Need help with a samba domain controler

[Steven97]

Hi all.
Over the past few days I have been trying to configure samba as a primary domain controller, I have followed multiple how-tos but the result is always the same. When i try to join the domain from a windows 2000 computer I receive the message "The following error occurred validating the name "MYDOMAIN". The specified domain either does not exist or could not be contacted.

smb.conf

Code:

[global]
domain logons = Yes
password level = 8
username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
pam password change = yes
obey pam restrictions = yes
workgroup = mydomain
netbios name = debian-Domain-Controller
server string = Samba Primary Domain Controller
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
os level = 64
preferred master = yes
local master = yes
domain master = yes
security = user
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
# max log size = 50
# hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
#logon script = netlogon.bat
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n  *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:         *all*authentica$
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
wins support = yes
username map = /etc/samba/smbusers
# ==== shares ====

[homes]
comment = Home Directories
browseable = no
writeable = yes

[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600

smbclient -L localhost -U%

Code:

Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.6]

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba Primary Domain Controller)
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.6]

	Server               Comment
	---------            -------
	DEBIAN-DOMAIN-CO     Samba Primary Domain Controller
	W2K-VM               

	Workgroup            Master
	---------            -------
	MYDOMAIN             DEBIAN-DOMAIN-CONTROLLER
	WORKGROUP            DEBIAN

ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 08:00:27:e1:3c:c7  
          inet addr:192.168.0.177  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee1:3cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:343239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141928 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:88627580 (84.5 MiB)  TX bytes:11763644 (11.2 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3073 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3073 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:283341 (276.7 KiB)  TX bytes:283341 (276.7 KiB)

Screenshot attached shows ipconfig /all on the client.

Thanks in advance.
Steven.

[tomtom-]

Hi Steven,

I'm not specialist at all but I have some tricks for you.
First clean up you smb.conf. Indeed you have two times

Code:

encrypt passwords = yes

You also have

Code:

obey pam restrictions = yes

which is ignored when encrypt passwords is set to yes.
Run testparm to see if everything is ok then restart samba.
In order to be able to join the domain you have to add the machine name. To proceed

Code:

smbpasswd -a -m machine_name$

and don't forget the $ sign. If you already added a root user to your smbusers you should be able to join the domain otherwise add the root user

Code:

smbpasswd -a root

and join the domain.

Good luck,
Tom

[Steven97]

Good afternoon.
I agree, I need to reorganize my smb.conf, and I will as soon as I get this working.
I removed the second instance of

Code:

encrypt passwords = yes

and commented

Code:

obey pam restrictions = yes

And just for the heck of it tried joining again, with the same results.
I forgot to say in my first post I did run [CODEsmbpasswd -a -m machine_name$][/CODE] and

Code:

smbpasswd -a root

Thanks for the reply
Steven

[tomtom-]

Last idea I can have is modifying the following registry key on your windows client:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters "RequireSignOrSeal"

from 1 to 0.

Hope it helps !

[Steven97]

The registry key was already set to 0.
Thanks for the help.
Steven