[Samba] XP gives Access denied for domain logon

Frode Lillerud frode at lillerud.no
Fri Mar 26 18:33:24 GMT 2004 

I tried adding the SIGN-OR-SEAL patch (WinXP_SignOrSeal.reg - thanks
Sascha), but I still get the same "Access Denied" when I try to change
from Workgroup to Domain, and log on from my desktop machine.

I've also tried to log on with the new user (frode) from my laptop, but
get the message: "A device attached to the system is not functioning."
As I wrote earlier I have a working another domain user (anna) on the
laptop, but am unsuccessful in adding more.

Any more suggestions? Could it be something with using a samba-command
to add the machine?

Frode
System Administrator

|-----Original Message-----
|From: samba-bounces+samba=lillerud.no at lists.samba.org [mailto:samba-
|bounces+samba=lillerud.no at lists.samba.org] On Behalf Of Radio Gong 2000
|GmbH & Co. KG [Technik]
|Sent: 26. mars 2004 10:29
|To: samba at lists.samba.org
|Subject: Re: [Samba] XP gives Access denied for domain logon
|
|Did you apply the SIGN-OR-SEAL-Patch for the registry?
|
|Am Freitag, 26. März 2004 10:21 schrieb Frode Lillerud:
|> Samba 3.0.2a-Debian
|>
|> I have a somewhat working PDC server, but have some difficulties
adding
|> more users. I managed to create a user, anna, a couple of days ago,
it
|> she works fine from my wireless laptop.
|>
|> To sort out some problems I have with the logon.bat script [see
|> sambalist "Netlogon script executes randomly"], I am also including
my
|> desktop computer to the domain.
|>
|> I've run the following commands on the server:
|> useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s
|> /bin/false frode
|> and
|> smbpasswd -a frode
|> and
|> net groupmap modify ntgroup="Domain Users" unixgroup=users
|>
|> When I switch the XP computer from workgroup to domain I get a popup
box
|> for username/password for the domain. Here I write username frode,
and
|> the password I set with smbpasswd.
|>
|> XP responds with a "Access denied" message.
|>
|> The samba logfile says:
|> [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305)
|>   check_ntlm_password:  authentication for user [frode] -> [frode] ->
|> [frode] succeeded
|> [2004/03/26 10:16:03, 2]
|> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
|>   Returning domain sid for domain ISENGARD ->
|> S-1-5-21-2641962930-4089608471-2571597100
|> [2004/03/26 10:16:03, 2]
|> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
|>   _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
|> [2004/03/26 10:16:03, 2]
|> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
|>   Returning domain sid for domain ISENGARD ->
|> S-1-5-21-2641962930-4089608471-2571597100
|> [2004/03/26 10:16:03, 2]
|> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
|>   _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
|> 0x00000010)
|> [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558)
|>   Closing connections
|>
|> My smb.conf:
|> # Setting up Samba 3.0 as a Primary Domain Controller
|>
|> [global]
|>     # Server settings
|>     netbios name = sauroman
|>     workgroup = ISENGARD
|>     server string = Testing PDC
|>     security = user
|> #   guest account = smbguest
|>     encrypt passwords = yes
|>
|>     # PDC settings
|>     domain logons = yes
|>     logon script = newlog.bat
|>
|>     # Browser and WINS settings
|>     domain master = yes
|>     local master = yes
|>     preferred master = yes
|>     os level = 255
|>     wins support = yes
|>
|>     # Other services
|>     time server = yes
|>
|>     # Debugging and Logging
|>     log level = 2
|>     log file = /tmp/samba_%m.log
|>     max log size = 1000 #1MB
|>     debug timestamp = yes
|>     syslog = 1
|>
|> [netlogon]
|>     path = /var/lib/samba/netlogon
|>     browseable = yes
|>     writable = yes # set this to no again!
|>
|> [homes]
|>     comment = Home for %u
|>     writeable = yes
|>     browseable = no
|> ;   map archive = yes   ;?
|
|--
|Mit freundlichen Grüssen
|
|Sascha Bieler
|_______________________________________________
|Radio Gong 2000 GmbH & Co. KG
|Sascha Bieler
|Technischer Leiter
|Franz-Joseph-Strasse 14
|80801 München
|
|Tel.: +49 89 38 166 181
|Fax.: +49 89 38 166 180
|--
|To unsubscribe from this list go to the following URL and read the
|instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list