On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <[email protected]> wrote: > Hi > > I'm on ubuntu 10.04 LTS fully up to date. > > Am running a samba-ldap server but for some reason I can't connect a > new fully updated XP machine to the domain. > > I've added other machines (6 months ago now, none since) successfully. > > I see a file /var/log/samba/log.machinename, but > /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have > anything of note. > > Using 'net rpc rights list' I have confirmed that my user can add > users/machines to the domain. > > There is no firewall problem - there is no firewall between these > machines, as they are on a local LAN together and the XP's firewall is > disabled. > > I can successfully map a shared drive on the XP machine using the same > credentials. (and, in fact, if I don't disconnect that share, I get a > different error about not being able to have more than one connection > at the same time) > > Samba conf is here: http://paste.ubuntu.com/713761/ > > I've tried changing security from user to domain and back, without success. > > The error I get after entering the same credentials as above is > "Access is denied". > > Any ideas? Even any pointers on how I might trace the network traffic > to see where the issues are, since there's no data in the logs of > note? > > I'm not excellent at the smb/ldap, and while I did set this server up, > I didn't configure the smbldap part of the set up, so I'm not 100% > sure or certain about what is happening there - am I doing something > wrong in that regard? > > Other machines and users are happily connected to the server over > smb/ldap, and when I look at their computer->properties, it says they > are on the domain SBLS, which is what I expected and what I am trying > to connect the current machine to. > > Any help appreciated. > > cheers > L. >
This may no longer be official Samba policy, so someone please correct me if I am wrong, but have you tried setting the registry/gpedit fixes before joining? Here is what I do on our XP machines: Start->Run, run gpedit.msc Change the following: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options branch. Make sure to disable the following policies: Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally sign secure channel data (when possible) Computer Configuration\Administrative Templates\System\User Profiles Make sure to enable the following policy: Do not check for user ownership of Roaming Profile Folders After you make the changes, reboot (not sure if it is required, but always a good policy with Windows), then try to join the domain again. Join the domain first before mapping any drives or anything like that. Anyway, just a thought. Hope it helps. Preston -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
