[H-GEN] samba computer domain accounts and XP pro

Tony Nugent tony at linuxworks.com.au
Mon Jul 28 03:05:05 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

I'm trying to get some winXP pro boxes to become full members of a
domain where the PDC is a samba server for a mixed w98se (mostly),
nt, and w2k (rarely) environment.  (This is my first taste of using
xp pro in a samba network, so I'm getting rapidly educated:)

This is rh7.3 using an ldap-enabled samba-2.2.7-3.7.3 (ldap in
nsswitch, working fine btw).

Is there a trick to getting xp to work as a domain client with samba
as the PDC?  Am I missing something... should it "just work" as
advertised?  Or does something specific need to be tweaked on the xp
and/or samba boxes?

It almost works... as is usual for NT/w2k domain accounts, I added
the netbios name of the xpbox$ as a user account (in ldap), done
"smbpasswd -a -m xpbox$", then attempted to add the xpbox to the
domain on the client.  It works for nt/w2k, and at this point it
_appears_ to work for xp.  (ohgohd, *hate* those ugly wizards!  what
happened to a simple right-click properties menu for configuring
something as fundamental as networking?  yeech! :)

However after the mandatory reboot, any attempt to logon to the
domain results in an immediate refusal to do so (no domain
controller found).  It works fine in a workgroup or logging in to
the local xpbox - all the other hosts and shares are there on the
network (access depending on permissions).  But without adding it to
a domain, I'm missing all the nice things like single sign-on, logon
scripts, home shares and so on.

The samba logs aren't very helpful (but I will turn up the debug
output next time I look at this).  Strangely, there are _no_ error
messages generated on the samba server when the user on the xp box
attempts to logon to the network (eg "no account in domain", etc).

Do I need to upgrade samba?  I note (from browing the samba docs)
that samba-3 has much more extensive functionality for managing
machine trust accounts (eg, "add machine script").  Among other
issues, upgrading to samba-3 will mean that I will have to rebuild
my ldap database - I would prefer to do this when samba-3 is more
stable and when the the server's OS is upgraded.

These windows client boxes are getting static dhcp-assigned IPs
(along with the netbios server's IP), and their netbios names do
resolve correctly both ways in the local dns.  I note from the
samba-howto that it recommends using dynamic dns for good active
directory functionality, but I'm not inclined to do this in a
small-ish and otherwise generally stable environment.  (Perhaps I
should for convenience?)

There also appears to be a need for some weird dns entries for
things like:
  _ldap._tcp.pdc.ms-dcs.Domain 
  _ldap._tcp.pdc.ms-dcs.DomainTree 
  _ldap._tcp.site.sites.writable.ms-dcs.Domain 
  _ldap._tcp.writable.ms-dcs.Domain 
  _ldap._tcp.GUID.domains.ms-dcs.DomainTree 
  _ldap._tcp.Site.gc.ms-dcs.DomainTree

Jusy how necessary is this?  (and how is it done? and wtf is
DomainTree?)

I'd be grateful if someone can point me in the right direction to
get this working.

Cheers
Tony

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list