[Samba] [Samba 3.0.4] Allows w2k machine to join domain, but unable to log on.

Alainna C. Wonders awonders at aharinc.com
Wed Jun 30 13:49:00 GMT 2004 

Specs: RedHat 9
Samba V: 3.0.4
Clients: W2K and WinXP Pro 
smb.conf file: 

# Global parameters
[global]
        workgroup = aharinc.com
        netbios name = CHIMERA
        server string = Chimera- Test PDC
        encrypt passwords = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        obey pam restrictions = yes
        pam password change = yes
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 34
        preferred master = Yes
        local master = yes
        domain master = Yes
        dns proxy = No
        guest account = no
        hosts allow = 172.17.1, 172.17.2.
        printing = cups
        domain logons = yes
        logon path = \\chimera\profiles\%u
        logon script = /export/samba/ulogon.bat
        security = user
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        kernel oplocks = no
 
[netlogon]
        path = /export/samba/lib/netlogon/
        read only = yes
        write list = ntadmin root
 
[homes]
        comment = Home Directories
        valid users = @sigproc @eng @modsim
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No
 
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
 
[testbed]
        comment = TESTBED
        path = /export/testbed
        hosts allow = 172.17.1., 172.17.2.
 
[LJ5]
        comment = LaserJet 5 Printer
        path = /var/spool/samba
        read only = No
        printable = Yes
        printer name = LJ5
        oplocks = No
 
[profiles]
        comment = user profiles
        path = /export/samba/profiles/
        create mode = 0600
        directory mode = 0700
        writeable = yes
        browseable = yes
 
[Desktop Share]
        comment = Shared Desktop Files
        path = /export/samba/share
        read only = yes
        write list = ntadmin root
-----------------------------------------

Now that i got that out of the way, here are the errors: 

On the Win2K Box: "The system cannot log you on to this domain because
the system's computer account in its primary domain is missing or the
password on that account is incorrect"

I've ran smbpasswd -a username and also smbpaswd -a -m machinename$.

in /var/log/samba/machinename.log I get this: 
[2004/06/30 09:40:15, 1] auth/auth_util.c:make_server_info_sam(822)
  User no in passdb, but getpwnam() fails!
[2004/06/30 09:40:15, 1] auth/auth_util.c:make_server_info_sam(822)
  User no in passdb, but getpwnam() fail
(By the way, the users DO exist in both /etc/passwd and in smbpasswd).

and in an ethereal trace it shows this: 
SMB: session setup andx response, NTLMSP_CHALENGE, error:
STATUS_MORE_PROCESSING_REQUIRED
SMB: session setup andX response, Error: STATUS_LOGON_FAILURE
NETLOGON Response to SAM LOGON Request (looks perfectly normal; no
errors).

any help? 
please?  pretty please? 

- Alainna Wonders

More information about the samba mailing list