pdc and xp

i am running redhat 7.3 with a samba 2.2.3a-6 server acting as primary domain controller. i am testing out XP Professional which i have just acquired and have found difficulty loggin onto the domain.

the error i get is along the lines of "Windows XP could not findthe domain controller, perhaps it is down. or there is no machine account on the server."

neither of these are true because i just joined the domain two minutes ago.

I have downloaded all the registry patch files changing the REquireSignOnSeal or whatever it was but still i get the error.

I haven't posted the smb.conf because i don't think it has anything to do with that (win2k logons work no-problem), unless there is some new directive that i have not heard of yet.

any help would be appreciated. thanks

----------

if you find my advice useful, please rate me.

Is there a WINS server on the network? If not, have you attempted to place in the lmhosts file a DOMAIN Identifier? It should be in this format:

IP ADDRESS      SERVER NAME              DOMAIN NAME
192.168.1.1     server         #PRE #DOM:(domain name)

Let me know if this helps.

James Collins
Field Service Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

Hi,
I´ve the same problem. The machine joins the domain OK, but I cannot log on to the domain after reboot.
I´ve applied the SigOrSeal patch and the registry changes, but the problem persists. We have WINS server (Is the same that PDC - Samba), and I modified the lmhosts of the workstation, but I still get the "Domain controller cannot be found" error.
Any help will be welcome.
Thanks
Marcelo Peralta

Hello !

I've Exactly the same problem !
Same as Toqui.

here is my smb.conf:
# Global parameters
[global]
    workgroup = DOMLINUX
    netbios name = SARAZLIN01
    server string = Samba Server %v
    encrypt passwords = Yes
    allow trusted domains = No
    log level = 3
    log file = /var/log/samba/log.%m
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = lpstat
    add user script = /usr/sbin/useradd -s /bin/false %u
    domain logons = Yes
    os level = 63
    preferred master = True
    domain master = True
    dns proxy = No
    printing = cups

[homes]
    comment = Home Directories
    read only = No
    browseable = No

[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = Yes
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    create mask = 0700
    guest ok = Yes
    printable = Yes
    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
    browseable = No

[print$]
    path = /var/lib/samba/printers
    write list = @adm root

[tmp]
    comment = Temporary file space
    path = /tmp
    read only = No
    guest ok = Yes

[public]
    comment = Public Stuff
    path = /home/samba/public
    guest ok = Yes

Where is the mistake ?
Any help will be welcome.

Bye, thanks
Jean-Francois Vétu

I am having the same problem.  I just setup a Samba PDC roughly a month a go. Version 2.2.3a. RH 7.3 Package.

Xp and Win2k have all been able to join.  The windows 2000 machines are working perfectly.

On the otherhand. Windows XP is not.  Some of my XP machines are perfectly fine. No Login problems what so ever.
Other ones provide this message after a couple hours, a day, or a week, but seemingly out of the blue:

"Windows cannot connect to the domain, either because, the domain controller is down or otherwise unavailable, or because

your computer account was not found.  Please try again later. If this message continues to appear contact your Sys Admin for

help."

Do the machines have accounts? YES
Is the PDC down? NO
Were these machines connected and working on the domain a few hours ago? YES.
Are other machines logging in and out right now?YES

I have had one other mind boggling problem.  I forgot to add an account for one system.  But the computer and the user were

joined to the domain irregardless ( I do not have an automatic script for adding machines ). I noticed in the logs, that

there was an error that machine account was not available for the computer. So I added it.  All of sudden the user was unable

to login as well.  I remove the account and presto the user can login again.

I have added the sign or seal registry patch. To the current control set as well as the others.

Disabled the appropriate options or made sure they were under Local Security Policy
I edited or checked the following entries:
    "Domain member: Digitally encrypt or sign secure channel(Disabled)"
    "Domain member: Disable machine account password changes(Disabled)."
    "Domain member: Require strong (Windows 2000 or later) session key(Disabled)"


My machines have accounts in the /etc/passwd and /etc/samaba/smbpasswd file
My users have accounts in /etc/passwd and /etc/samba/smbpasswd
No errors in my smb.conf file.
domain logons = yes
security = user
encrypt passwords = yes
domain master = yes

Any ideas? Any solutions? Anybody else have the problem?

Cheers
Sono

This unfortunately doesn't seem to be a problem of either domain controller or the Windows XP software itself. Windows XP is more picky than any of the past OSes that Microsoft has ever put out. What it all comes down to is a configuration error in either the Samba software or the Windows XP software. In most cases it is the latter and not the former. I've discovered that the DNS server requires three factors in order to join a domain instead of commanding it. Just go to Start > Help and Support. Enter in the keywords "Join Domain" and search on that. In the resulting dialog... it lists the three requirements of joining an Active Directory Domain (!) ARgh! F***ing Microsoft!!!! It seems that inside the DNS records of your local network there is the requirement of an address record pointing to _ldap._tcp.dc._msdcs.DNSDomainName. Along with the requirement of having the computer configured with the IP address of the preferred DNS server (being the one that contains the record), and finally a 'service (SRV) resource record'. That last requirement I've been looking for a definition to a service resource record to implement it into my current DNS records and haven't been able to find it yet. I'm currently searching as I'm writing this and editing the files. *WHEW!* well... as I've found out it's entered into the corresponding files just like an address record, except with Preference, Weight, Port, and Target values (num, num, num, host name or IP address). This might work with some problems. But apparently it's not working with mine. *Groan*... I'm about to give up on this for the day. So far all the machines work on the samba PDC just fine and as they should, all except for my single Windows XP machine. I'm going to see if I can find anything else. I'll post more when I find it. Hopefully, it'll work and then all this crap will pay off. If anyone else finds something that may help... I'll watch for the post and maybe you could email it to me at magictw77@telocity.com. Otherwise, I'll be pulling my hair out with the most stable troublesome OS Microsoft has ever put out.

Hi all if you haven't found out the answer yet here it is :-)

The problem is with XP's settings (it's even in the knowledge bass) weither they did this on perpose or not who knows.

Heres how you fix it:

*Log in a Administrator and change password encryption to optional
**Control Pannel -> Maintiance -> Administration Tools -> **Local securty Policy
**Local Policies -> Security Options
**Disable Domain member: Digitally encrypt or sign secure channel data (always)

So I created a SRV RR on my DNS server (BIND 9), and BOOM!!! it worked.

But, then I logged out and attempted it again, and again the same error.

Damn you Windows XP!!!

Will go back to the drawing board

Ok so now I tried to use the wizard to join the domain, and it works flawlessly.

These were the steps taken.

1) Registry Hack
2) Disabled encryption in the securty admin
3) Disabled Kerb auth attempts ( not sure if its neccessary)
4) Created SRV RR for the domain
5) Used wizard to join the Domain
6) Whaaa Laaaaa

if you have any questions email me

paguayo@teachscape.com

I had some initial problems connecing winxp to domains... however, even after applying all the registery hacks it still wouldn't work....

The problem was in the machine accounts.... on the samba side they need to be in lowercase.... One of my computers is called Minime (with a capital M)  and when the machine account on the samba side was Minime$ it wouldn't let me connect (giving the usual MS Cryptic BS message) however, upon changing it to minime$ everything worked fine...

Nick.

I had all these problems, and where I'm totally lost what SRV RR record is I tryed lookin in MS KB and came across article that said that XP picks up netbios settings from WINS or DHCP server. Where I runnig 3 SuSE 8.0 linux servers an no windows sever to go with it and did not configur any netbios setting in either sevce Netbios over TCP IP needs to be manually enabled on the adapter.