I've had the same problem in the past. Are you sure that the Domain SID is the same? I mean, if WinXP has already joint to one domain (on different machine for example), the operating system saves a kind of Domain ID called SID, and it is unique. You can view the SID on samba typing net getlocalsid, and you can force to change it typing net setlocalsid... I hope this helps
On 5/23/06, Rodney Richison <[EMAIL PROTECTED]> wrote:
It may be I'll need to join a samba group, but I thought I may get a quick answer. Am attempting to do a test install of samba as a primary domain controller. I can see the shares and navigate them. However, when I attempt to join the domain, WinXP says "username could not be found". I have a root user with a password. I can see it's shares as well if I use the root name and password. So the problem appears to be ONLY when I try to join. I'll post some logs for /var/logs/samba/log.0.0.0.0 as they may be a hint. [2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected [2006/05/23 09:56:15, 0] lib/access.c:check_access(328) [2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2006/05/23 09:56:15, 1] smbd/process.c:process_smb(1084) [2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 5 bytes to socket 27: ERRNO = Connection reset by peer [2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) r writing 5 bytes to client. -1. (Connection reset by peer) [2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) r writing 5 bytes to client. -1. (Connection reset by peer) Below is my smb.conf file. [global] # the domain name workgroup = pdc smb passwd file = /etc/samba/smbpasswd # the server's name netbios name = file-server # comment describing what the machine is server string = the file server # workstations will set their time by this server time server = yes # security and logging settings security = user ; this must be 'user' on a PDC # allow connections only from the local machine and the 10.0.0.* address range: # (you'll want to change this if your network uses a different addressing range) hosts allow = 127.0.0.1 192.168.1. # don't allow connections from any other IP address ranges than defined by 'hosts allow': hosts deny 0.0.0.0/0 # only allow connections from ethernet cards and the loopback address: interfaces = eth* lo bind interfaces only = yes # for Windows 2000 encrypted passwords encrypt passwords = yes # provide logon scripts, home directories etc aswell as authentication domain logons = yes log file = /var/log/samba/log.%m # log level = 2 # put a capping on the size (in kB) of the log file max log size = 50 # PDC and master browser settings os level = 64 ; ensure this machine consulted 1st regarding current browse list preferred master = yes local master = yes domain master = yes ; This is the Primary Domain Controller # automatedly add a Linux and Samba machine account add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u # user profiles and home directory # the local path to which the home ([HOMES]) directory will be connected logon drive = H: # where 'profiles' = [profiles] further on logon path = \\%L\profiles\%U logon script = netlogon.bat ; logon script, location defined in [NETLOGON] # define user mappings between this system and Windows systems. # without this you get asked for a password even if none is required # username map = /etc/samba/users.map # but if you've created SMB users on here you don't need it # fine-tuning Samba for increased speed on Linux systems # SO_KEEPALIVE - sends a probe every 4 hours to check that a connection is still active. if the connection does not respond, it is closed # TCP_NODELAY - # IPTOS_LOWDELAY - # SO_SNDBUF=14596 - 14596 is roughly the best in most ciscumstances, it may be able to be tuned better for your system # SO_RCVBUF=14596 - same reason as above socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_KEEPALIVE, SO_SNDBUF=14596, SO_RCVBUF=14596 # keep the case when saving; when looking for a file # matching is done without regard to case, as expected by Windows preserve case = yes short preserve case = yes case sensitive = no # check every 30 seconds to see if client has disconnected # I've used 30 so that the Samba server can be restarted and # maybe the connections won't be lost keep alive = 30 #sync Unix passwords from Windows workstations using PAM unix password sync = yes pam password change = yes # printing printing = BSD print command = /usr/bin/lpr -r %s min print space = 2000 # --- shares --- [printers] # (picks up all printers specified in /etc/printcap) # tell Samba its a printer share, not a disk share printable = yes # printer = lp read only = yes guest ok = yes [profiles] comment = users' profile directories path = /home/samba/profiles read only = no browseable = no create mask = 0600 ; rwx-xxx-xxx only the user can read/write files directory mask = 0700 ; rwx-xxx-xxx directories must be executable if they are to be navigated # [root] # for administration purposes # path = / # browseable = yes # browseable was no # writeable = yes # valid users = @admins [homes] # 'logon drive' won't work without this section # if you want to set the home directory somewhere other than the Unix home: # path = volume = HOME comment = home directories read only = no # don't display a 'homes' share as well as the '%U' share browseable = no public = no create mode = 0750 [programs] # map P: to this. use it to install programs to # and to point programs to that don't like using UNC comment = installed programs path = /usr/windows read only = yes write list = @admins browseable = yes [shared] comment = shared space for everyone path = /home/bank/shared read only = no browseable = yes # match Unix permissions set on files force create mode = 0660 # match Unix permissions set on the directory force directory mode = 3770 [cdrom] comment = Server's CD-ROM path = /cdrom read only = yes # speed up file access as this is a read-only file system locking = no [NETLOGON] # required for Windows authentication comment = The domain logon service path = /home/netlogon read only = yes # 'read only' can be changed to 'no' whilst you edit this file # but revert back to 'yes' for normal secure operation browseable = no write list = @admins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Michele Della Marina [EMAIL PROTECTED]
