[Samba] XP Client can't log on PDC/LDAP configuration

Doug Smith dougs at urbitter.com
Wed Jun 23 11:33:48 GMT 2004


I have Samba 3.0.4, OpenLDAP 2.0.27 (whatever comes with RH 9.0)
configured as a PDC with LDAP as the password database.  I can log on
to the PDC box, ldap seems to be working fine with PAM.  Password
changes take affect etc.

I can get passthru security working fine.  I log into windows xp
machine, browse home/profile shares, no problem.  But I can't log on
from the client xp machine to the domain represented by the PDC.  I
get "Make sure your password is correct.."  I've turned off the PDC
box and tried the same client log on and I get "domain controller not
available" so I know it's going to the right box.  I was able to join
the client to the PDC domain.

I've looked at the samba logs and the user I'm logging on to the
windows xp machine seems to authenticate fine, atleast that's what the
log says.  I do have a line in there saying []\[]@[computer] can't
authenticate user, but I don't know what that is so I don't know how
to debug that problem.

Anyway, I want to debug the problem, but I don't know how since I
don't see an obvious problem in the log (other then the []\[] user
problem and I don't know what that means or how to fix it)

I've included my configuration files if anybody has a clue I would
appreciate the help, TIA


pdbedit -v of the user I'm trying to log in as

Unix username:        testu
NT username:          testu
Account Flags:        [U          ]
User SID:             S-1-5-21-2381800297-159120370-3622294204-31000
Primary Group SID:    S-1-5-21-2381800297-159120370-3622294204-2028
Full Name:            Test W. User
Home Directory:       \\norgay\nhome\testu
HomeDir Drive:        H:
Logon Script:         startup.bat
Profile Path:         \\norgay\profiles\testu
Domain:               EFOS
Account desc:         Test W. User
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT
Password last set:    Tue, 22 Jun 2004 07:40:49 GMT
Password can change:  0
Password must change: Wed, 22 Jun 2005 07:40:49 GMT
Last bad password   : 0
Bad password count  : 0


        server string = EFOS PDC
        passdb backend = ldapsam:ldap://
        username map = /etc/samba/smbusers
        log file = /var/log/samba/smbd.log
        log level = 1 winbind:10
#       max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        ldap suffix = dc=efos
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=Group
        ldap admin dn = cn=Manager,dc=efos
        ldap ssl = no
        ldap passwd sync = Yes
        hosts allow = 192.168.1., 127.
        workgroup = EFOS
        netbios name = norgay
        logon path = \\%L\profiles\%U
        logon drive = H:
        logon home = \\%L\nhome\%U
        time server = yes
        encrypt passwords = yes
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        local master = Yes
        security = user
        logon script = startup.bat

        comment = Home Directories
        path = /nhome/%U
        read only = No
        browseable = No

        comment = Network Logon Service
        path = /var/lib/samba/netlogin
        admin users = root, administrator
        guest ok = No
        browseable = No

        comment = Profile share
        path = /profiles/%U
        read only = No
        profile acls = Yes



BASE dc=efos
rootbindn cn=Manager,dc=efos



include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema
include         /etc/openldap/schema/samba.schema

database        ldbm
suffix          "dc=efos"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=Manager,dc=efos"
#rootdn         "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SHA}gwKxLMfOiNDllNqV/AW81UF9OS8=
# rootpw                {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain
#index  objectClass,uid,uidNumber,gidNumber,memberUid   eq
#index  cn,mail,surname,givenname                       eq,subinitial

# index the directory, taken from the SAMBA-HowTo
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub


net groupmap list

Domain Users (S-1-5-21-2381800297-159120370-3622294204-2027) -> Domain
users (S-1-5-21-2381800297-159120370-3622294204-2028) -> users
Domain Admins (S-1-5-21-2381800297-159120370-3622294204-2029) ->
Domain Admins


ldapsearch for testu=========

dn: uid=testu,ou=People,dc=efos
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: Douglas W. Worthington
sn: testu
uid: testu
uidNumber: 15000
gidNumber: 100
homeDirectory: /nhome/testu
loginShell: /bin/bash
gecos: Test W. User
description: Test W. User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Test W. User
sambaSID: S-1-5-21-2381800297-159120370-3622294204-31000
sambaPrimaryGroupSID: S-1-5-21-2381800297-159120370-3622294204-2028
sambaHomeDrive: H:
sambaProfilePath: \\norgay\profiles\testu
sambaHomePath: \\norgay\nhome\testu
sambaLogonScript: startup.bat
sambaLMPassword: 62A4F180CC15E1EDAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 0F9510F9E4C95542E8F6C77B4F09560B
sambaPwdLastSet: 1087904449
sambaPwdMustChange: 1119440449
userPassword:: e1NTSEF9d05FaXJTQk5qbENKcDlVaGE0akRTd3RsaUxXRTE5c3U=


More information about the samba mailing list