dificulties to log in domain
Ulf Mehlig
umehlig at uni-bremen.de
Tue Jan 11 14:19:58 GMT 2000
Hello out there,
today I downloaded the CVS of the TNG branch. Compiled it successfully
and started smbd, nmbd and all the other daemons. Afterwards, I
renewed the machine accounts for "pandora3" (my Samba server) and
"pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing
smbpasswd -a -m pandora3
smbpasswd -a -m pseudo
This produced smbpasswd entries like this (passphrases replaced by *):
pandora3$:9999:*:*:[W ]:LCT-387B20FE:
pseudo$:8000:*:*:[W ]:LCT-387B339B:
File "OLYMP.SID" (OLYMP is the domain name) contains
S-1-5-21-4087483020-4273277335-1947210404
Afterwards, I tried to enter the domain, but it did not work (some NT
error message saying that I had to look after my domain account). In
log.pseudo I found
[2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647)
map_nt_and_unix_username: NT->Unix map DISABLED
[2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78)
trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was
Datei oder Verzeichnis nicht gefunden.
[2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239)
trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain
OLYMP.
(Datei oder Verzeichnis nicht gefunden = File or directory not found)
After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported
having joined domain OLYMP as PDC and produced a file
OLYMP.PANDORA3.mac in .../private:
036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3:
Nevertheless, I was not able to join the domain with the client. The
next thing I tried is giving the Unix root user a smbpasswd (different
form the Unix passwd) and putting "root" and that passwd in the "add
to domain" dialog on the NT client (before I hadn't enabled that
option, because I thought just adding a machine passwd by smbpasswd
-m should be enough). Now the client reported having joined the
domain. But after rebooting I was not able to login as a domain user
(having added an entry to smbpasswd with "smbpasswd -a username"). I
can access all the shares, but after login (which is possible probably
due to an old local copy of the user profile from my experiments with
2.0.x as PDC) there is a message that the computer couldn't connect to
a PDC in OLYMP. In log.pseudo there is a message
[2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150)
domain_client_validate: unable to validate password for user PSEUDO$ in domain
OLYMP to Domain controller \\..
Any suggestions?
Many thanks for your attention,
Ulf Mehlig
----------------------------------------------------------------------
Samba is configured with
# Global parameters
workgroup = OLYMP
netbios name = PANDORA3
server string = Samba Server
encrypt passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed*
unix password sync = Yes
log file = /usr/local/samba/var/log.%m
max log size = 50
time server = Yes
domain group map = /usr/local/samba/private/domaingroup.map
logon script = sysstart.cmd
logon path = \\%L\profiles\%U
logon home = \\%L\%U
domain logons = Yes
os level = 17
preferred master = True
domain master = True
dns proxy = No
wins support = Yes
vfs option =
[homes]
comment = Home Directories
read only = No
create mask = 0644
preserve case = No
short preserve case = No
browseable = No
vfs option =
[netlogon]
comment = Network Logon Service
path = /home/netlogon
share modes = No
vfs option =
[profiles]
comment = Benutzerprofile
path = /home/nt_profiles
read only = No
create mask = 0700
directory mask = 0700
vfs option =
--
======================================================================
Ulf Mehlig <umehlig at zmt.uni-bremen.de>
Center for Tropical Marine Ecology/ZMT, Bremen, Germany
----------------------------------------------------------------------
More information about the samba-ntdom
mailing list