[Samba] Re: Can join domain; can't logon
Chris St. Pierre
stpierre at NebrWesleyan.edu
Fri Oct 8 20:46:14 GMT 2004
That code hack was designed to be temporary, so that I could make sure
everything else worked (it didn't) in the mean time before I got a fix
for this problem.
Anyhow, that looks like it could work. In the upgrade from 2.2.8, I
had left that attribute as just "acctFlags". Unfortunately, I can't
test for the moment, since, after the upgrade, I've been unable to
join the domain. Ironically, my problem is now reversed: I can't
join the domain, but if I could, I could probably login.
Thanks for all your help; I'm going to grind away at my current
problem for a while.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Fri, 8 Oct 2004, Igor Belyi wrote:
>Chris St. Pierre wrote:
>> I did some further investigation, and it appears that in the
>> conditional on lines 250-254 of rpc_server/srv_netlog_nt.c in
>> get_md4pw() is where the failure point is. Namely, the account is not
>> disabled, and the pass is not null, but none of the trust checks pass.
>> (acct_ctrl == 16). I put a quick hack in pdb_get_acct_ctrl() on line
>> 45 of passdb/pdb_get_set.c ("return ACB_WSTRUST;") to get past this
>> immediate problem; it worked, but logins still don't work. There's
>> some sort of problem with credentials that I've been trying to work
>I would recommend to change account to be Workstation account instead of
>hacking the code. :o)
>sambaAcctFlags: [W ]
>Just a note: when creating machine account with smbldap-useradd.pl by hand use
>-w option instead of -a - just like the one used in your smb.conf.
>Another note: despite what you heard it's quite possible to put machine
>accounts in a separate LDAP directory.
>Let me know if you still have problems.
>To unsubscribe from this list go to the following URL and read the
More information about the samba