NT 4 login problems

Sean E. Millichamp sean at compu-aid.com
Mon Mar 13 23:13:29 GMT 2000 

I just cvs up'd after the announcement of TNG 0.15

I have an NT4 server installed in standalone server mode which I am
effectively using as a workstation just to test TNG.

I followed the TNG FAQ, used the sample PDC configuration files there and
started Samba.  I have test user accounts with passwords in smbpasswd, a
machine account, etc.  I then joined NT to the domain and Windows said
that it went successfully.

However, I got the following in log.netlogon:
ERROR: setgroups call failed!
socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused
ERROR: setgroups call failed!
socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!

I thought 0.15 was supposed to fix the "setgroups call failed" message
(Which I had been getting earlier too with code checked out Saturday)

I also saw this in log.lsarpc which bothered me:
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022

I'm not sure what this "secret_db" is.  I didn't see any mention of it in
the TNG FAQ.

Then NT booted and I got added in the logfile (without typing anything at
NT):
to log.lsarpc:
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022
_lsa_open_secret: couldn't open secret_db. Possible attack?
uid=0, gid=0, euid=99, egid=99
_lsa_open_secret failed with 0xc0000022

and to log.netlogon:
TODO: verify that the rid exists
TODO: verify that the rid exists
(which I didn't think were significant)

Then I try to logon to the NT domain as my "standard domain user" and I
get:
"The system cannot log you on to this domain because the system's computer
account in its primary domain is missing or the password on that account
is incorrect."

I checked and the machine account IS listed in the smbpasswd file, so I'm
a bit lost.

Anyone have any ideas/suggestions on what I might be doing wrong?

Thanks.

Sean

------------------------------------------
 Sean E. Millichamp, Consultant
 Ingematics - A Division of Compu-Aid, Inc.

More information about the samba-ntdom mailing list