[Samba] Re: Can join domain; can't logon

Igor Belyi sambauser at katehok.ac93.org
Fri Oct 8 16:08:06 GMT 2004

Chris St. Pierre wrote:

>I did some further investigation, and it appears that in the
>conditional on lines 250-254 of rpc_server/srv_netlog_nt.c in
>get_md4pw() is where the failure point is.  Namely, the account is not
>disabled, and the pass is not null, but none of the trust checks pass.
>(acct_ctrl == 16).  I put a quick hack in pdb_get_acct_ctrl() on line
>45 of passdb/pdb_get_set.c ("return ACB_WSTRUST;") to get past this
>immediate problem; it worked, but logins still don't work.  There's
>some sort of problem with credentials that I've been trying to work
I would recommend to change account to be Workstation account instead of 
hacking the code. :o)

 > ldapmodify
dn: uid=guinea-pig$,ou=people,o=nebrwesleyan.edu,o=isp
changetype: modify
replace: sambaAcctFlags
sambaAcctFlags: [W          ]

Just a note: when creating machine account with smbldap-useradd.pl by 
hand use -w option instead of -a - just like the one used in your smb.conf.
Another note: despite what you heard it's quite possible to put machine 
accounts in a separate LDAP directory.

Let me know if you still have problems.

More information about the samba mailing list