[Samba] Authentication of Win2K clients to domain with Samba PDC: fails b/c
of problem with the "computer account" for the client.
Michael Traynor
mdt-tech-mailbox at shaw.ca
Wed Mar 27 21:15:03 GMT 2002
Hi everyone,
Any help with the following problem would be greatly appreciated. I've spent a lot of time going over similar threads in the mailing list and re-reading the
Samba documentation, but all roads have to /dev/null thus far.
Thanks!
************************************************
Problem: Unable to authenticate to domain with Win2K client.
System: RedHat Linux 7.2 on an i386. Samba version: 2.2.1a (RPM supplied with RedHat 7.2).
Clients: Win2K.
************************************************
Additional information about the problem:
Identification of the Win2K client on the network (system properties -> network id -> properties) proceeds normally and Win2K instructs the user to reboot the
client machine. After this, attempts to log on to the domain using any valid username (root included) fail. The error message displayed by the Win2K client is:
"The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is
incorrect". A log file (/var/log/samba/%m.log) is generated on the server, but it is empty.
ps -ax | grep mdb shows a single smdb process and two nmbd processes running on the server. The /var/log/samba/log.nmdb file (included below)
indicates that election of the Samba server as the master browser took place normally at startup and smbclient commands from the linux console execute
normally. Also, logging on to the Win2K client *machine* (rather than the domain) allows normal browsing of the network.
************************************************
Relevant system files:
/etc/passwd (relevant entries only):
root:x:0:0:root:/root:/bin/bash
mdt:x:500:500:Michael Traynor:/home/mdt:/bin/bash
cm:x:501:501:Chantal Mayer:/home/cm:/bin/bash
NTadmin:x:505:505:Admin account for NT domain:/home/NTadmin:/bin/bash
SHIRE$:x:506:100:Gateway_laptop:/dev/null:/dev/false
/etc/samba/smbpasswd:
SHIRE$:506:42C5C736306CBFEFAAD3B435B51404EE:8D2EBFA821197B9B712D6DA85530C595:[W ]:LCT-3CA26BB9:
root:0:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U ]:LCT-3CA26BC8:
mdt:500:5922D3C6D7E1DB085ACC35A98E0AE6F9:066D09C815260D3EE03D3A54BF07BCBF:[U ]:LCT-3CA26C36:
cm:501:11D7B54E128A85A2AAD3B435B51404EE:E65AA4E39077696BC251F42DC1A898D7:[U ]:LCT-3CA26C46:
NTadmin:505:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U ]:LCT-3CA26CBA:
/etc/samba/smb.conf ([global] section only):
[global]
workgroup = middle_earth
server string = Samba Server (version %v)
hosts allow = 127. 192.168.1.
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 20000 # Kb
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 255
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\profiles\%U # NT-based systems
logon home = \\%L\%U\.Win9x_profile # Win9x systems
logon drive = h:
wins support = yes
dns proxy = no
preserve case = yes
short preserve case = yes
default case = lower
case sensitive = no
/var/log/samba/nmbd.log:
[2002/03/27 18:40:28, 0] nmbd/asyncdns.c:start_async_dns(150)
started asyncdns process 973
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
add_domain_logon_names:
Attempting to become logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158)
add_domain_logon_names:
Attempting to become logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
become_domain_master_browser_wins:
Attempting to become domain master browser on workgroup MIDDLE_EARTH, subnet UNICAST_SUBNET.
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354)
become_domain_master_browser_wins: querying WINS server at IP 192.168.1.1 for domain master browser name MIDDLE_EARTH<1b> on workgroup
MIDDLE_EARTH
[2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116)
become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117)
*****
Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET
*****
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(293)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(306)
become_domain_master_browser_bcast: querying subnet 192.168.1.1 for domain master browser on workgroup MIDDLE_EARTH
[2002/03/27 18:40:32, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116)
become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1
[2002/03/27 18:40:36, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117)
*****
Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1
*****
[2002/03/27 18:40:51, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405)
*****
Samba name server BILBO is now a local master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1
*****
More information about the samba
mailing list