Well, I never did get any replies on this, but I have, in the interim, discovered the problem. So, for posterity I'm posting the answer here in case someone else comes along with a similar problem. The original smb.conf from the old server included a line setting the guest account to "smbguest". Whereas this account existed on my old system, I had not created it on the new system. As soon as I created this account, BOOM, everything started working exactly as it had before.
On Sun, 5 Dec 2004, Aaron Smith wrote:
I have been running a Samba PDC with Samba version 3.0.0 on Redhat 7.3 for quite some time. My WinXP Pro SP2 system is part of the domain and everything has been working just peachy. And then, of course, I had to tinker with it. I upgraded the linux box to Whitebox Linux 3.0, a derivative of Redhat Enterprise Linux 3.0. It comes with Samba 3.0.7. After installing and updating everything, I brought over the entire contects of my /etc/samba directory and loaded a previously saved LDIF file for my LDAP server (which samba authenticates to). No changes were made in any of these files and no changes were made on the WinXP box. If I do an "smbclient -L <linux-box-name>" it prompts me for a password, which is accepted, and a list of shares is presented. If I do the same thing using the WinXp's name, I get:
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
If I attempt to log in with a domain account on the XP box, I get a dialog box that says:
"Windows could not connect to the domain, either because the domain controller is down, of otherwise unavailable, or because your computer
account was not found."
I *AM* able to remove the XP machine from the domain and re-add it without
incident. Or at least, I get the "Welcome to the PANDORANET Domain" message when adding it so I'm assuming the kali$ machine account is being properly found.
I suspect that this has something to do with the schannel settings. Samba reports that all 4 settings are currently set to "Auto" which seems to be the ideal setting. The first thing I tried was the registry change for signorseal to 0, but that had no affect. Currently, under the Local Security settings, I have for what I believe are the pertinent settings:
Domain member: Digitally encrypt or sign secure channel data (always): Enabled
Domain member: Digitally encrypt secure channel data (when possible): Enabled
Domain member: Digitally sign secure channel data (when possible): Enabled
Microsoft Network Client: Digitally sign communications (always): Disabled
Microsoft Network Client: Digitally sign communications (if server agrees): Enabled
Microsoft Network Server: Digitally sign communications (always): Disabled
Microsoft Network Server: Digitally sign communications (if server agrees): Enabled
Anyone have any ideas? I've been tearing my hair out over this all weekend!
-----------------------------------------------------------------
Aaron Smith vox: 269.226.9550 ext.26
Network Director fax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com
...Nexcerpt... Extend Your Expertise -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
