Topic: 5.1.2 Domain Logon for W2K/XP

[Dan Elkins]

I've been testing the domain logon features of SME 5.1.2 with WinXP and haven't had any success.  I was able to add the machine to the domain, but after reseting the machine the computer can't log on to the domain.  Has anybody had any success using SME 5.1.2 as a domain master?  I haven't tested with a Win2000 machine...does/is it working for others?

Dan Elkins

[Richard Schiffelers]

Hi,

On the Xp machine set the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters\"RequireSignOrSeal"= dword:00000000

You should then be able to logon to the domain. It works for me.

Richard (ricrjhl@schiffelers.com)

[Dan Elkins]

That worked, thanks.  Now I'm having trouble with one of the XP machines that I've moved back from domain to workgroup.  I can't get the machine to re-join the domain.  I've joined it to the domain in the past, but then taken it back to workgroup.  I tried removing the machine account from the /etc/smbpasswd file, but I still get the same message whenever I try joining the machine to the domain:

The following error occured attempting to join the domain "DOMAIN":
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.  Disconnect all previous connections to the server or shared resource and try again.

Any ideas?

Dan Elkins

[guestHH]

Hi,

There can be no active connection (or just disconnected) to the server via a mapping. Close ALL connections to the server and reboot he XP client. Join again.

Hope it helps.

guestHH

[Dan Elkins]

Thanks, but that didn't work for me.  I disconnected all mapped drives and restarted and still got the same message.  Any other ideas?

Dan Elkins

[Richard Schiffelers]

When you add a Xp (NT or 2000) system to a domain using Samba an account is created based on the name of the system. Therefore you will find in /etc/passwd, /etc/group, /etc/shadow and smbpasswd an account with as name $. As you tell you removed the account from smbpasswd. Remove it also from the other files. Then try to add the system back to the domain. It should work.

[Dan Elkins]

That pretty much did it.  I also had to delete the machine account information from /etc/group-, /etc/gshadow, and /etc/gshadow-.  There might have been another one too.  Thanks alot.

Dan Elkins

[Robert Field]

Just to get it straight in my head.  

By deleting the from /etc/group-, /etc/gshadow and /etc/gshadow-  and adding the Win2K client to the domain, does this recreate the account on the server (email etc) or is this not effected.

If it is effected could I not just back up the email, delete the Account and join the domain to recreate the account or have I got the wrong end of the stick.


Rob

[Alexander Ziemann]

Hi,

machine accounts will not receive any mail, hmmm?

You can not delete machine accounts via admin-panel. Had the same prob yesterday.

Situation: Shut down NT for testing reasons. Brought up e-smith with domain-master/domain-logons. Could not join one w2k WS to the new/old domain. (Other WS worked so smooth, folks )

I worked that on the client side:

1. Unmapped all network connections.
2. made WS member of "anyworkgroup".
3. reboot
4. joined Samba-Domain -> different error messages ("machine-account in use" and such).
5. So: Shut down that WS. Drink coffee and build a new webpage (1-2 hours).
6. Brought up that WS again. Joined Domain. No errors.

Samba (same as NT, if you rebuild a WS there) seems to need some time to "forget" the old/invalid machine account.

alex