[Samba] Re: XP gives Access denied for domain logon

dragon dragon5 at uni.de
Fri Mar 26 10:29:24 GMT 2004


hello

as I know right regpatch XP for samba >3 not needed, but did you set up the
machine account and did you make the machine known with an sambaadmin
account ?
sambaadmin account must be user id 0 and group id 0 if I do not fail ;)

mit freundlichen Grüssen
Björn

"Frode Lillerud" <frode at lillerud.no> schrieb im Newsbeitrag
news:000101c41313$b69b3d70$0300000a at Frodo...
> Samba 3.0.2a-Debian
>
> I have a somewhat working PDC server, but have some difficulties adding
> more users. I managed to create a user, anna, a couple of days ago, it
> she works fine from my wireless laptop.
>
> To sort out some problems I have with the logon.bat script [see
> sambalist "Netlogon script executes randomly"], I am also including my
> desktop computer to the domain.
>
> I've run the following commands on the server:
> useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s
> /bin/false frode
> and
> smbpasswd -a frode
> and
> net groupmap modify ntgroup="Domain Users" unixgroup=users
>
> When I switch the XP computer from workgroup to domain I get a popup box
> for username/password for the domain. Here I write username frode, and
> the password I set with smbpasswd.
>
> XP responds with a "Access denied" message.
>
> The samba logfile says:
> [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305)
>   check_ntlm_password:  authentication for user [frode] -> [frode] ->
> [frode] succeeded
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
>   Returning domain sid for domain ISENGARD ->
> S-1-5-21-2641962930-4089608471-2571597100
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
>   _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
>   Returning domain sid for domain ISENGARD ->
> S-1-5-21-2641962930-4089608471-2571597100
> [2004/03/26 10:16:03, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
>   _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
> 0x00000010)
> [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558)
>   Closing connections
>
> My smb.conf:
> # Setting up Samba 3.0 as a Primary Domain Controller
>
> [global]
>     # Server settings
>     netbios name = sauroman
>     workgroup = ISENGARD
>     server string = Testing PDC
>     security = user
> #   guest account = smbguest
>     encrypt passwords = yes
>
>     # PDC settings
>     domain logons = yes
>     logon script = newlog.bat
>
>     # Browser and WINS settings
>     domain master = yes
>     local master = yes
>     preferred master = yes
>     os level = 255
>     wins support = yes
>
>     # Other services
>     time server = yes
>
>     # Debugging and Logging
>     log level = 2
>     log file = /tmp/samba_%m.log
>     max log size = 1000 #1MB
>     debug timestamp = yes
>     syslog = 1
>
> [netlogon]
>     path = /var/lib/samba/netlogon
>     browseable = yes
>     writable = yes # set this to no again!
>
> [homes]
>     comment = Home for %u
>     writeable = yes
>     browseable = no
> ;   map archive = yes   ;?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>





More information about the samba mailing list