dificulties to log in domain

Ulf Mehlig umehlig at uni-bremen.de
Tue Jan 11 14:19:58 GMT 2000


Hello out there,

today I downloaded the CVS of the TNG branch. Compiled it successfully
and started smbd, nmbd and all the other daemons. Afterwards, I
renewed the machine accounts for "pandora3" (my Samba server) and
"pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing
           
   smbpasswd -a -m pandora3 
   smbpasswd -a -m pseudo

This produced smbpasswd entries like this (passphrases replaced by *): 

   pandora3$:9999:*:*:[W          ]:LCT-387B20FE:
   pseudo$:8000:*:*:[W          ]:LCT-387B339B:

File "OLYMP.SID" (OLYMP is the domain name) contains

   S-1-5-21-4087483020-4273277335-1947210404

Afterwards, I tried to enter the domain, but it did not work (some NT
error message saying that I had to look after my domain account). In
log.pseudo I found 

  [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647)
    map_nt_and_unix_username: NT->Unix map DISABLED
  [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78)
    trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was
  Datei oder Verzeichnis nicht gefunden.
  [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239)
    trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain
  OLYMP.                

(Datei oder Verzeichnis nicht gefunden = File or directory not found)

After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported
having joined domain OLYMP as PDC and produced a file
OLYMP.PANDORA3.mac in .../private:

  036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3:

Nevertheless, I was not able to join the domain with the client. The
next thing I tried is giving the Unix root user a smbpasswd (different
form the Unix passwd) and putting "root" and that passwd in the "add
to domain" dialog on the NT client (before I hadn't enabled that
option, because I thought just adding a machine passwd by smbpasswd
-m should be enough). Now the client reported having joined the
domain. But after rebooting I was not able to login as a domain user
(having added an entry to smbpasswd with "smbpasswd -a username"). I
can access all the shares, but after login (which is possible probably
due to an old local copy of the user profile from my experiments with
2.0.x as PDC) there is a message that the computer couldn't connect to
a PDC in OLYMP. In log.pseudo there is a message

  [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150)
    domain_client_validate: unable to validate password for user PSEUDO$ in domain
  OLYMP to Domain controller \\..                                         

Any suggestions? 

Many thanks for your attention,
Ulf Mehlig



----------------------------------------------------------------------
Samba is configured with

# Global parameters
           workgroup = OLYMP
           netbios name = PANDORA3
           server string = Samba Server
           encrypt passwords = Yes
           passwd program = /usr/bin/passwd %u
           passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed*
           unix password sync = Yes
           log file = /usr/local/samba/var/log.%m
           max log size = 50
           time server = Yes
           domain group map = /usr/local/samba/private/domaingroup.map
           logon script = sysstart.cmd
           logon path = \\%L\profiles\%U
           logon home = \\%L\%U
           domain logons = Yes
           os level = 17
           preferred master = True
           domain master = True
           dns proxy = No
           wins support = Yes
           vfs option = 
   [homes]
           comment = Home Directories
           read only = No
           create mask = 0644
           preserve case = No
           short preserve case = No
           browseable = No
           vfs option = 
   [netlogon]
           comment = Network Logon Service
           path = /home/netlogon
           share modes = No
           vfs option = 

   [profiles]
           comment = Benutzerprofile
           path = /home/nt_profiles
           read only = No
           create mask = 0700
           directory mask = 0700
           vfs option = 

-- 
======================================================================
Ulf Mehlig    <umehlig at zmt.uni-bremen.de>
              Center for Tropical Marine Ecology/ZMT, Bremen, Germany
----------------------------------------------------------------------


More information about the samba-ntdom mailing list