[Samba] Re: Can join domain; can't logon

[Chris St. Pierre]

That code hack was designed to be temporary, so that I could make sure
everything else worked (it didn't) in the mean time before I got a fix
for this problem.

Anyhow, that looks like it could work.  In the upgrade from 2.2.8, I
had left  that attribute as just "acctFlags".  Unfortunately, I can't
test for the moment, since, after the upgrade, I've been unable to
join the domain.  Ironically, my problem is now reversed: I can't
join the domain, but if I could, I could probably login.

Thanks for all your help; I'm going to grind away at my current
problem for a while.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Fri, 8 Oct 2004, Igor Belyi wrote:

>Chris St. Pierre wrote:
>
>> I did some further investigation, and it appears that in the
>> conditional on lines 250-254 of rpc_server/srv_netlog_nt.c in
>> get_md4pw() is where the failure point is.  Namely, the account is not
>> disabled, and the pass is not null, but none of the trust checks pass.
>> (acct_ctrl == 16).  I put a quick hack in pdb_get_acct_ctrl() on line
>> 45 of passdb/pdb_get_set.c ("return ACB_WSTRUST;") to get past this
>> immediate problem; it worked, but logins still don't work.  There's
>> some sort of problem with credentials that I've been trying to work
>> out.
>>  
>I would recommend to change account to be Workstation account instead of
>hacking the code. :o)
>
>> ldapmodify
>dn: uid=guinea-pig$,ou=people,o=nebrwesleyan.edu,o=isp
>changetype: modify
>replace: sambaAcctFlags
>sambaAcctFlags: [W          ]
>
>Just a note: when creating machine account with smbldap-useradd.pl by hand use
>-w option instead of -a - just like the one used in your smb.conf.
>Another note: despite what you heard it's quite possible to put machine
>accounts in a separate LDAP directory.
>
>Let me know if you still have problems.
>Igor
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>