[Samba] domain logon problem

Richard Workman richard.workman at subacoustech.com
Mon Jan 9 16:01:10 GMT 2006 

hey

i am trying to set up a server to act as a domain controller, but am having
a bit of difficulty actually logging on. i have created UNIX accounts, samba
passwords and a machine trust account for the relevant machine. when i try
to join the domain on a windows 2000 machine i get the error message:
"incorrect user name or password". Tha sambe log shows:

[2006/01/09 15:12:45, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [rworkman] -> [rworkman] ->
[rworkman] succeeded
[2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
  Returning domain sid for domain SUBDOM ->
S-1-5-21-343446102-3839099577-2790099203
[2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
  Returning domain sid for domain SUBDOM ->
S-1-5-21-343446102-3839099577-2790099203
[2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
  Unable to open/create TDB passwd
[2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdb_update_sam(604)
  tdb_update_sam: Unable to open TDB passwd (/var/lib/samba/passdb.tdb)!
[2006/01/09 15:12:45, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
  could not add user/computer three$ to passdb.  Check permissions?
[2006/01/09 15:12:45, 2] smbd/server.c:exit_server(609)
  Closing connections
[2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/01/09 15:12:46, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [rworkman] -> [rworkman] ->
[rworkman] succeeded
[2006/01/09 15:12:46, 2] smbd/server.c:exit_server(609)
  Closing connections


i am consfused. why can the machine acocunt not be added to passdb? why does
it then claim that the authentication succeeded? can anyone help? Thanks.

below is smb.conf i was using at the time:

[global]
	workgroup = SUBDOM
	server string = Contract Server
	obey pam restrictions = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
	passdb backend = tdbsam
	encrypt passwords = yes
	os level = 33
	log level = 2
	log file = /var/log/samba/log.%m
	max log size = 1000
	preferred master = auto
	domain master = yes
	local master = yes
	security = user
	domain logons = yes
	logon path = \\%N\profiles\%U
	logon script = logon.cmd
	add machine script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -m %u
	add user script = /usr/sbin/useradd -d /dev/null -g smbusers -s
/bin/false -m %u
	panic action = /usr/share/samba/panic-action %d
	invalid users = root
	valid users = nobody, @smbusers
	read list = nobody, @smbusers

[netlogon]
path = /home/samba/netlogon
guest ok = Yes
browseable = No

[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

More information about the samba mailing list