[Samba] Terminal server login problem

Wim verhoogt wimverh at myrealbox.com
Mon Jun 27 18:35:09 GMT 2005 

Hi all,

I have a strange problem with the combination of Win2k3 and Samba. The 
samba server is configured as a PDC, the terminal server as a member of 
the domain. Logging in from the terminal server console with a domain 
userid works; logging in from a terminal server session from the same 
machine fails with the message: "The system can not log you on due to 
the following error: The specified domain either does not exist or could 
not be contacted.". Logging in to local accounts works. Mapping shares 
to the Samba server also works.
I've googled and found some references to mismatched signing and 
encryption settings, but I've tried all combinations to no avail 
(including the SignOrSeal registry patch).

Following are two level 10 logs, one OK login from the console and one 
failed login from a terminal server session. (both very long ...)

Versions: Win2K3 SP1, 15 TS CAL's (also tested without the service pack; 
same results).
Samba: Version 3.0.14a-Debian (on a freshly installed Debian Sarge box).

The configuration file:
==============
[global]
        workgroup = SAHIN
        server string = %h server (Samba %v)
        obey pam restrictions = Yes
        passdb backend = tdbsam, guest
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
        debug level = 10
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        add machine script = /usr/sbin/adduser --ingroup NTMachines 
--home /dev/null --shell /bin/false \ --disabled-password --firstuid 500 
--lastuid 600 --force-badname --gecos machaccount %u
        domain master = Yes
        dns proxy = No
        wins support = Yes
        domain logons = yes
        os level = 60
        client signing = auto
        client schannel = auto
        server signing = auto
        server schannel = auto
        logon drive = H:
        logon home =
        logon path = \\%L\profiles
        logon script = logon.cmd
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        printer admin = @NTAdmin
        username map = /etc/samba/usermap

[homes]
        comment = Network Logon Service
        create mask = 0700
        directory mask = 0700
        guest ok = Yes
        browseable = No
        share modes = No

[profiles]
        path = /home/users/%u/.NTprofile
        read only = no
        create mask = 0600
        directory mask = 0700
#       profile acls = yes

[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers
        write list = root, @NTAdmin

[netlogon]
        comment = Logon scripts
        path = /home/netlogon
        write list = @NTAdmin,root

Level 10 log of failing session at: http://www.verhoogt.net/faillog.txt
Level 10 log of succeeding session at: http://www.verhoogt.net/oklog.txt

TIA

Wim Verhoogt

More information about the samba mailing list