Hi all, FWIW, I've solved this problem.
I saw here: lists.samba.org/archive/samba/2003-April/065870.html that 'only root can add a machine to a domain'. I thought this was odd and incorrect, and the post was from 2003, so I didn't hold out hope, but at this stage, I'd try anything. I "changed" the root passwd via smbldap-passwd and tried adding the machine to the domain using the root user and viola, problem solved. Out of interest though - is it still the case that only root can add a machine to the domain? cheers L. On Fri, Oct 21, 2011 at 05:37, Preston Hagar <[email protected]> wrote: > On Wed, Oct 19, 2011 at 11:15 PM, Lachlan Musicman <[email protected]> wrote: >> Hi >> >> I'm on ubuntu 10.04 LTS fully up to date. >> >> Am running a samba-ldap server but for some reason I can't connect a >> new fully updated XP machine to the domain. >> >> I've added other machines (6 months ago now, none since) successfully. >> >> I see a file /var/log/samba/log.machinename, but >> /var/log/samba/log.nmbd and /var/log/samba/log.smbd don't have >> anything of note. >> >> Using 'net rpc rights list' I have confirmed that my user can add >> users/machines to the domain. >> >> There is no firewall problem - there is no firewall between these >> machines, as they are on a local LAN together and the XP's firewall is >> disabled. >> >> I can successfully map a shared drive on the XP machine using the same >> credentials. (and, in fact, if I don't disconnect that share, I get a >> different error about not being able to have more than one connection >> at the same time) >> >> Samba conf is here: http://paste.ubuntu.com/713761/ >> >> I've tried changing security from user to domain and back, without success. >> >> The error I get after entering the same credentials as above is >> "Access is denied". >> >> Any ideas? Even any pointers on how I might trace the network traffic >> to see where the issues are, since there's no data in the logs of >> note? >> >> I'm not excellent at the smb/ldap, and while I did set this server up, >> I didn't configure the smbldap part of the set up, so I'm not 100% >> sure or certain about what is happening there - am I doing something >> wrong in that regard? >> >> Other machines and users are happily connected to the server over >> smb/ldap, and when I look at their computer->properties, it says they >> are on the domain SBLS, which is what I expected and what I am trying >> to connect the current machine to. >> >> Any help appreciated. >> >> cheers >> L. >> > > This may no longer be official Samba policy, so someone please correct > me if I am wrong, but have you tried setting the registry/gpedit fixes > before joining? > > Here is what I do on our XP machines: > > Start->Run, run gpedit.msc > > Change the following: > > Computer Configuration\Windows Settings\Security Settings\Local > Policies\Security Options branch. > > Make sure to disable the following policies: > > Domain Member: Digitally encrypt or sign secure channel data (always) > > Domain Member: Digitally sign secure channel data (when possible) > > Computer Configuration\Administrative Templates\System\User Profiles > > Make sure to enable the following policy: > > Do not check for user ownership of Roaming Profile Folders > > > After you make the changes, reboot (not sure if it is required, but > always a good policy with Windows), then try to join the domain again. > Join the domain first before mapping any drives or anything like > that. > > Anyway, just a thought. Hope it helps. > > Preston > -- The politician’s syllogism, also known as the politician’s logic or the politician’s fallacy, is a logical fallacy of the form: - We must do something - This is something - Therefore, we must do this. (via http://bestofwikipedia.tumblr.com/ ) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
