Logging on to Win2k Machine which is part of Samba domain

William234 at aol.com William234 at aol.com
Mon Aug 12 10:03:00 GMT 2002


I am seeing some strange behavior from Samba and I am unable to determine if 
it is a Samba bug or a configuration problem.

I am running Samba 2.2.5 on a SuSE 7.2 server.  I have several machines 
running Win2k Service Pack 2 and 1 running Win2k service pack 3.  (I am not 
deploying Service Pack 3 until I have tested it thoroughly.)

The Samba server is acting as a primary domain controller.  The Win2k 
machines have been joined to the domain so their machine accounts and machine 
passwords exist in both /etc/passwd and the samba password database.  I am 
using just Samba, no PAM or LDAP.

When the machine reboots and the user is asked to enter his username and 
password, the error "The system cannot log you on to the domain because the 
systems computer account in its primary domain is missing or the password on 
that account is incorrect."

Haveing searched Deja and seen that this error can be caused by incorrect 
permissiosn on [NetLogon], I proceeded to check permissions.  [NetLogon] is 
defined as /home/%U  I checked to make sure that the guest account (ftp) is 
in /etc/passwd and the Samba password database.  I then checked the 
permissions for /home/ftp to ensure that in fact the user ftp has full 
read/write/execute permissions.

Still the problem exists.

I also made sure that requiresignandseal in the registry was disabled and 
that the local security policys on all the machines had encrypted 
communications disabled.

In looking at log.nmbd I see lots of entries for process_logon_packet(69) 
with code = 0x12.  I have not yet found anything relevant to that.

I did notice that if I do not try to log on to the computer imediately after 
reboot, but let the computer sit for 30-60 seconds at the logon prompt, I 
have a much easier time logging on to the computer.  In either case, with 
enough retries, I can log on to the computer and thus into the domain.  This 
is what leads me to believe the problem is not a configuration problem.

Bill Miller
William234 at aol.com
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list