[Samba] [Old] Clients cannot login into Samba-Domain

Stumpfl Markus htl.traun.kustos at eduhi.at
Wed Feb 18 12:26:56 GMT 2004 

I had a working "Samba-2.2.7a-SuSE" domain (with roaming profiles,etc.)
but this server crashed. So I copied the samba directory with the config
files (including secrets.tdb, passwd, ...) from my backup to the second
server and started nmb and smb, but the Clients could'nt log onto the
domain. The error was something like: "You couldn't log on. Please check
username and domain and try to reenter the password"
So I tried "Samba3.0.2a-SuSE", changed the config somewhat and started
the deamon but no luck either.

What's working:
	- connecting to the shares of the samba server (using usr/pwd)
	- re-insert the PC into the domain
		=> domain logon is working again

So I figured this must be a SID problem. Like domain-SID != machine-SID.
To test, whether this is the problem, I used the following commands but
the SID was always the same:
	net getlocalsid ,domain'

	net rpc getsid

	rpclient ,server' -U ,user' 
      lsaquery

	pdbedit -Lv ,user'

For Windows I downloaded the program "getsid", which compares two
account-SIDs.
	getsid \\server 'user-account' \\server 'machine-account'

-> with that I checked, if the PC SID was the same as an User SID ->
true

Summary:
 - Same Server & Clients as befor the crash.
 - that includes the configs and SIDs
 - same SID everywhere (at least the ones I could figure out)
 - domain logon only functioning, after REJOINING the domain

Now, I could of course go to every PC and rejoin the domain, but that's
not very funny nor productive.
So what do I have to change on the server to allow the existing PCs to
login?


mfg. Stumpfl Markus
===============================
mail: htl.traun.kustos at eduhi.at



------------------------ setup -----------------------------
Clients: WinXP-SP1	(with reg-patch)

Server: SuSe 8.2 w/ Samba 3.0.2a

------------------------ config ----------------------------- 
[global]
        netbios name = 'server'
        server string = Samba %v
        workgroup = 'domain'
        interfaces = eth0
        bind interfaces only = true
        hosts allow = 'network'
        follow symlinks = no
        wide links = no
        hide dot files = yes
        hide special files = yes
        max disk size = 800
        invalid users = bin daemon lp mail games wwwrun ftp man news
uucp sshd ntp at postfix named irc squid ldap pop mailman
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        deadtime = 15
        lm announce = no
        unix charset = LOCALE
        unix extensions = no

        syslog = 1
        debug timestamp = yes
        debug pid = yes
        debug uid = yes

        smb passwd file = /etc/samba/smbpasswd
        encrypt passwords = yes
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *new*password* %n\n *retype*new*password* %n\n
*password*changed*

        load printers = no

        os level = 128
        security = user
        preferred master = yes
        domain master = yes
        domain logons = yes
        default service = homes
        logon script = logon.bat
        time server = yes
        username map = /etc/samba/smbusers

More information about the samba mailing list