[Samba] Authentication of Win2K clients to domain with Samba PDC: fails b/c of problem with the "computer account" for the client.

Michael Traynor mdt-tech-mailbox at shaw.ca
Wed Mar 27 21:15:03 GMT 2002 

Hi everyone,

Any help with the following problem would be greatly appreciated.  I've spent a lot of time going over similar threads in the mailing list and re-reading the 
Samba documentation, but all roads have to /dev/null thus far.

Thanks!

************************************************

Problem:  Unable to authenticate to domain with Win2K client.

System:  RedHat Linux 7.2 on an i386. Samba version: 2.2.1a (RPM supplied with RedHat 7.2).

Clients:  Win2K.

************************************************
Additional information about the problem:

Identification of the Win2K client on the network (system properties -> network id -> properties) proceeds normally and Win2K instructs the user to reboot the 
client machine.  After this, attempts to log on to the domain using any valid username (root included) fail.  The error message displayed by the Win2K client is: 
"The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is 
incorrect".  A log file (/var/log/samba/%m.log) is generated on the server, but it is empty.

ps -ax | grep mdb shows a single smdb process and two nmbd processes running on the server.  The /var/log/samba/log.nmdb file (included below) 
indicates that election of the Samba server as the master browser took place normally at startup and smbclient commands from the linux console execute 
normally.  Also, logging on to the Win2K client *machine* (rather than the domain) allows normal browsing of the network.

************************************************
Relevant system files:

/etc/passwd (relevant entries only):

root:x:0:0:root:/root:/bin/bash
mdt:x:500:500:Michael Traynor:/home/mdt:/bin/bash
cm:x:501:501:Chantal Mayer:/home/cm:/bin/bash
NTadmin:x:505:505:Admin account for NT domain:/home/NTadmin:/bin/bash
SHIRE$:x:506:100:Gateway_laptop:/dev/null:/dev/false

/etc/samba/smbpasswd:

SHIRE$:506:42C5C736306CBFEFAAD3B435B51404EE:8D2EBFA821197B9B712D6DA85530C595:[W          ]:LCT-3CA26BB9:
root:0:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U          ]:LCT-3CA26BC8:
mdt:500:5922D3C6D7E1DB085ACC35A98E0AE6F9:066D09C815260D3EE03D3A54BF07BCBF:[U          ]:LCT-3CA26C36:
cm:501:11D7B54E128A85A2AAD3B435B51404EE:E65AA4E39077696BC251F42DC1A898D7:[U          ]:LCT-3CA26C46:
NTadmin:505:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U          ]:LCT-3CA26CBA:

/etc/samba/smb.conf ([global] section only):

[global]
   
   workgroup = middle_earth
   server string = Samba Server (version %v)
   hosts allow = 127.  192.168.1.
   printcap name = /etc/printcap

   load printers = yes
   printing = cups    

   log file = /var/log/samba/%m.log
   max log size = 20000 # Kb

   security = user
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   local master = yes
   os level = 255
   domain master = yes
   preferred master = yes
   domain logons = yes

   logon path = \\%L\profiles\%U               # NT-based systems
   logon home = \\%L\%U\.Win9x_profile  # Win9x systems
   logon drive = h:
   wins support = yes 
   dns proxy = no 

   preserve case = yes
   short preserve case = yes
   default case = lower
   case sensitive = no

/var/log/samba/nmbd.log:

[2002/03/27 18:40:28, 0] nmbd/asyncdns.c:start_async_dns(150)
  started asyncdns process 973
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
  add_domain_logon_names:
  Attempting to become logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
  add_domain_logon_names:
  Attempting to become logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup MIDDLE_EARTH, subnet UNICAST_SUBNET.
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354)
  become_domain_master_browser_wins: querying WINS server at IP 192.168.1.1 for domain master browser name MIDDLE_EARTH<1b> on workgroup 
MIDDLE_EARTH
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116)
  become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117)
  *****
 
  Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
 
  *****
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(293)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(306)
  become_domain_master_browser_bcast: querying subnet 192.168.1.1 for domain master browser on workgroup MIDDLE_EARTH
[2002/03/27 18:40:32, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116)
  become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:36, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117)
  *****
 
  Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1
 
  *****
[2002/03/27 18:40:51, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405)
  *****
 
  Samba name server BILBO is now a local master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1
 
  *****

More information about the samba mailing list