AW: [Samba] Login from win2k client to samba PDC

John H Terpstra jht at samba.org
Wed Apr 2 17:34:29 GMT 2003 

Markus,

Have you disabled sign-or-seal on your workstation? You will need to check
the security settings on your Win2K SP3 client to make sure that
"RequiresSignOrSeal is turned off.

Failing that, you will need to collect the samba log file as you try to
log onto the workstation so we can see what is going on.

- John T.

On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:

> John,
>
> thanks for that hint. It did not kill the server by you are perfectly right.
> I changed this and restarted the "smb" and "nmb" deamons - unfortunately
> with the same result.
>
> When I watch e.g. the status with "swat" I see as follows after trying with:
>
> smbclient -U <user> -L win2k1
>
> (what is strange since I connect as different user and not "nobody") The
> connectiosn seems to be up, no errro in the logs but all is referring to
> that user "nobody". I even have added "nobody" to the smbpasswd (but as you
> can guess this did not help either).
>
> Also I get the well known message "session setup failed:
> NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"
>
> Cut from SWAT (Status page):
>
> ------------8<--------------
>
> Active Connections
> PID  Client  IP address
> --------------------------------------
> 4654 win2k1  192.168.xx.xx .....
>
> Active Shares
> Share User   Group  PID  Client  Date
> --------------------------------------
> IPC$  nobody nobody 4654 win2k1  .....
>
> ------------8<---------------
>
>
>
> Do you have an other idea?
>
> Thank you
> 	Markus
>
>
>
>
>
> "John H Terpstra" <jht at samba.org> schrieb im Newsbeitrag
> news:<20030402162023$4954 at gated-at.bofh.it>...
> > On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
> >
> > > Dear Eric,
> > >
> > > thanks for your answer. I have non of the items you defined in the
> global
> > > section. There is also no error in the log file. So I'm realy at the end
> of
> > > my "know-how"  (if any ...)
> > >
> > > My global section is:
> > > ---------8<---------
> > > [global]
> > >         workgroup = TEST
> > >         netbios aliases = TEST
> >
> > The above will kill your server! You can NOT have the workgroup name and a
> > machine name that are the same.
> >
> > - John T.
> >
> > >         encrypt passwords = Yes
> > >         log level = 3
> > >         log file = /data/samba/log/samba.log.%m
> > >         max log size = 100
> > >         max xmit = 17384
> > >         domain admin group = @root
> > >         logon script = logon.bat %U %G %L
> > >         logon path = \\sambasrv\profiles\%U
> > >         logon home = /data/samba/data/users/%U
> > >         domain logons = Yes
> > >         os level = 34
> > >         preferred master = True
> > >         domain master = True
> > >         map system = Yes
> > >         map hidden = Yes
> > > ---------8<---------
> > >
> > > Thanks, any other hint is very welcome
> > >
> > > Markus
> > >
> > >
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Eric Halverson [mailto:ehalverson at dchs.us]
> > > > Gesendet: Mittwoch, 02. April 2003 18:48
> > > > An: Markus PISTAUER (CISC)
> > > > Cc: Samba List
> > > > Betreff: Re: [Samba] Login from win2k client to samba PDC
> > > >
> > > >
> > > > Do you have either of the following defined in your global section:
> > > >
> > > > write list
> > > > valid users
> > > >
> > > > also look in your log files for that machine to see if you're getting
> an
> > > > error about invalid user nobody.  I was getting the same error because
> I
> > > > defined those variables in the global section, which of course made
> the
> > > > user nobody invalid as well as whoever else was undefined (including
> the
> > > > machine account).
> > > >
> > > > On Wed, 2003-04-02 at 02:58, Markus PISTAUER (CISC) wrote:
> > > > > I have joined my win2k client machines (win2k professional or win2k
> > > > > professional server) to my PDC. This worked fine and I did all
> > > > recommended
> > > > > as e.g. in the HOWTO
> > > > > http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#joining.
> > > > >
> > > > > So far I can also login localy to the win2k client machines
> > > > using a local
> > > > > account and connect a network drive from the PDC using a valid
> > > > account on
> > > > > the PDC (as given in the "smbpasswd" file)
> > > > >
> > > > > I have done all major steps:
> > > > >
> > > > > passwd file:
> > > > > 	added users and machine accounts (as user <machine>$)
> > > > > smbpasswd file:
> > > > > 	added users with 'smbpasswd -a <user>'
> > > > > 	added machines with 'smbpasswd -a <machine>
> > > > > 	added user 'root' to smbpasswd
> > > > > smb.conf:
> > > > > 	all the necessary settings done (I can post the smb.conf if
> > > > requested)
> > > > >
> > > > >
> > > > > The problem:
> > > > > ------------
> > > > > If I try to login on the domain using the win2k client machine
> > > > (selecting
> > > > > the domain instead of the local machine name the login window) I
> cannot
> > > > > connect to the domain and get the error message:
> > > > >    The system cannot log you on to this domain because the system's
> > > > >    computer account in its primary domain is missing or the password
> on
> > > > >    that account is incorrect
> > > > >
> > > > >
> > > > > My environments settings:
> > > > > -------------------------
> > > > > I'm using Samba 2.2.5 (release 160), win2k prof with SP3 or no
> > > > SP, classic
> > > > > authentication on the PDC. Linux Kernel is 2.4.19 (Build 174).
> > > > > I have also tried 2.2.8 with same failure.
> > > > >
> > > > > Any help would be VERY appreciated.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Markus Pistauer
> > > > > mailto:m.pistauer at cisc.at
> > > > >
> > > > >
> > >
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list