[Samba] Can auth with smbclient, but not workstation.

Allen Bolderoff allen at gist.net.au
Thu Oct 20 02:51:34 GMT 2005 

We have a setup (that has worked since samba 3 was released), where we
have a windows 2000 ADC, and a debian sarge based (running all current
patches and only Debian packages (nothing related to samba/winbind is
compiled by us) samba 3.0.xx server set up with winbind/pam to act as a
domain member serving files, whilst authenticating from our Windows ADC.

- so what happens is... Ctrl-alt-del, login credentials are supplied,
client goes to ADC, authenticates, gets given logon script, which then
attaches drives and pulls profile from the samba server to the client-
not rocket science - it just works, or at least it used to.

Things have been working fine for the last 2 years or so. We are very
happy - so thanks for all of you guys' hard work - you know who you
are....

Now, what has happened is that recently we have experienced a situation
where Windows XP Laptops (desktops are fine) are effectively failing to
authenticate to the Samba server. 

So, what happens is we connect to the ADC as per normal, scripts get
run, and all of a sudden we are getting error messages pop up about
roaming profile not being available due to Username or Password not
being valid.

We get system error 1326 whilst trying to reconnect to shared drives
from the Samba server.

What we know:

- The user can log on from a workstation no problems.
- Password is up to date on all users.
- User can access the ADC once logged in with no problems and is
authenticated without probs. (profile is stored on samba file server)
- If we run smbclient -Uusername%pass //sambaserver/datashare we connect
fine. 
- wbinfo -a username%pass authenticates fine.
- *if* we try to connect directly to the samba server using "net use"
from the client, we get "user no known or wrong password" style errors.
- If we try to connect via explorer - username and password is rejected.


Does anyone have any ideas? 

What are the appropriate logs and files you want to see in order to help
us with this problem? I have quite a large range of log files, including
winbindd logs, samba logs in %m.%U format...

Thanks

Allen Bolderoff

More information about the samba mailing list