[Samba] NT_STATUS_LOGON_FAILURE

Etienne-Hugues Fortin efortin at fs01.cyberspicace.com
Mon Jun 7 15:14:06 GMT 2004


Hi,

I've installed Fedora C1 with Samba 3.0.2 and openldap 2.1.22.  I've
followed the example in the Samba-3 by example guide to use my server as a
PDC.  I'm able to connect to this server with all my users but I'm unable
to use "Administrator" to log.  Maybe it's normal but I doubt it.  Here's
the log I got for smbclient:

[root at fs01 sbin]# smbclient -L localhost -U Administrator -d 3
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
added interface ip=192.168.1.10 bcast=192.168.1.255
nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Client
started (version 3.0.2-7.FC1).
Connecting to 127.0.0.1 at port 445
Password:
Doing spnego session setup (blob length=82)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=fs01$@
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPENGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE


My smb.conf file is fine based on testparm.  Here it is:

[root at fs01 sbin]# more /etc/samba/smb.conf
[global]
unix charset = LOCALE
workgroup = CYBERSPICACE
netbios name = fs01
interfaces = eth1, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://fs01.cyberspicace.com
username map = /etc/samba/smbusers
log level = 3
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
security = ads
name resolve order = wins bcast hosts
lm announce = no
time server = Yes
printcap name = CUPS
show add printer wizard = Yes
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete
user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete
group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g add user to
group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u'
'%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g'
'%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon
script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
domain master = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=cyberspicace,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=cyberspicace,dc=com
idmap backend = ldap:ldap://fs01.cyberspicace.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
printer admin = Administrator, efortin

[IPC$]
path = /tmp
hosts allow = 192.168.1.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0

include = /etc/samba/dc-common.conf

I've look all over the web for the last few days and even if I saw this
error message often, I never saw any good answer about what is happening
and how to fix it.  I've read some stuff about having
Administrator in my passwd file (even if using ldap) so I even tried to
create this account in /etc/passwd but I'm not getting better
result.

I've tried to find the best way to troubleshoot this problem but
except for trying some operations like smbclient or net rpc join, I didn't
find a tool that would be really helpful figuring the exact problem.

Does somebody successfully installed this properly with Fedora Core 1?
 What is the missing part in the example (chapter 6) in the Samba-3 by
example guide?  I'm sure it's something simple but I can't find it.

Thank you.


Etienne-Hugues Fortin




More information about the samba mailing list