Windows 7 cannot join samba domain

Posted by Antonis Christofides on Server Fault See other posts from Server Fault or by Antonis Christofides
Published on 2012-05-24T18:14:33Z Indexed on 2012/05/31 16:43 UTC
Read the original article Hit count: 301

Filed under:
|
|

I have a 3.5.6 samba server with a LDAP backend (both on Debian 6.0). I've been successfully adding Windows XP machines to the domain for years. I now try to add Windows 7. I have made the recommended registry changes, but I don't have any success so far. Here is what happens:

1. I go to computer name, select "Domain" instead of "Workgroup", type in the domain name, click OK. It asks me for the username and password of an account that can add computers to the domain; I enter them. After about 40 seconds, I get the following message:

The following error occurred attempting to join the domain "ITIA":

The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot, and rejoin the domain.

Despite this, the samba server successfully creates the computer account.

2. Therefore, if I try again a second time, without deleting the already created computer account, I get a different error:

The following error occurred attempting to join the domain "ITIA":

The specified account already exists.

(Note that until a while ago samba wasn't configured to automatically create computer accounts. What I did whenever I wanted an XP to join was to manually create it. When I first attempted to solve the Windows 7 join problem, I setup samba to do this automatically, as this is what most people do, as I understand, and I thought that it might be related. I haven't attempted to add an XP since I made this change, so I don't know if it works, but whether it works or not, the problem remains.)

Update 1: Here are the relevant parts of smb.conf:

[global]

   panic action = /usr/share/samba/panic-action %d

   workgroup = ITIA
   server string = Itia file server
   announce as = NT
   interfaces = 147.102.160.1
   volume = %h

   passdb backend = ldapsam:ldap://ldap.itia.ntua.gr:389
   ldap admin dn = uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr
   ldap ssl = off
   ldap suffix = dc=itia,dc=ntua,dc=gr
   ldap user suffix = ou=people
   ldap group suffix = ou=groups
   ldap machine suffix = ou=computers
   unix password sync = no
   add machine script = smbldap-useradd -w -i %u

   log file = /var/log/samba/samba-log.all
   log level = 3
   max log size = 5000
   syslog = 2

   socket options = SO_KEEPALIVE TCP_NODELAY 

   encrypt passwords = true
   password level = 1
   security = user

   domain master = yes
   local master = no
   wins support = yes

   domain logons = yes
   idmap gid = 1000-2000

Update 2: The server has a single network interface eth1 (also an unused eth0 that shows up only in the kernel boot messages) and two ip addresses; the main, 147.102.160.1, and an additional one, 147.102.160.37, that comes up with "ip addr add 147.102.160.37/32 dev eth1" (used only for a web site that has a different certificate than other web sites served from the same machine). One of the problems I recently faced was that samba was using the latter IP address. I fixed that by adding the "interfaces = 147.102.160.1" statement in smb.conf.

Now:

acheloos:/etc/apache2# tcpdump host 147.102.160.40 and not port 5900
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:13:56.549048 IP lithaios.itia.civil.ntua.gr.netbios-dgm > 147.102.160.255.netbios-dgm: NBT UDP PACKET(138)
13:13:56.549056 ARP, Request who-has acheloos2.itia.civil.ntua.gr tell lithaios.itia.civil.ntua.gr, length 46
13:13:56.549091 ARP, Reply acheloos2.itia.civil.ntua.gr is-at 00:10:4b:b4:9e:59 (oui Unknown), length 28
13:13:56.549324 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138)
13:13:56.549608 IP lithaios.itia.civil.ntua.gr.netbios-dgm > acheloos2.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138)
13:13:56.549741 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138)
13:13:56.550364 IP lithaios.itia.civil.ntua.gr.netbios-dgm > acheloos.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138)
13:13:56.550468 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138)

(acheloos2 is the second IP address, 147.102.160.37). The above dump occurs when I click "OK" (to join the domain), until it asks me for the username and password of a user that can join the domain. I don't know why the client is contacting the second IP address. I tried temporarily deactivating it, but I still had some related ARP traffic (though I think not IP traffic).

© Server Fault or respective owner

Related posts about active-directory

Related posts about samba

  • Unable to connect to Samba printer

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I have a headless Ubuntu 12.04 server for files and printers. It shares files via Samba just fine. However, the HP PSC-750xi connected to the server via USB is not accessible from my Ubuntu 12.04 laptop. I can browse for it in the Printing control panel, but any attempt to authenticate my ID to the… >>> More

  • Samba folder is gone

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I seem to have some issues sharing folders from my Ubuntu 12.04 machine to a Win7 machine. After playing around with the settings, I decided to revert to Samba's original setting by reinstalling it: sudo apt-get purge samba sudo rm -rf /etc/samba/ /etc/default/samba sudo apt-get install samba just… >>> More

  • Samba on OS X 10.6.4

    as seen on Server Fault - Search for 'Server Fault'
    I just updated from 10.6.3 to 10.6.4, and now my Samba shares won't mount and won't allow access into the directories. In the logs, I've started to get the following errors, any idea what might have gone wrong? 2010/06/25 15:54:27, 0, pid=13848] /SourceCache/samba/samba-235.4/samba/source/passdb/secrets… >>> More

  • OpenLDAP and Samba, can't log onto Samba share from Windows

    as seen on Server Fault - Search for 'Server Fault'
    The former jackass IT-guy that I'm taking over for had a Samba share setup on a Fedora server that uses our OpenLDAP server to authenticate users who want to log in from Windows. We recently added a new employee and I jumped through the LDAP hoops to add them to the system. However, I can't seem… >>> More

  • Windows 7 Samba issue

    as seen on Server Fault - Search for 'Server Fault'
    We have a strange samba issue affecting only one user. Our samba setup is as follow : Red Hat Enterprise Linux Server release 5.4 (Tikanga) - Samba Server Samba version 3.0.33-3.14.el5 - Samba version Domain Controller WIN2008R2 Standard -… >>> More