Samba maps any user to nobody -> [Samba] problem logging on to samba domain (pdc) from a win xp workstation

dominik dominik at connexia.de
Fri Apr 11 10:31:24 GMT 2003


I did it all again. The samba workstation account smb_cl is all right. 

My problem is that after I have joined my samba domain 
the domain logon does not work.

At the logon prompt on my Win XP it says
- that no domain controller is available or 
- that my machine account was not found.

My log.smbd says at the same time:

[2003/04/11 12:21:59, 0] smbd/password.c:authorise_login(872)
  authorise_login: rejected invalid user nobody


I am not sure whether the "invalid user" means the workstation account
or the user account in Samba. Both of them exist.

Why does Samba map any user to nobody?
For me the client server communication seems to be sealed in some way
which Samba does not understand.

With best regards,


Dominik

-----Ursprüngliche Nachricht-----
Von: Jim Wharton [mailto:jwharton at acpafl.org] 
Gesendet: Donnerstag, 10. April 2003 21:53
An: 'dominik'
Betreff: RE: [Samba] problem logging on to samba domain (pdc) from a win
xp workstation

You don't have to modify any host file anywhere. The steps are create
Unix
account "machinename$" then add that account to samba: smbpasswd -a -m
machinename (without the dollar sign) then add that machine to the
domain
from windows. Make sure you have added root to smbpasswd as well. When
windows asks you for a user that has privledges to add people to the
domain,
use root and root's samba password. After a reboot, it should be fine.

Jim

> -----Original Message-----
> From: dominik [mailto:dominik at connexia.de]
> Sent: Thursday, April 10, 2003 3:39 PM
> To: Jim Wharton
> Cc: samba at lists.samba.org; desaster at freenet.de
> Subject: AW: [Samba] problem logging on to samba domain (pdc) 
> from a win
> xp workstation
> 
> 
> I had assumed that already and did that manually.
> 
> Might I have to change further keys on my xp workstation in 
> the control
> panel in order to become a domain member of my samba domain?
> 
> Why doesn't the workstation find the domain controller = samba pdc at
> logon time? Do I have to modify any host file on XP, install a dns
> server?
> 
> Cheers,
> 
> Dominik
> 
> -----Ursprüngliche Nachricht-----
> Von: Jim Wharton [mailto:jwharton at acpafl.org] 
> Gesendet: Donnerstag, 10. April 2003 15:17
> An: 'dominik'; 'samba at lists.samba.org'
> Cc: 'desaster at freenet.de'
> Betreff: RE: [Samba] problem logging on to samba domain (pdc) 
> from a win
> xpworkstation
> 
> If I'm not mistaken, the sign or seal hack from samba2.2.3 is broken.
> Use
> the newer hack or manually modify your registry.
> 
> Jim
> 
> > -----Original Message-----
> > From: samba-bounces+creole3=bellsouth.net at lists.samba.org
> > [mailto:samba-bounces+creole3=bellsouth.net at lists.samba.org]On
> >  Behalf Of
> > dominik
> > Sent: Thursday, April 10, 2003 9:05 AM
> > To: samba at lists.samba.org
> > Cc: desaster at freenet.de
> > Subject: [Samba] problem logging on to samba domain (pdc) from a win
> > xpworkstation
> > 
> > 
> > Dear list,
> > 
> > I've got a problem logging on to my samba domain from a win 
> xp ws. The
> > problem now persists for several months and I've no more 
> ideas what to
> > try next.
> > 
> > Can somebody help me pls? I have been reading the list 
> > casually but did
> > nit find an answer.
> > 
> > Problem: I finally managed to join my samba domain "do1" from 
> > my client
> > ws. After rebooting the client, when trying log on to the domain, a
> > window pops up telling me that either the domain controller is not
> > available or the client machine account is not found.
> > 
> > log.smbd says:
> > [2003/04/10 14:04:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody 
> > 
> > However it is possible to reach a samba share via the net use -u
> > command.
> > 
> > Included:
> > - smb.conf
> > - lmhosts
> > - log.nmbd
> > - log.smbd
> > 
> > Thanks a lot!
> > 
> > Cheers,
> > 
> > Dominik
> > 
> > --------------------------------------------------------------------
> > 
> > OS - Server
> > - Samba PDC on SuSE 8.0
> > - Samba 2.2.3a (I will upgrade later...)
> > 
> > OS Client Win XP without SP1. Require Sign or Seal hack is applied.
> > 
> > Accounts on linux
> > - smb_cl$ , /bin/false, no login allowed, groups: samba,users
> > - smb_usr , /bin/sh, normal password, groups: samba,users
> > 
> > Accounts on Samba
> > - smb_cl$ , normal user, workstation trust account, normal password
> > - smb_usr , normal user, normal password
> > 
> > 
> > --------------------------------------------------------------------
> > smb.conf
> > 
> > # Samba config file created using SWAT
> > # from 192.168.0.15 (192.168.0.15)
> > # Date: 2003/04/10 11:24:27
> > 
> > # Global parameters
> > [global]
> > 	workgroup = DO1
> > 	netbios name = P4LIN
> > 	server string = p4lin
> > 	encrypt passwords = Yes
> > 	update encrypted = Yes
> > 	map to guest = Bad User
> > 	name resolve order = lmhosts bcast host wins
> > 	socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
> > 	character set = ISO8859-15
> > 	domain admin group = dom root admin
> > 	domain logons = Yes
> > 	os level = 64
> > 	lm announce = False
> > 	preferred master = True
> > 	domain master = True
> > 	valid users = dom root smb_usr
> > 	admin users = dom root
> > 	hosts allow = 192.168.0.14 192.168.0.15
> > 	printing = cups
> > 	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
> > 
> > [homes]
> > 	comment = Home Directories
> > 	read only = No
> > 	create mask = 0640
> > 	directory mask = 0750
> > 	browseable = No
> > 
> > [printers]
> > 	comment = All Printers
> > 	path = /var/tmp
> > 	create mask = 0600
> > 	printable = Yes
> > 	browseable = No
> > 
> > [pub]
> > 	path = /pub
> > 	guest ok = Yes
> > 
> > [profiles]
> > 	path = /var/lib/samba/profiles
> > 
> > [lp]
> > 	path = /dev/lp0
> > 	read only = No
> > 	create mask = 0600
> > 	guest ok = Yes
> > 	printable = Yes
> > 	printer name = lp
> > 	oplocks = No
> > 
> > [netlogon]
> > 	path = /var/lib/samba/netlogon
> > 	read only = No
> > 
> > 
> > --------------------------------------------------------------------
> > lmhosts
> > 
> > # This file provides the same function that the lmhosts 
> file does for
> > # Windows. It's another way to map netbios names to ip addresses.
> > #
> > # Cf. section 'name resolve order' in the manual page of 
> smb.conf for
> > # more information.
> > 
> > 127.0.0.1	localhost
> > 192.168.0.14	p4lin
> > 192.168.0.15	smbcl
> > 
> > 
> > 192.168.0.14 p4lin #PRE #DOM:do1
> > 
> > 
> > --------------------------------------------------------------------
> > log.nmbd
> > 
> > 
> > [2003/04/10 13:27:43, 0] nmbd/nmbd.c:main(783)
> >   Netbios nameserver version 2.2.3a started.
> >   Copyright Andrew Tridgell and the Samba Team 1994-2002
> > [2003/04/10 13:27:44, 0] libsmb/namequery.c:getlmhostsent(514)
> >   getlmhostsent: too many columns in lmhosts file (obsolete syntax)
> > [2003/04/10 13:27:44, 0] nmbd/nmbd_logonnames.c:add_logon_names(156)
> >   add_domain_logon_names:
> >   Attempting to become logon server for workgroup DO1 on subnet
> > 192.168.0.14
> > [2003/04/10 13:27:44, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
> >   become_domain_master_browser_bcast:
> >   Attempting to become domain master browser on workgroup DO1 
> > on subnet
> > 192.168.0.14
> > [2003/04/10 13:27:44, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
> >   become_domain_master_browser_bcast: querying subnet 
> 192.168.0.14 for
> > domain master browser on workgroup DO1
> > [2003/04/10 13:27:48, 0]
> > nmbd/nmbd_logonnames.c:become_logon_server_success(115)
> >   become_logon_server_success: Samba is now a logon server 
> > for workgroup
> > DO1 on subnet 192.168.0.14
> > [2003/04/10 13:27:48, 0]
> > nmbd/nmbd_responserecordsdb.c:find_response_record(237)
> >   find_response_record: response packet id 21106 received with no
> > matching record.
> > [2003/04/10 13:27:48, 0]
> > nmbd/nmbd_responserecordsdb.c:find_response_record(237)
> >   find_response_record: response packet id 21107 received with no
> > matching record.
> > [2003/04/10 13:27:53, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
> >   *****
> >   
> >   Samba server P4LIN is now a domain master browser for 
> > workgroup DO1 on
> > subnet 192.168.0.14
> >   
> >   *****
> > [2003/04/10 13:28:08, 0]
> > nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
> >   *****
> >   
> >   Samba name server P4LIN is now a local master browser for 
> workgroup
> > DO1 on subnet 192.168.0.14
> >   
> >   *****
> > 
> > --------------------------------------------------------------------
> > log.smbd
> > 
> > lib/access.c:check_access(325)
> >   Denied connection from  (192.168.0.13)
> > [2003/04/10 13:24:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:24:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:27:44, 0] smbd/server.c:main(698)
> >   smbd version 2.2.3a started.
> >   Copyright Andrew Tridgell and the Samba Team 1992-2002
> > [2003/04/10 13:29:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:29:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:34:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:34:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:39:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:39:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:44:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:44:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:49:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:49:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:54:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:54:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:57:02, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:57:02, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:59:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 13:59:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 14:04:09, 0] smbd/password.c:authorise_login(872)
> >   authorise_login: rejected invalid user nobody
> > [2003/04/10 14:04:09, 0]
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> 
> 
> OutBound Mail Scanned by Mcafee Web Appliance.
> 
> 
> 
> 
> Inbound Mail Scanned by Mcafee Web Appliance.
> 


OutBound Mail Scanned by Mcafee Web Appliance.




More information about the samba mailing list