Dale: There is no client firewall on any of the machines in question. The windows XP firewall has been disabled.
-Marshall On Tue, Apr 29, 2008 at 12:57 PM, Dale Schroeder < [EMAIL PROTECTED]> wrote: > Marshall, > > One last guess: Windows Firewall. Is it turned on? For comparison, in > the AD domain I administer, I have to turn off the XP firewall or create an > exception for tcp port 113 to join the domain. Otherwise, it just sits > there until it times out. So, if any client firewall is running, try > turning it off or making an exception. > > Dale > > > Marshall Buschman wrote: > > Dale: > > I'm continuing to investigate - ipconfig /all shows both WINS servers. > /var/cache/samba/wins.dat contains the xp machines. > I do have a local DNS server, and it does resolve typical addresses ( > google.com) as expected. > My PDC and BDC have A and PTR records that resolve properly, but nothing > special other than that. > > Nothing appears in the logs on either the PDC or BDC. > > I've recently tried using the ForensiT User Profile Wizard, which tries to > join the domain as part of it's process. > It's interesting that using this tool, when auth fails, wireshark shows no > conversation between the XP box and the DC - it looks like the XP isn't even > trying to connect to the PDC. > > I've seen similar results using wireshark and the normal domain joining > facilities. > I've attempted to disable the signorseal requirements, which have no > effect. > > The only effective solution is adding an entry to the lmhosts file, which > is undesirable. > > -Marshall > > On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder < > [EMAIL PROTECTED]> wrote: > > > Marshall, > > > > Running out of ideas, but: > > Have you checked the wins.dat file to see if it is actually being > > populated with the xp machines? > > Does "ipconfig /all" on the xp machines list the wins server? > > If using it, is DNS working properly? > > Any other clues in the logs? > > > > In "name resolve order =" I list wins first to give it the first chance > > at name resolution. > > I also don't have the multi-subnet issue to deal with, but some admins > > put a wins server on each subnet. > > > > Dale > > > > > > Marshall Buschman wrote: > > > > > Dale: > > > > > > Correct. I've implemented this option on all of the relevant subnets. > > > I'm doing something like this: > > > > > > ----------------------------------------------------------------------------------------- > > > option netbios-name-servers 1.2.3.4, 1.3.3.7; > > > > > > ----------------------------------------------------------------------------------------- > > > > > > Where 1.2.3.4 is the old windows 2000 DC that we're migrating away > > > from, and > > > 1.3.3.7 is the samba PDC. > > > > > > I tested this, and found it to work appropriately under Windows 2000 > > > clients, but not Windows XP clients. > > > > > > I've even statically assigned an XP client an IP and WINS server, and > > > it > > > still does not work consistently. > > > > > > I still get the following error most of the time: > > > > > > The following error occurred attempting to join the domain "FOO": > > > Logon failure: unknown user name or bad password. > > > > > > Windows 2000 clients function perfectly. > > > > > > Any ideas? Especially why only the XP clients have an issue? > > > > > > -Marshall > > > > > > > > > On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder < > > > [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Marshall, > > > > > > > > Since you have many clients, I'm guessing you have a dhcp server > > > > running. > > > > If so, do you have a netbios nameserver option enabled in the dhcp > > > > config? > > > > In ISC's dhcp3 server it is "option netbios-name-servers > > > > xxx.xxx.xxx.xxx;" > > > > > > > > Of course, on clients with static ip's, wins config must be done > > > > manually, > > > > and IIRC, the options changed somewhat in XP. The default is to get > > > > netbios > > > > info from the dhcp server. > > > > > > > > Good luck, > > > > Dale > > > > > > > > > > > > > > > > > > > > Marshall Buschman wrote: > > > > > > > > > > > > > > > > > Hey All: > > > > > > > > > > I've got a working samba/ldap domain with a PDC in a datacenter > > > > > and a BDC > > > > > in > > > > > my local office. > > > > > > > > > > I'm not able to reliably join a windows XP Pro machine to the > > > > > domain by > > > > > specifying the PDC as a wins server. > > > > > > > > > > I get the following error 90% of the time or more, with no > > > > > discernible > > > > > patterns or errors in any logs: > > > > > --------------------------------- > > > > > The following error occurred attempting to join the domain "FOO": > > > > > Logon failure: unknown user name or bad password. > > > > > --------------------------------- > > > > > > > > > > Windows 2000 machines join the domain 100% of the time. > > > > > > > > > > Adding a line to the lmhosts file like this: > > > > > --------------------------- > > > > > 1.2.3.4 foopdc #PRE #DOM:FOO #net group's DC > > > > > --------------------------- > > > > > Causes the XP machine to be able to join the domain 100% of the > > > > > time. > > > > > > > > > > I have many clients, and adding this file to the lmhosts file > > > > > everywhere > > > > > isn't feasible. > > > > > > > > > > The real question is - why doesn't WINS work? > > > > > I can run net view and see all the machines.. > > > > > > > > > > I'd really appreciate any help you guys can provide. > > > > > > > > > > -Marshall > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.523 / Virus Database: 269.23.6/1403 - Release Date: 4/29/2008 > 7:26 AM > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
