dificulties to log in domain

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Jan 11 20:58:36 GMT 2000 

hi, you also need to do smbpasswd -j OLYMP.

On Wed, 12 Jan 2000, Ulf Mehlig wrote:

> Hello out there,
> 
> today I downloaded the CVS of the TNG branch. Compiled it successfully
> and started smbd, nmbd and all the other daemons. Afterwards, I
> renewed the machine accounts for "pandora3" (my Samba server) and
> "pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing
>            
>    smbpasswd -a -m pandora3 
>    smbpasswd -a -m pseudo
> 
> This produced smbpasswd entries like this (passphrases replaced by *): 
> 
>    pandora3$:9999:*:*:[W          ]:LCT-387B20FE:
>    pseudo$:8000:*:*:[W          ]:LCT-387B339B:
> 
> File "OLYMP.SID" (OLYMP is the domain name) contains
> 
>    S-1-5-21-4087483020-4273277335-1947210404
> 
> Afterwards, I tried to enter the domain, but it did not work (some NT
> error message saying that I had to look after my domain account). In
> log.pseudo I found 
> 
>   [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647)
>     map_nt_and_unix_username: NT->Unix map DISABLED
>   [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78)
>     trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was
>   Datei oder Verzeichnis nicht gefunden.
>   [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239)
>     trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain
>   OLYMP.                
> 
> (Datei oder Verzeichnis nicht gefunden = File or directory not found)
> 
> After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported
> having joined domain OLYMP as PDC and produced a file
> OLYMP.PANDORA3.mac in .../private:
> 
>   036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3:
> 
> Nevertheless, I was not able to join the domain with the client. The
> next thing I tried is giving the Unix root user a smbpasswd (different
> form the Unix passwd) and putting "root" and that passwd in the "add
> to domain" dialog on the NT client (before I hadn't enabled that
> option, because I thought just adding a machine passwd by smbpasswd
> -m should be enough). Now the client reported having joined the
> domain. But after rebooting I was not able to login as a domain user
> (having added an entry to smbpasswd with "smbpasswd -a username"). I
> can access all the shares, but after login (which is possible probably
> due to an old local copy of the user profile from my experiments with
> 2.0.x as PDC) there is a message that the computer couldn't connect to
> a PDC in OLYMP. In log.pseudo there is a message
> 
>   [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150)
>     domain_client_validate: unable to validate password for user PSEUDO$ in domain
>   OLYMP to Domain controller \\..                                         
> 
> Any suggestions? 
> 
> Many thanks for your attention,
> Ulf Mehlig
> 
> 
> 
> ----------------------------------------------------------------------
> Samba is configured with
> 
> # Global parameters
>            workgroup = OLYMP
>            netbios name = PANDORA3
>            server string = Samba Server
>            encrypt passwords = Yes
>            passwd program = /usr/bin/passwd %u
>            passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed*
>            unix password sync = Yes
>            log file = /usr/local/samba/var/log.%m
>            max log size = 50
>            time server = Yes
>            domain group map = /usr/local/samba/private/domaingroup.map
>            logon script = sysstart.cmd
>            logon path = \\%L\profiles\%U
>            logon home = \\%L\%U
>            domain logons = Yes
>            os level = 17
>            preferred master = True
>            domain master = True
>            dns proxy = No
>            wins support = Yes
>            vfs option = 
>    [homes]
>            comment = Home Directories
>            read only = No
>            create mask = 0644
>            preserve case = No
>            short preserve case = No
>            browseable = No
>            vfs option = 
>    [netlogon]
>            comment = Network Logon Service
>            path = /home/netlogon
>            share modes = No
>            vfs option = 
> 
>    [profiles]
>            comment = Benutzerprofile
>            path = /home/nt_profiles
>            read only = No
>            create mask = 0700
>            directory mask = 0700
>            vfs option = 
> 
> -- 
> ======================================================================
> Ulf Mehlig    <umehlig at zmt.uni-bremen.de>
>               Center for Tropical Marine Ecology/ZMT, Bremen, Germany
> ----------------------------------------------------------------------
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list