[Samba] XP gives Access denied for domain logon
Radio Gong 2000 GmbH & Co. KG [Technik]
sascha.bieler at radiogong.de
Fri Mar 26 09:29:26 GMT 2004
Did you apply the SIGN-OR-SEAL-Patch for the registry?
Am Freitag, 26. März 2004 10:21 schrieb Frode Lillerud:
> Samba 3.0.2a-Debian
>
> I have a somewhat working PDC server, but have some difficulties adding
> more users. I managed to create a user, anna, a couple of days ago, it
> she works fine from my wireless laptop.
>
> To sort out some problems I have with the logon.bat script [see
> sambalist "Netlogon script executes randomly"], I am also including my
> desktop computer to the domain.
>
> I've run the following commands on the server:
> useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s
> /bin/false frode
> and
> smbpasswd -a frode
> and
> net groupmap modify ntgroup="Domain Users" unixgroup=users
>
> When I switch the XP computer from workgroup to domain I get a popup box
> for username/password for the domain. Here I write username frode, and
> the password I set with smbpasswd.
>
> XP responds with a "Access denied" message.
>
> The samba logfile says:
> [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [frode] -> [frode] ->
> [frode] succeeded
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
> Returning domain sid for domain ISENGARD ->
> S-1-5-21-2641962930-4089608471-2571597100
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
> _samr_open_domain: ACCESS DENIED (requested: 0x00000211)
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
> Returning domain sid for domain ISENGARD ->
> S-1-5-21-2641962930-4089608471-2571597100
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
> _samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
> 0x00000010)
> [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558)
> Closing connections
>
> My smb.conf:
> # Setting up Samba 3.0 as a Primary Domain Controller
>
> [global]
> # Server settings
> netbios name = sauroman
> workgroup = ISENGARD
> server string = Testing PDC
> security = user
> # guest account = smbguest
> encrypt passwords = yes
>
> # PDC settings
> domain logons = yes
> logon script = newlog.bat
>
> # Browser and WINS settings
> domain master = yes
> local master = yes
> preferred master = yes
> os level = 255
> wins support = yes
>
> # Other services
> time server = yes
>
> # Debugging and Logging
> log level = 2
> log file = /tmp/samba_%m.log
> max log size = 1000 #1MB
> debug timestamp = yes
> syslog = 1
>
> [netlogon]
> path = /var/lib/samba/netlogon
> browseable = yes
> writable = yes # set this to no again!
>
> [homes]
> comment = Home for %u
> writeable = yes
> browseable = no
> ; map archive = yes ;?
--
Mit freundlichen Grüssen
Sascha Bieler
_______________________________________________
Radio Gong 2000 GmbH & Co. KG
Sascha Bieler
Technischer Leiter
Franz-Joseph-Strasse 14
80801 München
Tel.: +49 89 38 166 181
Fax.: +49 89 38 166 180
More information about the samba
mailing list