[Samba] Re: Can join domain; can't logon
Igor Belyi
sambauser at katehok.ac93.org
Fri Oct 8 16:08:06 GMT 2004
Chris St. Pierre wrote:
>I did some further investigation, and it appears that in the
>conditional on lines 250-254 of rpc_server/srv_netlog_nt.c in
>get_md4pw() is where the failure point is. Namely, the account is not
>disabled, and the pass is not null, but none of the trust checks pass.
>(acct_ctrl == 16). I put a quick hack in pdb_get_acct_ctrl() on line
>45 of passdb/pdb_get_set.c ("return ACB_WSTRUST;") to get past this
>immediate problem; it worked, but logins still don't work. There's
>some sort of problem with credentials that I've been trying to work
>out.
>
>
I would recommend to change account to be Workstation account instead of
hacking the code. :o)
> ldapmodify
dn: uid=guinea-pig$,ou=people,o=nebrwesleyan.edu,o=isp
changetype: modify
replace: sambaAcctFlags
sambaAcctFlags: [W ]
Just a note: when creating machine account with smbldap-useradd.pl by
hand use -w option instead of -a - just like the one used in your smb.conf.
Another note: despite what you heard it's quite possible to put machine
accounts in a separate LDAP directory.
Let me know if you still have problems.
Igor
More information about the samba
mailing list