[Samba] XP gives Access denied for domain logon

Frode Lillerud frode at lillerud.no
Fri Mar 26 09:21:25 GMT 2004 

Samba 3.0.2a-Debian
 
I have a somewhat working PDC server, but have some difficulties adding
more users. I managed to create a user, anna, a couple of days ago, it
she works fine from my wireless laptop.
 
To sort out some problems I have with the logon.bat script [see
sambalist "Netlogon script executes randomly"], I am also including my
desktop computer to the domain.
 
I've run the following commands on the server:
useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s
/bin/false frode
and
smbpasswd -a frode
and
net groupmap modify ntgroup="Domain Users" unixgroup=users
 
When I switch the XP computer from workgroup to domain I get a popup box
for username/password for the domain. Here I write username frode, and
the password I set with smbpasswd.
 
XP responds with a "Access denied" message.
 
The samba logfile says:
[2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [frode] -> [frode] ->
[frode] succeeded
[2004/03/26 10:16:03, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
  Returning domain sid for domain ISENGARD ->
S-1-5-21-2641962930-4089608471-2571597100
[2004/03/26 10:16:03, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
[2004/03/26 10:16:03, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
  Returning domain sid for domain ISENGARD ->
S-1-5-21-2641962930-4089608471-2571597100
[2004/03/26 10:16:03, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
  _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
0x00000010)
[2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558)
  Closing connections
 
My smb.conf:
# Setting up Samba 3.0 as a Primary Domain Controller
 
[global]
    # Server settings
    netbios name = sauroman
    workgroup = ISENGARD
    server string = Testing PDC
    security = user
#   guest account = smbguest
    encrypt passwords = yes
 
    # PDC settings
    domain logons = yes
    logon script = newlog.bat
 
    # Browser and WINS settings
    domain master = yes
    local master = yes
    preferred master = yes
    os level = 255
    wins support = yes
 
    # Other services
    time server = yes
 
    # Debugging and Logging
    log level = 2
    log file = /tmp/samba_%m.log
    max log size = 1000 #1MB
    debug timestamp = yes
    syslog = 1
 
[netlogon]
    path = /var/lib/samba/netlogon
    browseable = yes
    writable = yes # set this to no again!
 
[homes]
    comment = Home for %u
    writeable = yes
    browseable = no
;   map archive = yes   ;?

More information about the samba mailing list