally encrupt or sign... SET THIS TO DISABLED.
|
I'll try that right away...although, I hope samba has an update that resolves this issue so I won't have to do that on all future machines that run winxp.
(MS seems to be trying their best to disallow non-MS PDC's)
|
|
|
10-10-2002, 08:52 PM
|
#9
|
LQ Newbie
Registered: Sep 2002
Location: Orange County, CA USA
Distribution: RED HAT 7.2
Posts: 2
Rep:
|
The problem I am having is similar, I think. When I try to join the XP PRo machines to the Linux PDC, XP asks for an account with permission to join the domain. What ever account name i try to use comes back with "Access Denied" on the XP box. I am running Red Hat 7.3. Are we on the same page, RON1N?
|
|
|
10-13-2002, 04:02 PM
|
#10
|
LQ Newbie
Registered: Oct 2002
Location: Dublin Ireland
Distribution: Redhat 7.2 and 8.0
Posts: 27
Rep:
|
I have the exact same problem and if anybody sorts it out I would love to hear
|
|
|
10-14-2002, 11:11 AM
|
#11
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
lmillis : Yes, I think we are dealing with the same problem, as long as you can get a winnt or win2k box to join without a problem. I haven't gotten a chance to try the regedit yet on the XP machine yet. I was on vacation.
|
|
|
10-14-2002, 05:16 PM
|
#12
|
LQ Newbie
Registered: Oct 2002
Location: Dublin Ireland
Distribution: Redhat 7.2 and 8.0
Posts: 27
Rep:
|
I got this from a news group but still having trouble if someone else can make it happen let us know
As you point out you have a PDC!!! set up on samba.
A PDC is a primary DOMAIN controller. So far so good. You can use this pdc
with win9x clients without any problem. The only thing is that win9x clients
aren't part of a DOMAIN. they just browse a workgroup.
In order for a win2k, winXP client to join the DOMAIN, the PDC must tell it
that it is allowed to.
For that you MUST have a machine trust account on the PDC.
With samba you just make a user with the machine name (add it to
/etc/passwd) but you must add a '$' on the end.
for the machine name XP_machine -> XP_machine$
Next step is to add the same user to the samba password file (if you use
encrypted passwords, which you should)
'smbpasswd -a -m XP_machine'
that should solve the problem on the samba pdc.
next you must join the xp machine to the domain (done from windows.
right-click My Computer, Properties, Network Identification, the Join the
domain)
|
|
|
10-15-2002, 05:40 PM
|
#13
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
Quote:
For that you MUST have a machine trust account on the PDC.
With samba you just make a user with the machine name
(add it to /etc/passwd) but you must add a '$' on the end.
for the machine name XP_machine -> XP_machine$
Next step is to add the same user to the samba password file
(if you use encrypted passwords, which you should)
'smbpasswd -a -m XP_machine'
that should solve the problem on the samba pdc.
|
Yes, I know. As I stated before... I have no problem getting the EVERY other version of windows to logon to this domain. I know all too well how to setup a Samba Primary Domain Controller and add machine names to the domain. That was not my question.
Quote:
A PDC is a primary DOMAIN controller. So far so good. You can use this pdc with win9x clients without any problem. The only thing is that win9x clients aren't part of a DOMAIN. they just browse a workgroup.
|
That is a false statement. Windows 95 and 98 CAN LOGON to a Samba or WindowsNT Domain. They are NOT limited to just workgroup access. WindowsXP is the only one that does not want to play nice with Samba by default. It appears you HAVE to edit the registry to make it possible.
gizbon : FYI
Why the hell do you think I said "PDC". I said PDC because that's what it is. It really pisses me off when people don't read the other posts on a thread and then try to be a smartass and post useless info.
|
|
|
10-16-2002, 11:15 AM
|
#14
|
LQ Newbie
Registered: Sep 2002
Location: Orange County, CA USA
Distribution: RED HAT 7.2
Posts: 2
Rep:
|
RON1 I GOT IT!!!
Finally! Here are the mistakes i made and how i fixed them. First mistake was adding the machine account incorrectly. I needed to add it from the command line, not the gui. Here's the exact syntax i used:
/usr/sbin/useradd -d /dev/null -c "machine id" - s /bin/false machine_name$
Next passwd -l machine_name$
Make certain you have an entry for Root in the smbpasswd with the correct password. ( you probably already have done this).
Then restart the smb service.
On the XP Box: Go to control panel> Administrative Tools> Local Security Policy > Local Policies > Security Options > Then disable the six or seven items that have to do with "DOmain Member."
Then do the regedit > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000
Then go to join the domain. I almost cried when I got the message "Welcome the Student Domain"
If I forgot anything, email me and I'll be glad to help!!!
|
|
|
10-16-2002, 02:00 PM
|
#15
|
Member
Registered: Sep 2002
Location: United States
Distribution: Slackware 8.1, 9.0 / Debian 3.0
Posts: 44
Original Poster
Rep:
|
Looks good. Congrats lmillis
|
|
|
All times are GMT -5. The time now is 02:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|