AFP548

Cannot join XP SP2 machine to Tiger 10.4.8 PDC – bad username and password

papastanley
Hi, I have a 10.4.8 OS X Server/Xserve and have been running Windows Services fine for filesharing, having LDAP for the user directory. I recently turned on the PDC feature and WINS to manage a domain, so I can get off my ailing Novell server for authentication and login scripts. I'm not binding to anything external - I just want a PDC managing a domain using my LDAP userlist for authentication. I have a clean install Xp SP2 + patches windows box called gislab-master. [b]The Problem? - I cannot join XP SP2 boxes to the domain - bad username and password.[/b] I have amended the SignorSeal registry entry on the XP box, and tried disabling the various password encrypting aspects of the local Security Policy individually - "bad username or password". I tried using my regular admin user account which I have to provide in WGM to change the PDC Domain name - "bad username and password". I tried using a root user setup using [b]smbpasswd[/b] in Terminal on the server - "bad username and password". I tried using a new full server admin (ie admin server, admin directory etc) user setup fresh in WGM theoretically for the purpose of only joining machines to the domain - "bad username and password". I tried using the Server [b]root[/b] account after explicitly checking it works via terminal first - Domain join attempt gives me "access denied" (WTF?) I tried setting up a WGM group, adding my admin users and then specifying a [b]domain admin group[/b] in smb.conf I have tried adding the machine pre-emptively in WGM, then trying to join - no go. After attempting to join the domain I get a machine entry in the WGM list of the form "gislab-master$" (my XP box name), but have not joined the domain successfully as far as the windows box is concerned. There's heaps of chat about this kind of issue in the *nix groups from 2-4 years ago, but very little for OS X - I've spent hours trawling the Net reading everything I can find - every thread I've found dealing with this issue does not ever arrive at a solution for those concerned, including the various ones here - I'm gonna say it out loud - Does OSX Tiger standalone PDC and XP clients JUST NOT WORK!?! I have a 800 line level 10 machine specific smbd log for an attempt with nothing obvious I can see wrong with it, but then I'm no expert (obviously) If someone who's used to looking at these could have a look at it that'd be great. My smb.conf global section... [code] [global] encrypt passwords = yes workgroup = CNSFSEIT-Dom display charset = UTF-8-MAC security = user domain admin group = @pdcadmin deadtime = 5 log file = /var/log/samba/log.%m guest account = unknown add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u $ add user script = /usr/bin/opendirectorypdbconfig -c create_user_account -r %u -n "/LD$ preferred master = yes defer sharing violations = no allow trusted domains = no netbios name = tesla lanman auth = YES vfs objects = darwin_acls wins support = yes brlm = yes max smbd processes = 0 server string = Faculty of Science Mac OS X Server logon drive = H: os level = 20 domain logons = yes passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC auth methods = guest opendirectory local master = yes domain master = yes map to guest = Never use spnego = yes printer admin = unknown, @staff logon path = \\%N\profiles\%u ntlm auth = YES log level = 1 [/code] Some log items - I'd like someone to see if it looks normal (log level 10) please? Firstly - NT user token: (NULL) - is that right? [quote][2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/process.c:switch_message(886) switch message SMBnegprot (pid 14095) conn 0x0 [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/sec_ctx.c:set_sec_ctx(300) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth_util.c:debug_nt_user_token(486) [b] NT user token: (NULL)[/b] [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2007/02/05 17:53:01, 10] /SourceCache/samba/samba-100.5/samba/source/lib/util.c:set_remote_arch(1952) set_remote_arch: Client arch is 'Win2K' [2007/02/05 17:53:01, 6] /SourceCache/samba/samba-100.5/samba/source/param/loadparm.c:lp_file_list_changed(2711) lp_file_list_changed() file /private/etc/smb.conf -> /private/etc/smb.conf last mod_time: Mon Feb 5 17:52:06 2007[/quote] - next the spegno setup - "module guest did not want to specify a challenge" - is this right? [quote] Doing spnego session setup [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/sesssetup.c:reply_sesssetup_and_X_spnego(620) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/02/05 17:53:01, 10] /SourceCache/samba/samba-100.5/samba/source/lib/util.c:set_remote_arch(1952) set_remote_arch: Client arch is 'WinXP' [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/sesssetup.c:reply_spnego_negotiate(498) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/sesssetup.c:reply_spnego_negotiate(501) Got secblob of size 40 [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:make_auth_context_subsystem(561) Using specified auth order [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend rhosts [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'rhosts' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend hostsequiv [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'hostsequiv' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend sam [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'sam' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend sam_ignoredomain [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'sam_ignoredomain' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend unix [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'unix' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend winbind [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'winbind' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend smbserver [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'smbserver' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend trustdomain [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'trustdomain' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend ntdomain [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'ntdomain' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend guest [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'guest' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:load_auth_module(439) load_auth_module: Attempting to find an auth method to match guest [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:load_auth_module(464) load_auth_module: auth method guest has a valid init [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:load_auth_module(439) load_auth_module: Attempting to find an auth method to match opendirectory [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/lib/module.c:smb_probe_module(101) Probing module 'opendirectory' [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/lib/module.c:smb_probe_module(112) Probing module 'opendirectory': Trying to load from /usr/lib/samba/auth/opendirectory.so [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(49) Attempting to register auth backend opendirectory [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:smb_register_auth(61) Successfully added auth method 'opendirectory' [2007/02/05 17:53:01, 2] /SourceCache/samba/samba-100.5/samba/source/lib/module.c:do_smb_load_module(63) Module '/usr/lib/samba/auth/opendirectory.so' loaded [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:load_auth_module(464) load_auth_module: auth method opendirectory has a valid init [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [b][2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:get_ntlm_challenge(99) auth_get_challenge: module guest did not want to specify a challenge [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:get_ntlm_challenge(99) auth_get_challenge: module opendirectory did not want to specify a challenge [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:get_ntlm_challenge(139) auth_context challenge created by random[/b] [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/auth/auth.c:get_ntlm_challenge(140) challenge is: [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/lib/util.c:dump_data(1977) [000] 6A 00 08 3D 3D 9B B9 6D j..==..m [2007/02/05 17:53:01, 6] /SourceCache/samba/samba-100.5/samba/source/lib/util_sock.c:write_socket(465) write_socket(23,336) [2007/02/05 17:53:01, 6] /SourceCache/samba/samba-100.5/samba/source/lib/util_sock.c:write_socket(468) write_socket(23,336) wrote 336 [2007/02/05 17:53:01, 10] /SourceCache/samba/samba-100.5/samba/source/lib/util_sock.c:read_smb_length_return_keepalive(521) got smb length of 382 [2007/02/05 17:53:01, 6] /SourceCache/samba/samba-100.5/samba/source/smbd/process.c:process_smb(1090) got message type 0x0 of len 0x17e [2007/02/05 17:53:01, 3] /SourceCache/samba/samba-100.5/samba/source/smbd/process.c:process_smb(1091) Transaction 2 of length 386 [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/lib/util.c:show_msg(464) [2007/02/05 17:53:01, 5] /SourceCache/samba/samba-100.5/samba/source/lib/util.c:show_msg(474) size=382[/quote] I have the full log available if anybody would like to see the whole thing - mail me stevenDOTstanleyATjcuDOTeduDOTau Thought this would be simple as it's a feature that supposed to have been on OS X since 10.2, more or less - 4 days later... ;-( Any help would be greatly appreciated - stuck between sorting this or continuing to run an old Novell server with a busted mirror system drive in my mission critical Lab - not good. I know my crisis is not your crisis, but I'm hoping someone more experienced than I can point the finger at the problem. TIA Steven
Exit mobile version