[Samba] Samba Win2k SP4 Logon problems

Matthijs matthijs at cacholong.nl
Fri Feb 20 20:12:43 GMT 2004

I'm already searching a whole week for a solution to this problem.

I want Samba and LDAP and then win2k has to join on the domain. This is
going ok. The entry is made in LDAP:

# nbmatthijs$, Computers, cacholong.nl
dn: uid=nbmatthijs$,ou=Computers,dc=cacholong,dc=nl
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: nbmatthijs$
sn: nbmatthijs$
uid: nbmatthijs$
uidNumber: 1021
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
sambaSID: S-1-5-21-...-3042
sambaPrimaryGroupSID: S-1-5-21-...-553
displayName: nbmatthijs$
sambaPwdCanChange: 1077297685
sambaPwdMustChange: 2147483647
sambaLMPassword: A Very long string
sambaNTPassword: A Very long string
sambaPwdLastSet: 1077297685
sambaAcctFlags: [W          ]

When i then try to login i get the failure:
(Win2k SP4)
The system could not log you on. Make sure your User name and domain are
correct, then type your password again. Letters in passwords must be
typed using the correct case. Make sure that Caps Lock is not accidently

And no my Caps Lock isn't on!!

check_ntlm_password:  authentication for user [matthijs] -> [matthijs]
-> [matthijs] succeeded

This is my smb.conf:
        workgroup = CACHOLONG
        server string = %h server (Samba %v)
        interfaces = eth0
        passdb backend = ldapsam:ldap://server.cacholong.nl
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        log level = 10
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        client signing = No
        add user script =
/root/cacholong/smbldap-tools/smbldap-useradd.pl -a %u
        add machine script =
/root/cacholong/smbldap-tools/smbldap-useradd.pl -w %u
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap suffix = dc=cacholong,dc=nl
        ldap machine suffix = ou=Users
        ldap user suffix = cn=Users
        ldap group suffix = ou=Groups
        ldap admin dn = uid=ldapadm,dc=cacholong,dc=nl
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        admin users = ldapadm
        printer admin = ldapadm
        create mask = 0644
        printing = lprng

        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        browseable = No

        comment = Network Logon Service
        path = /etc/samba/netlogon
        write list = ntadmin
        guest ok = Yes
        browseable = No
        share modes = No

        path = /home/nt-profiles
        read only = No
        create mask = 0600
        directory mask = 0700

If someone of you know how to solve this problem i'm very appreciated.

More information about the samba mailing list