[Samba] Intermittent failed logon for one computer

Skip Morrow skip-samba at pelorus.org
Sun Nov 21 00:30:11 GMT 2004


Does anyone have any suggestions to deal with this?  I too am having
this same inconsistent behavior.  I am not using LDAP.  I am using
security=user.

Skip

On Wed, 2004-11-17 at 14:21 -0500, Nathan Benson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> hi Dan,
> 
> i too am having the same problems with 3.0.7.  things have been
> functioning fine for over a month when my (other) workstation gave me
> the same error.  my only difference is i am using LDAP to store all the
> ~ information.
> 
> zero changes had been made to my workstation's LDAP entry when this
> happened.  i logged in as myself locally (instead of domain logon),
> changed network settings from domain to workgroup (i kept the same
> name).  once i was welcomed to the workgroup, i went back in and changed
> it back to domain.  i then used the admin username/password to add
> myself back to the domain.  i have had no problems with my workstation
> since then.
> 
> i thought it might be some random occurance until two other people had
> the same problem today.  so, like you i am on a quest for answers.  i
> will certainly let you know if/when i figure out what is going on.
> 
> so to those reading this, any ideas/suggestions would be most welcome.
> 
> regards,
> 
> nb
> 
> 
> P.S. - i am not running ncsd, i don't even have it installed.
> 
> Daniel Gapinski thus spake on 10/18/2004 11:32 AM:
> | Hello,
> |
> | We have been using Samba 3.0.7 for almost a month now, and today marks
> | the second time that I see a machine (one out of twelve on our network"
> | that gives this error when I log in:
> |
> |  "The system cannot log you on to this domain because the system's
> | computer account in its primary domain is missing or the password on
> | that account is incorrect."
> |
> | Last time this happened, I thought it might be a problem with that
> | computer needing to be removed and then rejoined to the domain, which
> | didn't work (the user still was not able to log on), and then half an
> | hour later, the user could log on again.
> |
> | Can anybody tell me what might be wrong - on other posts it looks like a
> | problem with the guest account (nobody), but specifying the nobody
> | account as guest doesn't seem to help (though I did check to make sure
> | that a nobody account in fact existed).
> |
> | I should mention that the 2 computers that had this problem are on a
> | subnet (192.168.1.0). I am sending my smb.conf as a post script. Thanks
> | for your help!!!
> |
> | My best,
> | Dan Gapinski
> |
> | [global]
> | ;++++++++++++++++++++++++
> | ;+ Server Settings      +
> | ;++++++++++++++++++++++++
> |  workgroup = QUASAR
> |  netbios name = Jupiter
> |  server string = QSI Office Server %v
> |  hosts allow = 192.168.1. 192.168.0. 192.168.2. 192.168.3. 192.168.4.
> | 127.0.0.1
> |  log level = 2
> |  log file = /var/log/samba/%m.log
> |  max log size = 0
> |  time server = yes
> |
> | ;++++++++++++++++++++++++
> | ;+ Domain Settings      +
> | ;++++++++++++++++++++++++
> |  os level = 35
> |  domain logons = yes
> |
> | ;++++++++++++++++++++++++
> | ;+ Browse Settings      +
> | ;++++++++++++++++++++++++
> |  domain master = yes
> |  local master = yes
> |  preferred master = yes
> |  remote browse sync = 192.168.1.255 192.168.2.255 192.168.3.255
> | 192.168.4.255
> |  remote announce = 192.168.1.255 192.168.2.255 192.168.3.255
> | 192.168.4.255
> |
> | ;++++++++++++++++++++++++
> | ;+ WINS Settings      +
> | ;++++++++++++++++++++++++
> |  wins support = yes
> |  guest ok = yes
> |  dns proxy = no
> |
> | ;++++++++++++++++++++++++++++++++
> | ;+ User and Security Settings   +
> | ;++++++++++++++++++++++++++++++++
> |  logon drive = z:
> |  logon home =
> |  logon path =
> |  encrypt passwords = yes
> |  smb passwd file = /etc/samba/smbpasswd
> |  username map = /etc/samba/smbusers
> |  min password length = 3
> |  guest account = nobody
> |
> | ;++++++++++++++++++++++++++++++++++++++++++++++
> | ;+ added 10-Sep-2003 for file server support  +
> | ;++++++++++++++++++++++++++++++++++++++++++++++
> | # admin users = @public
> |  nt acl support = yes
> |  security mask = 0777
> |  force security mode = 0
> |  directory security mask = 0777
> |  force directory security mode = 0
> |
> | ;++++++++++++++++++++++++++
> | ;+ Management Scripts   +
> | ;++++++++++++++++++++++++++
> |  add user script = /usr/sbin/useradd -m %u
> |  delete user script = /usr/sbin/userdel -r %u
> |  add group script = /usr/sbin/groupadd %g
> |  delete group script = /usr/sbin/groupdel %g
> |  add user to group script = /usr/sbin/usermod -G %g %u
> |  add machine script = /usr/sbin/useradd -d /dev/null -g machines -s
> | /bin/false -M %u
> |
> | ;++++++++++++++++++++++++++
> | ;+ Logon Scripts   +
> | ;++++++++++++++++++++++++++
> | # NOTE: SAMBA CAN ONLY RUN ONE SCRIPT AT A TIME!
> | # run a general logon batch file for everyone
> |  logon script = logon.bat
> | # run a specific logon batch file per workstation (machine)
> | #    logon script = %m.bat
> | # run a specific logon batch file per username
> | #    logon script = %U.bat
> |
> | ;++++++++++++++++++++++++++
> | ;+ General Share Settings +
> | ;++++++++++++++++++++++++++
> |  preserve case = yes
> |  short preserve case = no
> |  default case = lower
> |  case sensitive = no
> |
> | (then the share settings...)
> 
> - --
> Nathan Benson
> http://sourcefire.com/
> 
> 1C1A F2C1 82AD F75F 9B6B  E501 0D73 DC9B E96B DD96
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
> iD8DBQFBm6TEDXPcm+lr3ZYRAjaoAJ0RTBM6qHjugMGKRCnp7wh1vuZVjwCgjLML
> Tl2RAhAbO1FSk2PMNIN2Thg=
> =dCdi
> -----END PGP SIGNATURE-----



More information about the samba mailing list