Here's the setup - the Linux box was the domain controller, and it exposed a Workgroup to the Windows Network (under My Network Places -> Entire Network -> Microsoft Windows Network ->
I'll cut a long, exasperating and expletive-ridden story short, missing out all the entertaining cursing of various rude bits of various animals to various circles of hell, and jump straight to the end. Turns out the problem was that WinXP Home couldn't resolve the domain properly without an LMHOSTS file.
Pretty much everyone who's worked with Windows and the web for any length of time knows about the HOSTS file. This lives in (Windows Root)/System32/drivers/etc and is an extensionless file, mapping host names (e.g. myserver.mydomain.com) to IP addresses. Handy for those occasions when you need multiple domain names mapping to your own pc, for instance when you have a system serving multiple sites from one codebase resolving via the hostname.
The LMHOSTS file is similar, and lives in the same place, but is not quite as straightforward. Its purpose is to tell Windows how to resolve NetBios names, and the format is... well... non-trivial. Full information is here : How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
The important entries you'll need are:
10.0.0.1 PDCNAME #PRE #DOM:DOMAIN_NAME
10.0.0.1 "DOMAIN_NAME \0x1b" #PRE
Replace 10.0.0.1 with the IP address of the Linux domain controller
Replace PDCNAME with the hostname of the Linux domain controller
Replace DOMAIN_NAME with the name of the WORKGROUP
Now for the fiddly bit : on the second line, you need EXACTLY 20 characters between the quotes. Between your domain name and the \0x1b there must be spaces, exactly the right number of spaces, and nothing but spaces. The MS reference above gives more detail.
But once I'd created an extensionless file called lmhosts in the right place, with the right entries, and the right number of spaces, suddenly I could authenticate.
As for the more fundamental question of which person at Microsoft decided on that format of the lmhosts file, where he/she lives, and how to gain access to their bedroom undetected while armed with a large fish, I'll leave that as an exercise for the reader.
8 comments:
Win XP home can't join a domain, which may be your problem.
I have Win XP clients connecting to a Samba server (not a PDC, just file shares) just fine, with per-share (or the [home] share) passwords fine, though.
I am trying to do the same as you descibe and connect my windows XP home box with a Samba server without a PDC. Can you give me the details on how you were able to get it to work?
Thanks
It really was all about the LMHOSTS file, as in the main body of the post.
In (Windows Dir)/System32/drivers/etc you should see a file called lmhosts.sam. Copy this to lmhosts (no extension!) and replace the entries as I describe in the post and see if that works.
Fantastic. Thank you, sir. Worked like a charm. Either that or I finally remembered to do a smbpasswd -a on the linux box. :( But I don't think it was that because I also tried mapping as a different user that I know worked on other XP boxes here. None of them seemed to work until I followed your notes here.
Thanks again.
No problem - glad to save someone else the headbanging frustration that i went through!
Could you please explain what settings you have in you smb.conf file? I followed you instructions but i already have messed up/with smb.conf
Joost: sure-
map to guest = bad user
workgroup = << workgroup name >>
netbios name = << machine name >>
server string = %h server (Samba %v)
wins support = yes
dns proxy = yes
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
guest account = nobody
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword
:* %n\n .
socket options = TCP_NODELAY
comment = Home Directories
browseable = yes
writable = yes
create mask = 0775
directory mask = 0775
# list of shares in the following format
[sharename]
comment = << description >>
writable = yes
path = << path on the server >>
public = yes
guest ok = yes
browseable = yes
... and that's it. Everything else is commented-out.
Make sure you replace any values in double-arrows, like << VALUE >>, with the appropriate value for your config, and remove the double-arrows.
E.g. where my config says
path = << path on the server >>
your config should say something like
path = /home/shared
nice post!
Post a Comment