RFA: configuration: No Domain Server to validate your password

Matthew Geddes mgeddes at xavier.sa.edu.au
Thu Dec 9 21:45:55 GMT 1999


John Hanna wrote:

> Hi. I have a NT server which I'm replacing with my new FreeBSD server.
> I'm running samba.2.0.6. I exported my NT passwords with the pwdump
> utility, and wrote a script to add the new accounts to my
> /etc/master.passwd (et al) files. When I kill the NT server and restart
> Samba with the PDC configuration file I get the following log in
> log.nmb, but when a user tries to boot they get the "No Domain Server to
> validate your password" error.
>
> Can someone please help me figure what I've missed, or point me to a
> checklist or something? If I set debug=9 will that help give me more
> information to troubleshoot?
>
> Thanks,
> John
>
> ----------- samba.conf
>
> # Global parameters
> [global]
> ..
>         security = USER
>         encrypt passwords = Yes
>         map to guest = Bad Password
>         smb passwd file = /usr/local/private/smbpasswd
>         preferred master = Yes
>         domain master = Yes
> ..
>
> ----------- log.nmb
>
> [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747)
>   Netbios nameserver version 2.0.6 started.
>   Copyright Andrew Tridgell 1994-1998
> [1999/12/08 17:28:45, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294)
>   become_domain_master_browser_bcast:
>   Attempting to become domain master browser on workgroup M_PLEX on
> subnet 10.1.1.99
> [1999/12/08 17:28:45, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308)
>   become_domain_master_browser_bcast: querying subnet 10.1.1.99 for
> domain master browser on workgroup M_PLEX
> [1999/12/08 17:28:54, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
>   *****
>
>   Samba server NT_SERVER is now a domain master browser for workgroup
> M_PLEX on subnet 10.1.1.99
>
>   *****
> [1999/12/08 17:29:07, 0]
> nmbd/nmbd_become_lmb.c:become_local_master_stage2(406)
>   *****
>
>   Samba name server NT_SERVER is now a local master browser for
> workgroup M_PLEX
>  on subnet 10.1.1.99
>
>   *****
> ------------- log.smb
> [ shows nothing of relivance ]
>
> ------------- /etc/passwd
> ..
> mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin
> ..
>
> ------------- /usr/local/private/smbpasswd
> ..
> MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E
> 0D6A3863:Mark Bradley::
> ..

You might want to try telling samba to act as a WINS server (wins
support=yes in smb.conf I believe), and tell the workstations to look at
the samba box for WINS. When Windows machines log into an NT domain, they
use WINS to find the Domain Controller. If WINS isn't working properly, or
isn't configured, the workstation turns to broadcasting to find the server.
This dosen't always work.

I usually set security = Domain for a PDC. Also make sure you've got the
standard domain logons = yes and stuff (I once spent hours trying to find
the problem and hadn't even turned on Domain Control support ;-)). You
probably want the netlogon share as well (although not compulsory).

Matt



More information about the samba-ntdom mailing list