[Samba] unsuccessful domain logon on WinXP with nss-mysql

Zoltán Kovács kovzol at gmail.com
Sat Dec 17 00:00:05 GMT 2005

Dear Colleagues,

I successfully installed Samba-3.0.14a-Debian for a set of Windows 98
workstations for ~900 users in a grammar school in Hungary. I am using
nss-mysql-1.0 for authentication and Samba also uses it perfectly.
Unfortunately, I have no success in the same network under Windows XP. If I
try to use standard Unix authentication via /etc/{passwd,shadow,group}, then
I also have correct behaviour under Windows XP workstations, too, with
successful domain logon: I add a machine as a user to the system (with
"useradd -a WORKSTATION_NAME\$") and after I logon under Windows XP, Samba
correctly generates an smbpasswd entry for my workstation.

I also tested what exactly happens if I try to use nss-mysql and Windows XP
domain logon. First of all, I have strange SQL inserts towards the database.
These strange inserts usually contain very few columns, and in most cases
the user_id, username and similar important columns are totally missing. The
strangest case was that an insert was sent which contained only one column,
it was for account control (acct_ctrl) and it contained the number 129. I am
afraid that this configuration (nss-mysql with Windows XP domain logon +
Samba) is not supported currently by Samba, or is totally broken.

I get all kind of strange error messages in Windows XP if I try to set the
domain. After forcing the data in the SQL server for the root Samba user and
for my workstation, I can convince the workstation to add the domain to the
logon list (so I get the "Welcome to the domain" message), however I still
cannot logon to the domain after rebooting. (Forcing means that I am trying
to generate user and group sid values and I also try to hack the account
control bits, in addition I also try to fill in the domain column by hand.
Of course I'm not sure that I fill in them correctly, because I haven't
studied Samba technical internals yet.)

Does anybody have a similar configuration?

What I really need is Samba + some kind of MySQL authentication. (I don't
want to store the information about those 900 users twice on the system.) So
if you can recommend anything else instead of nss-mysql (if it is not
supported for Samba+WinXP), I would appreciate your suggestion very much.
But the best would be if someone could point out that I did some
misconfiguration. I can send log files and also the SQL entries if it is
also needed for further investigation.


Zoltan Kovacs

Kovács Zoltán, http://particio.com/~kovzol

More information about the samba mailing list